locating via GSM, revisited
joerg at openmoko.org
joerg at openmoko.org
Tue Apr 22 12:35:28 CEST 2008
Am Di 22. April 2008 schrieb Harald Welte:
> On Mon, Apr 21, 2008 at 05:59:29PM +0800, joerg at openmoko.org wrote:
> > Am Mo 21. April 2008 schrieb Werner Almesberger:
> > > joerg at openmoko.org wrote:
> > > > For many countries there are ageold databases created by hobbyists
> > > > antenna-spotting. In Germany, carrier O2 sends quite exact
> > > > coordinates on CBC 221 for each of his stations.
> > >
> > > Okay, that's good. So we can have a comprehensive geographical database
> > > we can put our "GSM n-space" in relation to. (Although no motivation
> > > was ever stated, I'm assuming here that the goal of the whole exercise
> > > is to avoid using GPS. Thus we can't correlate vectors we measure in
> > > GSM n-space to 2D or 3D real-world vectors we measure with GPS.)
> > >
> > > Is there something like openstreetmap with these antenna locations or
> > > does one have to hunt and gather from scattered repositories ?
> > Dunno...
> At least in Germany the location of the cellular towers (especially
> combined with the information if they're GPRS, EDGE, UMTS or HSDPA) is
> considered a trade secret by the operator.
Quite obviously not for O2! They at least send Gauss-Krueger for every of
their BTS, and you may receive this with any simple cellphone. So which kinda
secret is this then?
> If you create free databases with that kind of stuff, be sure you have
> sufficient stack to fight the legal battles.
I am no lawyer, and well
on high sea and at high court
we're all in the hands of the Lord
But believe me, from my experience with German justice and legislative to me
it seems extremely unlikely you get prosecuted or involved in a legal battle,
just for publishing things like
>''My D1 been showing maximum signal strength at (GPS)xxNorth,yyWest.
> There's an antenna on the roof of this house as well''.
As long as you can legally acquire the info (you also might use a map and a
photocamera with tagging), and it's not offensive nor copyrighted or mere
false, you very usually may publish it whereever and in any amount you like.
For *sure* we will get away with fingerprinting like it's done with wifi
positioning. And above quoted info isn't anything else than just fingerprint
of a certain place.
Using TimeAdvance value (to calculate distance to BTS) is a strictly
Freerunner/Diversity (any other MS) _local_ thing and shouldn't bother at
all, as long as we don't include this to the fingerprint we push to the
In the end we get a "max RF-intensity" fingerprint (or the center of a couple
of those) for each and every BTS, what turns out to be exactly the same info
you would expect to see in an ordinary ["BTS-ID"*; "Longitude","Latitude"]
Some countries even have databases maintained and published by some
official "FCC" authority, where you can query exact position plus additional
data (like e.g. RF-power, Frequency...) of any BTS. Don't remember whether
this was exactly Switzerland, Austria, Germany or sth...
Highly problematic it seems to me to do this forced cell reselect thing to get
TA for other than the current (most nearby) cell, the function named "BTS
test" on Nokia monitor [Display 17]. Probably that's about as illegal as
using police frequencies to mess around with, or creating your own
TV-station. In the end they might accuse you for tearing down the whole GSM
network by fraudulent or abusive usage.
More information about the openmoko-kernel