[Battlemesh] Linksys promises not to block free firmware

[David Lang]

The server side of this is rather simple, a Postgress GIS to store the reports. 
A small daemon to receive the reports, and then some sort of map to display the 
reports. This could be run on anyone's system to start with, and move if/as it 
becomes too popular.

The reporting side is probably not that hard for someone who is good with app 
development. Every X minutes, it needs to get low-resolution location 
information, scan the wireless for SSID broadcasts on a set of channels (long 
term, this set will vary based on your location), and send a report of what it 
finds. I'm thinking that the report could be as simple as a UDP packet 
containing JSON data (anycast friendly), but things can be flexible.

lightweight, small, low impact on power and data, minimal GUI (redirect to a web 
page for viewing data)

Once a PoC is built, then we can start getting some people to use it and have a 
demo that can be used to get long-term sponsorship of this and start talking to 
the FCC to see if they are receptive to the idea.

Then there would be a scale-up and publicity campaign to get more people to 
install the app.

David Lang



On Mon, 16 May 2016, Mitar wrote:

> 
> Hi!
>
> OK, I agree. Let's start simple.
>
>
> Mitar
>
>> On Mon, 16 May 2016, Mitar wrote:
>>
>>> Hi!
>>>
>>>> Unless the database is managed by an organization that is completely
>>>> outside of the juristictions, they could still be served by a court
>>>> order to provide location tracking of someone.
>>>
>>> Not sure if there has to be an organization. And there are some
>>> decentralized technologies around which could help here. IPFS, for
>>> example.
>>>
>>>> that doesn't solve the court order problem.
>>>
>>> How not? You have to give court order to multiple people from multiple
>>> countries. Good luck with that.
>>
>> Running a database is going to take money for equipment. Who handles the
>> money, they are vulnerable (see the lavabits case from a couple years ago).
>>
>> Also remember that we are looking to build something that has
>> credibility to the FCC (and probably eventually similar organizations in
>> other countries), We are going to need more than just technical
>> resources, we will need to have people meet with FCC officials to
>> convince them that this is useful and solves their problem.
>>
>> It's hard to do this with a nebulous organization. I think it's much
>> better to build something that doesn't store data that can be misused
>> rather than try to store it and only access it in 'legtimate' ways.
>>
>>
>> As I said to start with, I don't think trying to poison the database is
>> a very effective attack to start with.
>>
>> let's walk through the possible ways to send false reports.
>>
>> 1. false 'nothing here' reports.
>>
>>   This will not affect any mapping/reports of 'I saw something here', it
>> will just make it look like coverage in that area was better than it was.
>>
>> Who cares??
>>
>> 2. false 'I saw something here' reports.
>>
>> 2a. false reports in the area of a bad actor
>>
>>   These just draw more attention to the area and make it more likely
>> that the FCC would send out detector vans to the area to find out what's
>> what.
>>
>>
>> 2b. false reports in other areas
>>
>>   These would be ignored if they are not in an area that could cause
>> problems. Remember that for the radar problem, you have to be very near
>> one of the 50 airports that have such a system, and even there, some
>> channels are OK.
>>
>> Also remember that legitimate reports are going to show up over a long
>> timeframe, someone trying to poison the database would have to continue
>> to send their bad reports, and send them in a consistant way or else any
>> sort of correlation over time will filter them out.
>>
>>
>> In practice, I expect that false reports eat up some database space and
>> nothing else.
>>
>> David Lang
>> _______________________________________________
>> Battlemesh mailing list
>> Battlemesh at ml.ninux.org
>> http://ml.ninux.org/mailman/listinfo/battlemesh
>
>