[Battlemesh] Linksys promises not to block free firmware

David Lang david at lang.hm
Mon May 16 08:26:54 UTC 2016 

On Mon, 16 May 2016, Mitar wrote:

> Hi!
>
>> Unless the database is managed by an organization that is completely
>> outside of the juristictions, they could still be served by a court
>> order to provide location tracking of someone.
>
> Not sure if there has to be an organization. And there are some
> decentralized technologies around which could help here. IPFS, for example.
>
>> that doesn't solve the court order problem.
>
> How not? You have to give court order to multiple people from multiple
> countries. Good luck with that.

Running a database is going to take money for equipment. Who handles the money, 
they are vulnerable (see the lavabits case from a couple years ago).

Also remember that we are looking to build something that has credibility to the 
FCC (and probably eventually similar organizations in other countries), We are 
going to need more than just technical resources, we will need to have people 
meet with FCC officials to convince them that this is useful and solves their 
problem.

It's hard to do this with a nebulous organization. I think it's much better to 
build something that doesn't store data that can be misused rather than try to 
store it and only access it in 'legtimate' ways.


As I said to start with, I don't think trying to poison the database is a very 
effective attack to start with.

let's walk through the possible ways to send false reports.

1. false 'nothing here' reports.

   This will not affect any mapping/reports of 'I saw something here', it will 
just make it look like coverage in that area was better than it was.

Who cares??

2. false 'I saw something here' reports.

2a. false reports in the area of a bad actor

   These just draw more attention to the area and make it more likely that the 
FCC would send out detector vans to the area to find out what's what.


2b. false reports in other areas

   These would be ignored if they are not in an area that could cause problems. 
Remember that for the radar problem, you have to be very near one of the 50 
airports that have such a system, and even there, some channels are OK.

Also remember that legitimate reports are going to show up over a long 
timeframe, someone trying to poison the database would have to continue to send 
their bad reports, and send them in a consistant way or else any sort of 
correlation over time will filter them out.


In practice, I expect that false reports eat up some database space and nothing 
else.

David Lang

More information about the Battlemesh mailing list