[aprssig] Pirates on APRS IS

Gregg Wonderly gregg at wonderly.org
Thu Mar 14 16:16:31 EDT 2013 

This is a wide open space of issues. The fact that licensing, all over the 
world, is based on pieces of paper which can't be validated except through 
extremely laborious attempts at identity tracking and investigation is at the 
root of the problems.  One of the things that could be done, would be to use a 
certificate based system.  But, we'd need a "mediator" service that would allow 
Amateur radio operators to prove the identity to set up and account, and then 
receive a signed, public/private key pair. These apps would then require you to 
provide your identifying login and password to that site, and they would get 
your key.  Then, they could check that key for revocation by the mediator to 
control their behavior. Applications, would open a socket connection to viable 
internet services, and authenticate.  Only services possessing an SSH key 
generated by the mediator would be viable services to connect to. Then, the path 
to RF could be "validated" by the servers, so that our iGate's would only 
connect to "viable" services for accepting internet traffic, and know that it 
came from a licensed operator.

Anyone want to start a new business to help all of us end up with a chance to 
have a secure internet to RF and back path?  Sure it would take some 
administration.  But, I'd be willing to pay a yearly fee to be able to have a 
working RF to internet to RF path around the world.  That would be a great thing 
for many reasons.

Gregg Wonderly
W5GGW

On 3/14/2013 2:57 PM, Samúel Úlfr Þór Guðjónsson wrote:
> Thanks for the quick response on this matter.
> While not implying that iAPRS should be closed upon. I'd guess that more hams 
> are using that application than pirates.
> Hand picking one and one is probably the only solution for now, but only 
> postpones the problem.
>
> Hopefully this wont get too widespread, but with the smartphone market growing 
> and the ease of getting passcodes (there's even a website offering a passcode 
> generator), I'm afraid this could grow into a bigger problem.
>
> 73 de TF2SUT - Samúel
>
>
> On 14 March 2013 18:16, Gregory A. Carter <gcarter at openaprs.net 
> <mailto:gcarter at openaprs.net>> wrote:
>
>     iAPRS is a third party app that uses our DCC interface. Ultimately
>     I'll take responsibility to disable it's broadcasting through us. We
>     use direct email/password accounts locked to callsigns and typically
>     try to spot bunk calls but missed this one.
>
>     The account was created yesterday and verified today before it started
>     beaconing so it's only been active for 24 hours.
>
>     Greg
>
>     On Thu, Mar 14, 2013 at 11:53 AM, Samúel Úlfr Þór Guðjónsson
>     <tf2sut at ulfr.net <mailto:tf2sut at ulfr.net>> wrote:
>     > Hi all, I'm new to this post list.
>     >
>     > I have not been very worried of "pirates" using APRS IS, but today I noticed
>     > one locally on aprs.fi <http://aprs.fi> using iAPRS for Apple's IOS.
>     > As it is only on Internet I'm not that worried, however, there is a
>     > possibility that this information could go to a TX Igate which would
>     > broadcast the information, being either positon or messages, as position is
>     > always gated after a message. That'd make the operator of the TX igate
>     > responsable for illegal use of the amateur frequency. Over here this is a
>     > great concern, as connecting internet and RF is on a very gray zone, legally
>     > speaking.
>     >
>     > The "pirate":
>     > http://aprs.fi/info/a/STEBBI-9
>     >
>     > Now what can be done about this?
>     > I suppose doing modification on all the TX igates to do some verification of
>     > the sender of the message, but it could be quite painful.
>     >
>     >
>     > Not very familiar with iAPRS, it seems that it's just a frontend for
>     > OpenAPRS, and it seems to me that it does not do any passcode verification.
>     > Anyone correct me if I'm wrong. Now I know that passcode verification is not
>     > really that much of a verification, but having a bad verification is the
>     > better of worse.
>     >
>     > I'm quite sure that there are other countries than Iceland who are running
>     > on gray zone concerning RF to IS and vica versa traffic. Apperantly France
>     > has the same concerns, and pirates on APRS-IS is not helping.
>     >
>     > So, what should I do? Try to implement blacklisting on all the TX Igates
>     > over here? (Thankfully, they are not that many at the moment) or just stop
>     > all the TX IGates? That would kind of ruin one of a very great usable
>     > feature in APRS.
>     >
>     > Sorry if this post sounds abit confusing, I'm a little puzzled about this
>     > matter.
>     >
>     > 73 de TF2SUT - Samúel
>     >
>     > _______________________________________________
>     > aprssig mailing list
>     > aprssig at tapr.org <mailto:aprssig at tapr.org>
>     > http://www.tapr.org/mailman/listinfo/aprssig
>     >
>
>
>
>     --
>     NV6G
>     OpenAPRS.Net
>     OpenAPRS iPhone Edition
>     Find RC sites and weather in your area on iPhone/iPad with WhereBRC
>     _______________________________________________
>     aprssig mailing list
>     aprssig at tapr.org <mailto:aprssig at tapr.org>
>     http://www.tapr.org/mailman/listinfo/aprssig
>
>
>
>
> _______________________________________________
> aprssig mailing list
> aprssig at tapr.org
> http://www.tapr.org/mailman/listinfo/aprssig

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/aprssig_lists.tapr.org/attachments/20130314/dfdc6fd3/attachment.html>

More information about the aprssig mailing list