MozillaWiki

CloudServices/Location/Privacy: Difference between revisions

Page Discussion

CloudServices/Location/Privacy (view source)

Revision as of 00:20, 17 September 2013

515 bytes removed ,  17 September 2013
→‎Wifi
Line 17: Line 17:
While Wifi networks send radio signals into the public space, different countries have very different views on the privacy aspects of them.
While Wifi networks send radio signals into the public space, different countries have very different views on the privacy aspects of them.


For the purposes of the geo-location service we are only interested in the public metadata about wifi networks, specifically the technology standard in-use, the frequency it's operated on, the signal strength, the technical network name (bssid) and clear text network name (ssid). We'll never listen in or record actual network traffic.
For the purposes of the geo-location service we are only interested in the public metadata about wifi networks, specifically the technology standard in-use, the frequency it's operated on, the signal strength and the technical network name (bssid). We'll never listen in or record actual network traffic.


For the wifi operator to opt-out, we follow the industry standard of filtering out any wifi networks with a clear text name (ssid) ending in '_nomap' and ignore any ad-hoc wifi networks. Both of these filter actions happen on the client side, so our service never sees them.
For the wifi operator to opt-out, we follow the industry standard of filtering out any wifi networks with a clear text name (ssid) ending in '_nomap' and ignore any ad-hoc wifi networks. Both of these filter actions happen on the client side, so our service never sees them.


For all other wifi networks, our client software creates a cryptographic hash out of the bssid and ssid and sends it to the service.
On the lookup side, we follow the best practice and require two co-located pieces of information to provide a location answer. This further minimizes the risk of someone being able to lookup the whereabouts of a single bssid over time.
 
Using a hash which includes the SSID, allows anyone to change the SSID and thereby invalidating all our records relating to any specific wifi network, while still being able to contribute to the service in the future under the new hash key.
 
We'll take additional measures to avoid the possibility of looking up any single hash. This avoids the scenario where someone can record the wifi hash for a users phone and use this to lookup that persons physical location over time. Measures include only answering service requests for which at least two co-located wifi hashes are provided.


===IP addresses===
===IP addresses===


In the future we might want to use Geo-IP based lookups to enhance or provide coarse-grained fallback for the service. Before we do this, we'll do a thorough analysis of the involved risk, as the combination of IP address and time of service usage can uniquely identify users.
In the future we might want to use Geo-IP based lookups to enhance or provide coarse-grained fallback for the service. Before we do this, we'll do a thorough analysis of the involved risk, as the combination of IP address and time of service usage can uniquely identify users.
Hannosch
Confirmed users
555

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/709480"