Hi!

> Yes! Emphatically yes! This is an issue of people's safety. People will not
> reasonably expect that they are broadcasting their position

Except if you would have position of all clients on the map in real-time
on the mesh webpage. Then they would very easily see that it is clear
where they are. I think that by disabling batman-adv traceroute you are
promising better privacy, but not much. Very technical skilled person
can still retrieve the location (by measuring latency to all nodes and
to all MACs and see which one matches the most). Isn't it better that we
give up and say that we cannot really assure privacy so it is better
that you do it yourself, if you care? (And give some good ideas how to
do that?)

I had a long reply written out, but then I got an idea before hitting send:

  Can't we just modify batman-adv to rewrite MAC addresses on the fly? We would need to keep a mapping of MAC to fakeMAC for each client, but only for the directly connected clients, so the lookup and packet mangling should be fast.

--

Marc/Juul

 

> If we don't do anything about this issue then we are endangering
> people's personal safety.

The same argument then goes for people not encrypting their traffic.
Will we try to break things for them to have encrypted traffic?

So it is better that they believe that they are secure and private, but
in fact they are only to some degree and to exactly which degree they
are they will not understand?

> True. You'd need to use a batman-specific tool, but that's security by
> obscurity territory and it only takes one person to make a "find anyone's
> location" web app for that to break.

Why not disable batman-adv traceroute then? If and when this tool will
exist?

Mitar

--
http://mitar.tnode.com/
https://twitter.com/mitar_m

_______________________________________________
mesh mailing list
mesh@lists.sudoroom.org
http://lists.sudoroom.org/listinfo/mesh