On Jul 11, 2010, at 1:16 PM, Ben Laurie wrote:

Beyond simple hacking - someone is quoted saying "You can consider GPS a little like computers before the first virus - if I had stood here before
then and cried about the risks, you would've asked 'why would anyone
bother?'." - among the possible vulnerabilities are to high-value cargo, armored cars, and rental cars tracked by GPS. As we build more and more
"location-aware" services, we are inherently building more
"false-location-vulnerable" services at the same time.

Most location-aware services should not care whether the location is
real or false, for privacy reasons. Agree about the issue of
high-value cargo (but I guess they'll just have to use more reliable
mechanisms, like maps and their eyes), don't care about rental cars.
I have no clue what "most" location-aware services will be in a year, much less in five or ten years. Sure, if you think that the dominant role for such services will be targeted advertising to people passing by storefronts, then it makes little difference if the location is wrong, except perhaps to the stores (and hence the viability of such services) if grossly incorrect information becomes commonplace. But if the service is "find me the hospital I can get to fastest, given current road conditions", the cost of error may be rather higher.

Privacy is an entirely distinct issue. At the least, services in which I compute something from my location and data I've pre-loaded for a reasonably large area - without ever revealing my location to someone else - have no privacy implications at all. (Note that I've described the characteristics of most GPS units sold today.) But it's easy to come up with examples where such a location-aware service becomes dangerously vulnerable - and perhaps dangerous - if it is fed incorrect location information.

How much and how often I share my own location information, under what conditions, and what I get in return, are all very much up in the air - though if we don't address them, they will default to "fairly precise location information, fairly frequently, with few usage restrictions, for little I want". But the inherent vulnerability to falsified information is an inherent part of coming up with any valuable use of true information, no matter what privacy policies we agree on.
                                                        -- Jerry

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to