On Wed Sep 17 18:43:32 2014, [email protected] wrote: > Andrea Veri via RT wrote: > > > 1. this is probably going to fix the problem half way as the > > coordinates between the GNOME servers and the provider themselves > > will still be unencrypted. > > > > 2. the only way to have the issue completely fixed would be looking > > for providers offering TLS by default. > > I believe this will nevertheless quite improve the situation as the > results can be cached.
We aren't discussing performance of the service on this ticket but the security of it instead from what I've understood. Security speaking this change won't improve the current situation at all, a few questions: > > if that's the case then the gnome-weather app is > > just going to transmit the coordinates of a specific city and not > > the home/work location itself. (which would be the case for me to > > start worrying about my location being sniffed, and additionally if > > someone is able to sniff my location it means it sits on the same > > network as I do (like for the GUADEC example mentioned on the bug > > report [1]) and that just means that I know where that person is > > already) > > You would sniff the locations that have been set, most likely this > will not contain only the GUADEC host city, but also the user home > town or previous holiday spot (to use an example from the locations I > have in mine). Yes, so the location of the town will be sniffed and not the location of the house / flat the user really resides so from my understanding the sniffer can eavesdrop the following details: 1. the city registered on the gnome-weather app (which might be different from the real location of the user) what it can't sniff: 1. the location of the home/flat of the user that made the request 2. the name / surname of the user I honestly would be scared about someone being able to sniff my name/surname/home address information but those details alone are definitely useless as the sniffer can't build such combination of details on its own. And can we even consider it a breach of the privacy of our users? I honestly don't think so as the app itself just provides the coordinate of a city, what else? As an example: """The user is not safe even if you don't have geolocation. right now in the GUADEC wifi I can sniff the traffic and see everyone's home/work coordinates. Combined with some more data mining techniques I could attach this information to individuals. This is no good.""" What data mining techniques are we talking about? probably the fact he personally knows certain people and might be able to guess the city foo is located in Italy or Germany? I'm also CCIng him on this thread as he was the original bug reporter. cheers, -- Andrea, GNOME Sysadmin GNOME Accounts Team GNOME Membership & Elections Committee Chairman ---------------------------------------------------- This message was sent via GNOME.org Request Tracker. _______________________________________________ gnome-infrastructure mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-infrastructure
