> the reported locations has a memory? It seems that the
> algorithm checks somehow, (it doesn't matter how) if we are
> still fine with the last reported location we still report
> it, and if not, we report a new location. It would be good
> if we could rely on this: you will be giving much more
> information away if you did not remember what your last
> reported location was.
This doesn't seem like a bad assumption to me. If the sever is
already storing policy information for a target, caching a location
value or a circe is only a very few more bytes.
> 2. Good random number generation is not easy. Shall we say
> something about it? (Most hashes are fine: but hashes of
> what?)
Good random number generation is actually relatively easy with modern
crypto libraries. I don't think this should be a concern.
> -----------------------------------------------------------
> I would prefer an algorithm that tells that I am in Berlin
> (say a circle with center in the center of Berlin) than one
> that gives each time a different circle with a center
> randomly distributed around my real location. The averages
> (plus some clustering algorithms) of those values would
> provide a high precision on the places I visit in Berlin.
You can do that with Martin's algorithm, since any location value that
contains the circle computed with his algorithm can be returned. The
location server is free to choose, e.g., circles centered on
landmarks, as long as these circles are big enough to contain the
rough location computed according to the algorithm.
>> The problem is that the (real) location can vary
>> slightly, or you might move a little. If it does vary
>> slightly, even if this is well below the obfuscation
>> distance, then the random number is completely altered.
>> I haven't found a good way around this particular
>> problem. Anything you do to stabilize the
>> direction/length of the shift vector only leads to the
>> ability to learn what the shift vector is.
>
> Thus I need one algorithm that chooses out of my location a
> "landmark" that is a good approximation of my location (and
> of all locations in a neighborhood).
>
Given that the location server can make use of landmark-based location
values, as I describe above, the choice of landmarks seems like an
implementation detail. As long as the choice meets the requirement
that the rough location be covered, it won't have any privacy impact,
so we don't need to specify it.
--Richard
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
