I have been loosely following the discussions regarding privacy (I would love to have data available for offline use - the fact that I can't use the data offline is the one thing that is keeping me from contributing) and gave the issue of privacy vs. geolocation some thought. I would propose the following approach: Limit downloadable data to average WiFi positions, consisting of latitude, longitude and an identifier. The identifier would be a hash of the BSSID as well as rounded latitude and longitude values.
This would require a user to know their approximate location in order to look up their location based on nearby WiFi networks. An approximate location could be obtained using cell tower data. Having this restriction would make queries of the type "where did the access point with BSSID 00:BA:AD:C0:FF:FE move" impractical, as any single query of this kind would be limited to a narrow bounding box. The key parameter here is the size of the bounding box, or the resolution of lat/lon values fed into the hash, which would need to satisfy two criteria: * The coverage range of a cell tower should contain no more than a handful of bounding boxes (I would say between 4 and 9 in a city), so that a user would not need to calculate a large number of hashes per BSSID. * The bounding boxes should be small enough so that somebody moving house for reasons of security, even within the same metropolitan area, is likely to move to a different bounding box. A practical grid width might be .01 degrees for latitude, which is slightly less than a kilometer. For longitude things are a little more complicated - we would need to vary the longitudinal grid width based on latitude, keeping it around 1 km. Comments and discussions welcome! Michael On Tuesday, July 8, 2014 2:47:49 PM UTC+2, Gervase Markham wrote: > On 07/07/14 08:43, sam tygier wrote: > > > I suggest that something similar is done with the database download, by > > > only giving weak information about each hotspot. For example either its > > > latitude or longitude (depending on something deterministic such as the > > > last bit of the BSSID). Now an individual hotspot can't be located, but > > > a group known to be close together can. There are a few alternatives, > > > for example a hot spot could either be coarse (integer part of > > > coordinates) or fine (fractional part of coordinates), but I am not sure > > > this is any better. > > > > If you can provide a mathematically strong way of doing this, I for one > > would be most interested. (I'm not sure it's possible.) > > > > Gerv _______________________________________________ dev-geolocation mailing list [email protected] https://lists.mozilla.org/listinfo/dev-geolocation
