Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Data Privacy HELP!

  1. #1
    Mp3Car Staff
    Auto Apps:loading...
    ecog's Avatar
    Join Date
    Aug 2005
    Posts
    92
    Blog Entries
    11

    Data Privacy HELP!

    As people submit their tracks, data privacy will be a huge issue.

    Some people don't care if everybody on the planet knows where they go and when, this would be you Bugbyte and some people like to keep their whereabouts private, for example super secret international spies who would like to contribute to the project.

    All jokes aside, if we don't address privacy issues many people will not be comfortable contributing.

    I'm not sure how to approach this. On one hand it is just a collection of tracks on a server that have no identifiable information about anybody (beyond lat/long location).

    Most of us wouldn't go through the effort to analyze data to use it for anything other than map generation. But then again I'd rather not be responsible for people's safety if somebody does find a way to figure out/track a specific contributor.

    So the question is, once the data is uploaded, how do we make it public and usable to anybody in the world without compromising the identity of the contributors?

    The only solution so far that comes to mind is stripping the beginning and trailing waypoints of each track. For example, if I have a track from my house to my friend's house and that track consists of 100 waypoints, I would strip the first and last 10 waypoints so anybody else would see that the track starts in the middle of a public street and ends in a public street.

    Let me know what you think.

  2. #2
    North of the land of Hey Huns
    Auto Apps:loading...

    Join Date
    Jun 2004
    Location
    Westminster, MD
    Posts
    2,127
    While I think the entire argument is absolutely silly (along the lines of "oh my god they're out to get me" kind of silly), I agree that stripping a user configurable number of waypoints, or perhaps a user configurable distance from start and end might be the way to do it. Eg if the points are within say, a mile of a persons "secret" locations, then don't log or include them.
    "stop with the REINSTALLS, what do you think we got some lame-o installer!!!" - mitchjs
    RevFE
    My Shop

  3. #3
    Variable Bitrate
    Auto Apps:loading...
    thekl0wn's Avatar
    Join Date
    Apr 2005
    Location
    PoCo, Indiana
    Posts
    284
    You mean this isn't going to be a stalker's paradise?

    X-amount of seconds could automatically be taken off of each track at/by the server.

    Once data starts being loaded, processed, and placed onto the server/database, I would think that it should be a fairly easy process to edit out a block of points. For instance, if user-X doesn't want everyone to know when he goes to the strip club, he should be able to set up parameters which disregard any of his/her uploaded waypoints within those boundaries.
    Play with it, 'til it's broke.

  4. #4
    MySQL Error soundman98's Avatar
    Join Date
    Jan 2008
    Location
    on the border of northern IL/IN
    Posts
    5,820
    i agree that there needs to be some sort of protection to those that would contribute to the maps, the biggest problem i see is the valuable data that is lost by taking out a specific range (stripping out even a quarter mile from my house would leave alot of roads unmarked) i think the best way to acomplish this would be to have the user themself decide on what data to include/remove. what if part of the software that uploads the gps info gives the option to the person to add/remove certain areas?

    this way, anyone who doen't want to be tracked can determine at what point they don't want to contribute-- this would also come in handy for those that have very long driveways, that a gps could possibly interpet as being a cross road...

    i could also see a issue (at first at least- with minimal people being tracked) where having a circular gap in the map(for not tracking a certain distance from your house) would be just as easy for someone who wanted to find that person...

  5. #5
    Admin. Linux loser.
    Auto Apps:loading...
    Bugbyte's Avatar
    Join Date
    Sep 2004
    Location
    Corning, NY
    Posts
    7,359
    Blog Entries
    2
    How about simply the option to set or unset that user-configurable distance or time? Leave it up to the user as to how much of it to expose. I'm not real worried about someone figuring out where I live. That's pretty dead-simple to do.

    And if I upload in non-real time, they can't be sure when I'll be there or not.

    I do think an option to divorce the track data from user identification should be allowed. That way, no agency of the gov't could use it to issue you a speeding ticket, for example. Or, more likely, to use it to track a suspect in an investigation.

    I'm not a conspiracy theorist, but I'd hate to see it used against you simply because your data showed you in the vicinity of a crime at the time that it occurred.
    Quote Originally Posted by ghettocruzer View Post
    I was gung ho on building a PC [until] just recently. However, between my new phone having internet and GPS and all...and this kit...Im starting to have trouble justfiying it haha.
    Want to:
    -Find out about the new iBug iPad install?
    -Find out about carPC's in just 5 minutes? View the Car PC 101 video

  6. #6
    Variable Bitrate
    Auto Apps:loading...
    thekl0wn's Avatar
    Join Date
    Apr 2005
    Location
    PoCo, Indiana
    Posts
    284
    Conspiracy theorist, no... That's not what I'd consider your opinion on the topic. I'd consider it more being smart about the liability of the project as a whole!
    Play with it, 'til it's broke.

  7. #7
    SuperMod - OBDII GPS Logger forum
    Auto Apps:loading...

    Join Date
    Mar 2009
    Location
    Los Angeles
    Posts
    924
    http://www.hhs.gov/ohrp/humansubject...ce/45cfr46.htm

    This is in the realm of protection of human subjects [or HSPC as they call it where I work]. I don't think this question is paranoid, or conspiracy-ish, or anything like that - at my place of work, this is of pivotal importance... And one thing specifically on our list of things to be de-identified is GPS co-ordinates.

    I do think an option to divorce the track data from user identification should be allowed. That way, no agency of the gov't could use it to issue you a speeding ticket, for example. Or, more likely, to use it to track a suspect in an investigation.
    It shouldn't just be "allowed", it should be *forced*. Data should *always* get de-identified, no matter what.

    Obviously searching on slashdot leads to a series of paranoid conspiracy theories, but I do find it a decent clearinghouse of legitimately useful links on this very topic. site:slashdot.org gps tax

    This topic is so much more important than it's currently assigned. I realise that I'm treading a deadly ground with obdgpslogger in this regard, but I made a pre-meditated design decision a long time ago to *not* attach any identifying information at all to the database. I normalise a lot of data exported to google earth, and I think I will, in future, also provide an option to normalise cvs data, or even normalise data going into the database.

    Gary (-;
    OBDGPSLogger, for logging OBDII and/or GPS data
    OBDSim, an OBDII/ELM327 software simulator
    mp3car forums: obdgpslogger, obdsim

  8. #8
    is back. FKA Robert Wray
    Auto Apps:loading...
    Fiberoptic's Avatar
    Join Date
    Jul 1978
    Location
    Baltimore, MD
    Posts
    1,419
    Blog Entries
    143
    Quote Originally Posted by chunkyks View Post
    http://www.hhs.gov/ohrp/humansubject...ce/45cfr46.htm

    This is in the realm of protection of human subjects [or HSPC as they call it where I work]. I don't think this question is paranoid, or conspiracy-ish, or anything like that - at my place of work, this is of pivotal importance... And one thing specifically on our list of things to be de-identified is GPS co-ordinates.



    It shouldn't just be "allowed", it should be *forced*. Data should *always* get de-identified, no matter what.

    Obviously searching on slashdot leads to a series of paranoid conspiracy theories, but I do find it a decent clearinghouse of legitimately useful links on this very topic. site:slashdot.org gps tax

    This topic is so much more important than it's currently assigned. I realise that I'm treading a deadly ground with obdgpslogger in this regard, but I made a pre-meditated design decision a long time ago to *not* attach any identifying information at all to the database. I normalise a lot of data exported to google earth, and I think I will, in future, also provide an option to normalise cvs data, or even normalise data going into the database.

    Gary (-;
    I believe that in order to properly weight, ignore or qualify the tracks being uploaded it would be essential to be able to track the user that submited the trail.

    At the same time I completely agree with the need to protect privacy. We never should be in a position where we even have the ability to provide data for a subpoena.

    Is there technology that we could borrow from the medical or cryptography world to allow us to weight the inbound gps streams and still maintain privacy?

    I talk more about the need for weighting the quality of the upload here. Here is an excerpt. This link has more details.
    Quote Originally Posted by Fiberoptic View Post
    The algorithms would also be smart enough to possibly throw at anomalies. Let's just say for example that I am probe. I report with my iPhone. I regularly bike the wrong direction on one-way streets and speed 20 miles over the speed limit. The algorithm would eventually throw out certain parts of my data that are way outside the norm and negatively weight all of my other reports.

  9. #9
    SuperMod - OBDII GPS Logger forum
    Auto Apps:loading...

    Join Date
    Mar 2009
    Location
    Los Angeles
    Posts
    924
    Is there technology that we could borrow from the medical or cryptography world to allow us to weight the inbound gps streams and still maintain privacy?
    What we do here is have "cold rooms". PCs airgapped from the outside world, where linking tables are created. Data is split into two tables, one mapping the identifying data to an opaque id [usually generated with some kind of function from the other data in the row - eg, it might be SSN+DoB mangled in a specific way]. This table is stored where no-one can get it. The other table maps that opaque row ID to the actual data, and is the one that's actually copied out of the cold room and operated on.

    Of course, this is technically subpoenable I believe. It's also not necessarily feasible for this scenario. I will ask around at work for some suggestions - there's people here who've been dealing with HSPC for literally decades.

    Gary (-;
    OBDGPSLogger, for logging OBDII and/or GPS data
    OBDSim, an OBDII/ELM327 software simulator
    mp3car forums: obdgpslogger, obdsim

  10. #10
    MySQL Error soundman98's Avatar
    Join Date
    Jan 2008
    Location
    on the border of northern IL/IN
    Posts
    5,820
    Gary, would you happen to have a update for us on the best way to approach this?
    (i have started logging, but am hesitant to upload until the privacy issues are worked out)

Page 1 of 3 123 LastLast

Similar Threads

  1. Replies: 444
    Last Post: 10-21-2014, 06:50 PM
  2. Renault "Tuner List" Head Unit/CD changer hacking - Controls
    By Vicne in forum Hardware Development
    Replies: 800
    Last Post: 10-30-2012, 08:09 PM
  3. Can you guys please help me??? OBD Renault Clio help needed!
    By madtoonbull in forum Engine Management, OBD-II, Engine Diagnostics, etc.
    Replies: 7
    Last Post: 02-19-2009, 11:36 AM
  4. Pinout Color Codes / Tables
    By gummybear in forum General Hardware Discussion
    Replies: 4
    Last Post: 05-12-2005, 04:05 AM
  5. Article: Privacy of vehicle information being debated
    By VanMan69 in forum General MP3Car Discussion
    Replies: 10
    Last Post: 03-15-2005, 03:59 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •