i am in a small internet community and i want to know if any of the other members is in the same city as i am, so i can invite them out for coffee. i want to avoid revealing my location to anybody who isn’t in the same city and anyone who isn’t in the community (the exactly delineation of both of these but especially the latter should be decided individually)
not sure about the crypto requirements, but i would imagine if you do not want to scale it should be rather trivial?
how might you show that you are in a particular location? i can think of a few ways:
you simply fiat that you are in that location
a trusted peer or authority attests to your being in that location
a secure enclave in a gps-enabled device attests to your being in that location
it’s not going to be possible in general to prevent people from being in more than one place at a time. but we can ideally make it expensive to be in a lot of places at once and thereby get meaningful privacy improvements. moreover, what exactly counts as abuse is going to be very fuzzy, context-dependent, and individual. for instance, maybe person A travels a lot and wants to make plans to meet up with people on their travels, without revealing too much about their location. maybe person B is not interested in meeting travellers, but person C is, and is willing to accept a proof of a plane ticket as evidence that A will be near them–comes back to cost, since plane tickets are expensive, so gauge how much you want it to cost to spy on you; maybe D is also willing to meet travellers, but wants proof that A is actually near them (since buying a plane ticket and taking a plane ride is more expensive than just buying the plane ticket) and therefore cannot coordinate with A ahead of time but must wait until A actually arrives in order to make plans
of course there are a lot of problems this can’t solve. but it is something i wanted recently
this seems like potentially a good slow-game application, if more details can be hammered and we can get a reasonably descriptive model. @degregat thoughts?
oh and another thing. suppose A and B are both in the community, and i trust A, but i distrust or dislike B. i should be able to potentially share my location with A, while giving a dummy location to B, so that no matter where B is, it will seem like i am in a different place (it should be impossible to tell the difference between a dummy location and an actual location). not unlike broken phone/browser sensor permissions. obviously if A and B and i are all in the same place, and they meet up with each other, B might find out i lied to them, but that is a
standard transitive trust problem
Very interesting. Geolocation could be another service that some nodes (running this FOAM technology) could provide, which opens many new use cases in the physical world.
Do I understand correctly that some prior governance exists, but trust is not very high between all parties?
I would then implement a location oracle, the requirements for a signature of which should be up to the community in question: Maybe you need to meet (one of) the people running the oracle of a specific location, or just send them proof of location (ticket/selfie/whatever).
Different identities could be part of the oracle, so you could pick the one that you trust the most to get the proof.
You could also do something like this, if you want to have no oracle during operation, but are fine with having one when entering the system:
The oracle/community register hands out (anonymous) credentials to all members. The community pics a set of k solvers/compute nodes to run a private set intersection. These compute nodes must be trusted enough to have the location information of matches revealed to.
Spam/brute forcing other locations could be curtailed by rate limiting submission and requiring the credentials for submission.
Depending on the trust/collusion setup between the community and the compute nodes, location codes/ratchets could be distributed to the community but not the nodes, s.t. only the matching pairs, but not the location itself gets revealed to the nodes.