locating via GSM, revisited

joerg at openmoko.org joerg at openmoko.org
Tue Apr 22 12:35:28 CEST 2008

Am Di  22. April 2008 schrieb Harald Welte:
> On Mon, Apr 21, 2008 at 05:59:29PM +0800, joerg at openmoko.org wrote:
> > Am Mo  21. April 2008 schrieb Werner Almesberger:
> > > joerg at openmoko.org wrote:
> > > > For many countries there are ageold databases created by hobbyists 
> > > > antenna-spotting. In Germany, carrier O2 sends quite exact 
> > > > coordinates on CBC 221 for each of his stations.
> > > 
> > > Okay, that's good. So we can have a comprehensive geographical database
> > > we can put our "GSM n-space" in relation to. (Although no motivation
> > > was ever stated, I'm assuming here that the goal of the whole exercise
> > > is to avoid using GPS. Thus we can't correlate vectors we measure in
> > > GSM n-space to 2D or 3D real-world vectors we measure with GPS.)
> > > 
> > > Is there something like openstreetmap with these antenna locations or
> > > does one have to hunt and gather from scattered repositories ?
> > 
> > Dunno...
> At least in Germany the location of the cellular towers (especially
> combined with the information if they're GPRS, EDGE, UMTS or HSDPA) is
> considered a trade secret by the operator.
Quite obviously not for O2! They at least send Gauss-Krueger for every of 
their BTS, and you may receive this with any simple cellphone. So which kinda 
secret is this then?

> If you create free databases with that kind of stuff, be sure you have
> sufficient stack to fight the legal battles.

I am no lawyer, and well
on high sea and at high court
we're all in the hands of the Lord
But believe me, from my experience with German justice and legislative to me 
it seems extremely unlikely you get prosecuted or involved in a legal battle, 
just for publishing things like 
>''My D1 been showing maximum signal strength at (GPS)xxNorth,yyWest. 
> There's an antenna  on the roof of this house as well''. 
As long as you can legally acquire the info (you also might use a map and a 
photocamera with tagging), and it's not offensive nor copyrighted or mere 
false, you very usually may publish it whereever and in any amount you like.

For *sure* we will get away with fingerprinting like it's done with wifi 
positioning. And above quoted info isn't anything else than just fingerprint 
of a certain place. 
Using TimeAdvance value (to calculate distance to BTS) is a strictly 
Freerunner/Diversity (any other MS) _local_ thing and shouldn't bother at 
all, as long as we don't include this to the fingerprint we push to the 
In the end we get a "max RF-intensity" fingerprint (or the center of a couple 
of those) for each and every BTS, what turns out to be exactly the same info 
you would expect to see in an ordinary ["BTS-ID"*; "Longitude","Latitude"] 
Some countries even have databases maintained and published by some 
official "FCC" authority, where you can query exact position plus additional 
data (like e.g. RF-power, Frequency...) of any BTS. Don't remember whether 
this was exactly Switzerland, Austria, Germany or sth...

Highly problematic it seems to me to do this forced cell reselect thing to get 
TA for other than the current (most nearby) cell, the function named "BTS 
test" on Nokia monitor [Display 17]. Probably that's about as illegal as 
using police frequencies to mess around with, or creating your own 
TV-station. In the end they might accuse you for tearing down the whole GSM 
network by fraudulent or abusive usage.


More information about the openmoko-kernel mailing list