[Mesh] Fwd: [Commotion-discuss] Seattle Police mesh network for surveillance?

Mon Nov 11 02:36:41 PST 2013

On Mon, Nov 11, 2013 at 2:21 AM, Mitar <mitar at tnode.com> wrote:

> Hi!
>
> > Bob is stalking Eve, and he has figured out her MAC address. He wants to
> > follow her around the city or simply learn where she lives. Using the
> node
> > map, which includes node IP addresses (or because he simply drove around
> > the city and mapped them out himself) he knows the IP/MAC to physical
> > location mapping of all nodes. A simple layer 2 or 3 traceroute will now
> > tell him Eve's movements around town including her work location and home
> > location. I am proposing that we disable the layer 2 traceroute
> > functionality in batman-adv and block ICMP Time Exceeded messages such
> that
> > traceroute is no longer possible, and such that it becomes much more
> > difficult to find the physical location of a MAC address.
>
> OK, and you believe this scenario warrants crimping the network?
>

Yes! Emphatically yes! This is an issue of people's safety. People will not
reasonably expect that they are broadcasting their position to anyone who
cares to listen when they use the mesh. Many people have enemies and
stalkers. If we don't do anything about this issue then we are endangering
people's personal safety. We can't just say "oh, people can't expect to
keep their location private anymore".

> I do not have a direct analogy here, but we used for some time a captive
> portal which blocked all traffic until you clicked a button in the
> browser. We got quite some reports of network not working from geeks who
> first thing after they connected to network tried something non-HTTP and
> then tried to ping and debug and nothing worked. Never tried to open
> HTTP. Those were people not otherwise involved with the network. They
> just assumed things should work. So what I am saying that I think should
> always work as expected. Don't break things.
>

Sacrificing usability and/or personal safety for the many so a few techies
won't have to deal with workarounds is completely unreasonable. The
long-term solution to captive portals is a standard, implemented by all
major operating systems, that allows communication with users that connect
to your network without ugly hacks. I'm not sure what long-term solution
for not leaking geo-location information is, but there probably is a
non-ugly solution. We should work to create those solutions, but in the
mean-time, it's more important that the network works for the majority of
people than that it's technically beautiful.

> BTW, I am not sure if normal traceroute does anything smart in Batman
> network. So how much people will really know how to use Batman specific
> tool?
>

True. You'd need to use a batman-specific tool, but that's security by
obscurity territory and it only takes one person to make a "find anyone's
location" web app for that to break.

-- 
Marc/Juul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://sudoroom.org/lists/private/mesh/attachments/20131111/c674b0c7/attachment.html>