[ntp:hackers] Privacy: refclock_nmea is now munging lat/long

John Hay jhay at meraka.org.za
Sun Apr 26 08:58:23 UTC 2009

On Sat, Apr 25, 2009 at 11:50:23PM +0000, Harlan Stenn wrote:
> Hal wrote:
> > I'm trying to be a good guy and make sure the about to be released -dev code 
> > doesn't have any surprises, at least in the way I use it.
> Thanks!
> > I found one.  As a privacy measure, the NMEA driver is now munging some of 
> > the data that gets logged to clockstats.  It replaces the fractional part of 
> > the lat/long with underbars.  NMEA uses a weird format for lat/long: 
> > ddmm.mmmm, so that's truncating the fractional minutes of arc.  A minute of 
> > arc is roughly a mile.
> > 
> > The comment in the code says that data can leak out via ntpq -c clockvar  
> > (Yup.)
> > 
> > I can't tell if this is a bug or a feature. 
> > 
> > I'm a certified privacy nut, so part of me thinks this is a great idea.  On 
> > the other hand, I use that data for monitoring NMEA devices and I don't see 
> > any easy way to turn off that munging.  (I hacked the source code.)  It's 
> > also a change.  I doubt if I'm the only one who looks at that data so others 
> > will probably get surprised too.
> > 
> > This brings up a couple of issues.
> > 
> > Is there a privacy policy for ntpd?  Where does this fit in?
> Clearly, this is an opportunity.
> > Note that this approach may not actually work.  If you live on a minute 
> > boundary, the answer will vary between xxxx and xxxx+1.  Or if you are in a 
> > rural area, you might be the only house within a mile.  (or only geek)
> I'm curious what John Hay and Venu Gopal have to say about this.

I think the default should be to show lat/long in both the logs and
ntpq -c clockvar. If we add an option to block it, it should probably
only be done for clockvar and not in the logs. I would then also be
for blocking the whole lat/long and not try to decide how much of it
is too little or too much.

Personally I doubt if I will ever use the option to block it. The
fact that the string in clockvar is(was) basically the raw line as it
was sent from the gps also has value when busy debugging. You know
that is how the line was sent from the gps.

John Hay -- John.Hay at meraka.csir.co.za / jhay at FreeBSD.org

More information about the hackers mailing list