[aprssig] Another Bootlegger Using APRS As a Commercial AVL System ???

Sun Dec 28 15:01:36 UTC 2008

The APRS IS was never intended to be an amateur radio only resource.  
At one point there was a mechanism to identify packets which came from  
licensed operators. The author of one of the early hub programs felt  
the release of that algorithm was required under the open source GPL  
license. Once he published the source code to that algorithm, even  
this minimal authentication was gone forever. Anything that would  
secure the APRS IS, or secure the RF network from bootleggers, whould  
be an enormous undertaking, obsoleting all kinds of hardware and  
software. I doub it will ever happen.

With anything involving the APRS IS, it is important to keep in mind  
that anyone can send anything to the APRS IS. Even the presence of  
ETI-1's packets on the APRS IS, complete with a digi path indicating  
they originated on RF, does not even prove they originated on RF. I  
can send a packet to the APRS IS that shows K1LNX-3 just transmitted  
here in the Florida Keys. The fake packet would be completely  
untraceable and undetectable. That said, I do think it is probable  
this is a guy transmitting on RF rather than an elaborate hoax.

There is no proof this guy is a bootlegger. If you go strictly by  
numbers, there have been more hams that have placed tactical calls in  
their tracker without placing their calls in status messages than  
there have been bootleggers. Given the number of packets seen on  
findU, I'll grant it is more than 50-50 the guy is a bootlegger, but  
it is far from proven.

I checked the findU logs because I do not want a commercial entity  
using findU. Had I found a pattern of viewing of ETI-1, I would have  
tried to track it down using the IP address of the requesting  
computer. If that failed I would have put a block on that call,  
replacing the normal page with a message to contact me. Since there  
was no activity on findU, there is no point, if this person is using  
an APRS database it is not mine.

Steve K4HG

On Dec 28, 2008, at 9:01 AM, Stephen - K1LNX wrote:

> The bootlegging of APRS has the potential to be an ever increasing
> issue. One thing I have thought about is that is it possible to add a
> simple authemtication scheme to the APRS-IS network? Like register
> once under a verified callsign and then you are "authenticated" and
> all of your objects/posits are posted to the stream moving forward.
>
> Obviously I know this could be a burden, but my fear is that more
> companies will continue to adopt APRS as a tracking technology due to
> cost versus a commercial system or just plain ignorance.
>
> 73
> Stephen
> K1LNX
>
> On Sun, Dec 28, 2008 at 8:24 AM, Charlie Gallo  
> <Charlie at thegallos.com> wrote:
>>
>>
>> On 12/27/2008 Jim Duncan wrote:
>>
>>> Don't they have an obligation (at least morally?) to ascertain  
>>> that the
>>> people they sell to are properly licensed? At the very least they  
>>> SHOULD
>>> inform their customers of the requirement for a valid amateur  
>>> license and
>>> potential penalties!
>>
>> They don't even sell a transmitter - do we make electronics Mfgs  
>> get a license to sell a resistor?
>>
>>
>> --
>> 73 de KG2V
>>
>> For the Children - RKBA!
>>
>> "Blame the idiots. Think globally, but mock them locally. "
>> -- mwalker (walker at msgto.com) on slashdot.org
>>
>>
>> _______________________________________________
>> aprssig mailing list
>> aprssig at tapr.org
>> https://www.tapr.org/cgi-bin/mailman/listinfo/aprssig
>>
>
>
>
> -- 
> Stephen Brown - ARS K1LNX
> Johnson City, TN EM86
> http://www.k1lnx.net
>
> _______________________________________________
> aprssig mailing list
> aprssig at tapr.org
> https://www.tapr.org/cgi-bin/mailman/listinfo/aprssig
>