[Battlemesh] Linksys promises not to block free firmware

[David Lang]

On Sun, 15 May 2016, Mitar wrote:

> Hi!
>
> What about storing the database outside of jurisdictions which care?

Unless the database is managed by an organization that is completely outside of 
the juristictions, they could still be served by a court order to provide 
location tracking of someone.

>> If someone floods the database with negative reports, they won't matter
>> for someone who is looking at the positive reports.
>
> Storing IP could help remove floods of invalid reports once identified.
> But I would not expose them. But storing them for access only by admins
> might be OK? We could even have them encrypted with multi-key crypto so
> multiple admins from multiple countries would have to agree to decrypt
> some part of the data.

that doesn't solve the court order problem.

First off, we don't know that someone will try to poison the database. I don't 
want to build something that can be used to track people's movements, or 
identify that they are speeding, unless it's proven neccessary to do so.

I expect that if we do get attacks, we can probably deal with them at the 
network layer rather than at the application layer (rate limit on source IP with 
a window of a few minutes on a separate device that doesn't log the data for 
example)

I also expect that removing things would be just choosing to ignore all reports 
in a short time window (throwing out some legitimate reports, but if they are 
legitimate, they will be found again)

The thing is, if someone really wants to poison something like this, all they 
have to do is rent time on a botnet and they can hit the database with lots of 
different IP addresses. In such an attack, authenticating the sources won't help 
because each botnet source can get it's own identification.

David Lang