> OK. In short it looks like this:
>
> ==Proposed algorithm
>
> For a given uncertainty "d" construct a grid of "landmarks"
> at roughly distance 1.5d from each other. A "region" is
> roughly-a-circle of radius d centered on a landmark. Each
> point in space must be at least in one region.
>
> Given a point choose randomly (with equal probabilities or
> with a bias towards the prevouly reported location, a
> preferred location, or towards closest landmarks) a region
> to which this point belongs. But if there are too many
> regions to choose from (say, >2, 3 or 4), then choose only
> from the 2 (or 3 or 4) regions whose landmarks are closest
> to the point.
>
> Any time you move, you can use the same algorithm to
> provide a new (or same) region. (But instead of "any time
> you move" this can be implemented using a "trigger circle").
I'd like a little more precise a definition of this algorithm. In particular, how the grid point is selected and how an implementation might decide to report a new location. Some strategies reveal more location than others. For one, taking movement of the known location as a trigger leads to the same multiple sample problem you are concerned about.
The other concern that I have is regarding falsity. One of the characteristics of the algorithm I proposed (and those that lead to it) was that the known location was inside the reported region. This means that the report is never purposefully made false.
Now, if we are willing to accept outright lies, we can probably protect privacy a whole lot better.
...
> As to the algorithm you proposed:
>
> > (1)
> > Scenario:
> > The Target visits the same location multiple times over time.
>
> This is not entirely correct: if you are approaching, say,
> every evening your home via the same route, if you report
> your location when you are approaching home, you will get a
> very close approximation of the route that you are using.
You are right. This can be generalized to discovery of a well-travelled route as well as a single location, with all the same constraints.
> Another question:
>
> If you have several devices providing information: are we
> sure all the provided locations are processed by the same
> *instance* of the algorithm (same server, same local data)?
That's an interesting question. You mean to say that the state is shared? That will depend on implementations, and my experience doesn't extend to the sorts of implementations of presence systems that would have this. Based on the scaling architectures that I am familiar with, it should be possible to ensure that the information is provided by instances that use the same state. Perhaps we might state that this is a requirement on those implementations.
> -- Jorge
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
