Hi!
I would like to add here another perspective. I see localization
possibilities of mesh networks as a feature and not a bug. I object to
being forced to not do good things because some other people are doing
bad things. If they can do that, they already won.
I see the localization possibilities as a feature which can empower
local communities, where users can get services and content based on
where in the mesh network they are. I see mesh networks as connections
between people. I see mesh networks as an interesting media where we can
again bring physical world into a virtual world, an interesting plane
in-between. In physical world when you laugh or scream, your sound
propagates only so much. In mesh networks it can be the same. When you
create some content, you could decide how far the content should go, one
hop, two hope, all the way to the Internet? In the Internet you have
that everything is one big soup and once it is in the Internet, it is
available to anybody. In mesh networks you have a net, each hop means
something and we can use and build upon that. Knowing where somebody is
is a part of being in the community. How can you be a good neighbor to
somebody if you do not know where your neighbor is? How can you open
doors to your neighbors if they do not know where you are? And sharing
and caring between neighbors and community is this important thing we
are forgetting. We are getting paranoid. We will rather live in sit in
bunkers alone instead of share and care and work together. Let them
track us, let them see that we are a community and that we are many and
that we are proud of being connected with the mesh network. And that we
have a right to tools and services which can be build in our network
because we can know where out friends and neighbors are.
Yes, all this can be misused. But it can also be beautiful.
Some more on this topic:
http://dev.wlan-si.net/wiki/PiplMesh
Mitar
Police, govt, and other evil adversaries are free to
setup their own
hardware, their own mesh, the idea is not to prevent this but to prevent
the use of good mesh networks for evil. I want to give more thought to
this subject sometime in the near future but for now this is what I have...
The major concern here (as I see it) is the persistence of MAC
addresses. The average user does not know how to change their MAC
address and in the case of most mobile devices it is not possible to
change the MAC address. We can ensure that IP addresses are cycled
frequent enough because we'll have control over a majority of the DHCP
servers on the mesh so I'll be focusing on MAC addresses.
In any local network a MAC address can be associated with network
traffic, the obvious solution here is to use encryption. The problem
with MAC addresses in a mesh network is that they could also be
associated with a location.
On any layer 2 network it is possible for any connected host to
determine the route to any other host using a MAC address as an
identifier. Because mesh nodes have a fixed (and likely known) physical
location it can be assumed that the last hop in the route corresponds to
the physical location of the specific host.
It is important to realize that only mesh nodes (access points) have
*potential* knowledge of signal strength and other 802.11 broadcast type
frames-- sure Oakland PD can setup a device to listen to all 802.11
traffic, but remember we're only focusing on how existing hardware can
be abused. So, one host *cannot* triangulate the location of another
host. *From the perspective of a host on the mesh, a host can only be
connected to one mesh node or disconnected from the network.* In the
context of physical location, the privacy of a host on the mesh is a
function of the area covered by the mesh node it is connected to.
To increase user privacy I would like to experiment with a MAC address
spoofing service that could run on mesh nodes or volunteer hosts. The
service would basically pretend to be just another host on the network
identified by some MAC address. The service could intelligently spawn
fake hosts depending on the number of other hosts connected to the
shared mesh node. Mesh nodes with fewer connected hosts need more
spoofed hosts to increase privacy, etc. But it is not that simple of
course, because spoofed MAC addresses need to persist just as legitimate
MAC addresses do, and move about in the physical world (connect to
different mesh nodes) just as other legitimate users will. I've thought
some of this through but it is a large undertaking that needs further
planning.
Another thing to keep in mind is that although MAC addresses could be
used as a persistent identifier *they alone do not represent any
identity.* It is not until an adversary obtains additional information
that a MAC address could be used to identify an individual person. Not
to say the surveillance of pseudo-anonymous individual and group
movement is negligible, just pointing this out.
In conclusion (for now) by keeping our software and build processes open
we can convince reasonable users that it is not possible for us to track
them with more than neighborhood level accuracy. If we go further and
deploy something like the MAC spoofing service it could be possible to
extend this guarantee further. I think it is also likely that this MAC
spoofing service could be designed to prevent/degrade 802.11 style
surveillance by hardware outside our control.
--
http://mitar.tnode.com/
https://twitter.com/mitar_m