The lie in the assumption is revealed by this statement:
Location can change.
If that isn't enough of a clue, let me explain.
The location that we provide at any one instant might be correct for that instant, but we are under no obligation to ensure that the location is correct for the future.
Assuming as we did that location is constantly and perfectly available in our simulations of the obscuring algorithm, we completely fell for it.
Instead, here is what I propose:
For a location with centroid C[n], uncertainty U[n] and an obscuring distance D:
1. We obscure location information using the simple algorithm: increase uncertainty to D, and move the point randomly by (D - U[x]). If the uncertainty is already big enough, just pass the location on.
2. Save the original point and suppress any further reports about the location until the centroid moves a distance of more than D; that is, until | C[x+y] - C[x] | > D.
3. Repeat ad nauseum.
You see, by suppressing location updates until the location we know moves more than D, then we hide location. In between times, there is no promise that the location is within the uncertainty region provided, and nor should there be.
I think that this works. I need some sleep and a little time with a piece of paper and a pen to verify this, but I think that this is the way forward.
--Martin
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
