[Mesh] Fwd: [Commotion-discuss] Seattle Police mesh network for surveillance?

Mon Nov 11 02:12:42 PST 2013

On Sun, Nov 10, 2013 at 11:52 PM, Mitar <mitar at tnode.com> wrote:

> Hi!
>
> > Perhaps there is a better way to deal with the problem. If I understand
> > batman-adv correctly, no node requires knowledge of anything but the next
> > hop for every destination. This should mean that we don't need the layer
> 2
> > traceroute functionality that batman-adv includes. If we change
> batman-adv
> > such that a node can only ever know the next hop for a given destination,
>
> I am not sure exactly what you are saying you would change? Batman
> already knows only next hop for every destination. So what you would
> change?
>
> Anyway, I think this is still complicating too much. Practically, any
> attack would simply be listing all MAC addresses in the network. Once
> you know this list you know that they are in the network. And then you
> use other means to determine where a person is. You have to remember
> that nobody is using only one approach or one tool. They will combine
> data from multiple sources. Any change here will just make network less
> open (in the sense that you would have a difference between admins and
> non-admins), for what gain?
>
> Can please somebody first describe a threat model we are trying to
> address here? Who attacking whom and with which tools?
>

Bob is stalking Eve, and he has figured out her MAC address. He wants to
follow her around the city or simply learn where she lives. Using the node
map, which includes node IP addresses (or because he simply drove around
the city and mapped them out himself) he knows the IP/MAC to physical
location mapping of all nodes. A simple layer 2 or 3 traceroute will now
tell him Eve's movements around town including her work location and home
location. I am proposing that we disable the layer 2 traceroute
functionality in batman-adv and block ICMP Time Exceeded messages such that
traceroute is no longer possible, and such that it becomes much more
difficult to find the physical location of a MAC address.

I think this scenario is our biggest concern with regards to tracking. The
government already tracks people using other methods, but we're setting up
a system that allows anyone to track anyone which brings with it a whole
slew of new problems.

Encouraging people to install apps that change their MAC addresses will not
solve the problem, since most people still won't install and use those apps
(and some devices don't allow that level of control).

-- 
Marc/Juul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://sudoroom.org/lists/private/mesh/attachments/20131111/ce099dc2/attachment.html>