Thread: Proposed Web Service: Simple Location Service

Don't need login... All network devices have a MAC adresse... Use this as ID.


Note: IP adresses can be translated mistankenly... If a segment of the IP ranged is owned by a Sweedish company, but a subnet of the same segment is used in Norway... It will still report back as Sweeden!

GSM Triangulation is the phone messuring signal strength from the radio masts it have connection to. This, with poor GPS signals can give a very accurate location.
PS: Triangulation "navigation" can be thrown off if there's something interfering with the signal, making it weaker than it actually are. Making the phone think it's further away from the mast than it really is.

Originally Posted by Crinos

Don't need login... All network devices have a MAC adresse... Use this as ID.


Note: IP adresses can be translated mistankenly... If a segment of the IP ranged is owned by a Sweedish company, but a subnet of the same segment is used in Norway... It will still report back as Sweeden!

GSM Triangulation is the phone messuring signal strength from the radio masts it have connection to. This, with poor GPS signals can give a very accurate location.
PS: Triangulation "navigation" can be thrown off if there's something interfering with the signal, making it weaker than it actually are. Making the phone think it's further away from the mast than it really is.

There are lots of ways to generate a unique id for this service. I'm totally okay with mac address or some hardware combination md5 or whatever. The only reason why i'd suggest doing the login first is that a lot of other services depend on it. But i'm also totally okay with just getting a service done as a proof of concept and this may be the way to do it.

Originally Posted by Crinos

Don't need login... All network devices have a MAC addresse... Use this as ID.

Wouldn't using MAC adresses block accessing the data from multiple sources, like uploading data from your car (with one MAC address) and reading it back to your home computer (with another MAC address).

I think login should be created in a way so that a user can access his data from multiple sources.

And yes you could set the system so that it allows for multiple MAC addresses but to set this you still need some kind of authentication to acknowledge who you are to confirm this new MAC address, hence some kind of user/password policy. Seems kinda double up to me...

Originally Posted by Borte

Wouldn't using MAC adresses block accessing the data from multiple sources, like uploading data from your car (with one MAC address) and reading it back to your home computer (with another MAC address).

I think login should be created in a way so that a user can access his data from multiple sources.

And yes you could set the system so that it allows for multiple MAC addresses but to set this you still need some kind of authentication to acknowledge who you are to confirm this new MAC address, hence some kind of user/password policy. Seems kinda double up to me...

The mac address scenario would be anonymized data used for generating traffic and other statistics. The other scenario, which you are describing here does require a user account for the purposes you mentioned.

No one uses a MAC address for any type of uniqueid verification......way too easy to spoof and its identical on some virtual machines.

The problem here is far more complex then you are making it. You need a way of identifying which data is submitted by each unique user for the purposes of data integrity while at the same time ensuring no personally identifiable information is stored about the user. Sound like a contradiction?

Originally Posted by justchat_1

No one uses a MAC address for any type of uniqueid verification.

Really? I thought the whole point of a MAC address was to uniquely identify hardware. Anyway, i'm really sleepy and so my brain isn't working quite right but why do we need to identify anything? For traffic, as long as we have a coord and a speed we can do what we need to. For user tracking, that can wait for a proper account login.

goodnight

First time I've heard that MAC adresses is not unique... Though, they are fairly easy to spoof. For those wishing to do so.

But MACID + secret hash + MD5 = bingo!
Packets can still be spoofed if wanted to, but still...

In the end, there is nothing thats un-hackable, and if userless data gathering is requierd... Well, there will always be mischiefs around!

the hash of the macid + secret hash will need to be validated on the server. so that means the secret hash needs to be shared between server and client so it's not secret any more, so not sure what it's providing you. also, you should probably stick with SHA2 for any hashing algorithm.

but all this time you guys are spending on authentication has already been covered either in existing frameworks or standard auth mechanisms many times already.... take a look at the login thread. if you need SSO then use OAuth, GoogleSSO, etc. otherwise just keep it simple and use HTTPS + Basic Auth, write an auth filter that validates the credentials on the server-side by hashing (using SHA2) the incoming credentials against your DB. and you're done.

When you pick a uniqueid you want the hardware that is least likely to change (the cpu id) not the hardware that can have its id changed and is the most likely to be replaced or missing completely (a mac address). But again the problem here is that a cpuid is not anonymous, anyone with access to your pc could find everywhere you've been.

Edit:
@SFiorito
This isn't about authentication, thats already done, this is the whole question of ensuring valid data is submitted to the web service without compromising a users anonymity.