[Battlemesh] Linksys promises not to block free firmware
David Lang
david at lang.hm
Mon May 16 10:03:33 CEST 2016
On Sun, 15 May 2016, Mitar wrote:
> Hi!
>
> What about storing the database outside of jurisdictions which care?
Unless the database is managed by an organization that is completely outside of
the juristictions, they could still be served by a court order to provide
location tracking of someone.
>> If someone floods the database with negative reports, they won't matter
>> for someone who is looking at the positive reports.
>
> Storing IP could help remove floods of invalid reports once identified.
> But I would not expose them. But storing them for access only by admins
> might be OK? We could even have them encrypted with multi-key crypto so
> multiple admins from multiple countries would have to agree to decrypt
> some part of the data.
that doesn't solve the court order problem.
First off, we don't know that someone will try to poison the database. I don't
want to build something that can be used to track people's movements, or
identify that they are speeding, unless it's proven neccessary to do so.
I expect that if we do get attacks, we can probably deal with them at the
network layer rather than at the application layer (rate limit on source IP with
a window of a few minutes on a separate device that doesn't log the data for
example)
I also expect that removing things would be just choosing to ignore all reports
in a short time window (throwing out some legitimate reports, but if they are
legitimate, they will be found again)
The thing is, if someone really wants to poison something like this, all they
have to do is rent time on a botnet and they can hit the database with lots of
different IP addresses. In such an attack, authenticating the sources won't help
because each botnet source can get it's own identification.
David Lang
More information about the Battlemesh
mailing list