[aprssig] Universal APRS messaging
steve at dimse.com
Thu Oct 23 15:43:56 CDT 2008
On Oct 23, 2008, at 3:17 PM, Phillip wrote:
> If you want to be able to do this Universal APRS Web based messaging
> and you
> put in position the means to do it then you as the site owner could
> be held
Can you cite a single country's amateur radio rules that would suggest
this? If you can I'll look at it, otherwise I consider this a
hypothetical, fictional, and unrealistic scenario.
In the US, providers of Internet Services are specifically immunized
against the actions of their users that violate terms of service. You
have to agree that you are a ham using your own callsign to send a
message through findU, that is more than adequate for this country.
Even if a country could hold someone else responsible, which server
would you blame? findU? The APRS hubs the message traveled through?
The ISP that connected the IGate to the internet? All have the same
"vulnerability", passing messages without authentication of sender.
How can you prove any server owner was actually involved? ANYONE can
send ANYTHING on the APRS IS. I can make it seem like YOU sent the
message. And in fact, if I were trying to do something nefarious, I
would certainly make sure the evidence pointed somewhere other than
where I actually did my evil deed.
> There should be a secure way of checking who places the message and
> content of the message...
It is not possible without a complete revamping of the APRS Internet
System. This would be the best possible outcome. It would be difficult
and painful, like the APRS QSY was, but the end result would also be
> Here in NZ we had the very same question arrive some years back when
> BBS's and the Internet arrived in force our Regulation Body was
> asked some
> questions and the out come was that the originator would be
> responsible ..
That is the law in the US as well, but the law is specifically for the
originating STATION, and station is specifically defined in the rules
as the equipment to transmit. The person on the internet is not
responsible under the communications rules of the US.
> I would say that authenticating a message on APRS would fall on the
> owner who allows these messages to be passed on
> to the APRS community
That is absolutely not the case with US rules, our FCC specifically
addresses this situation in Part 97. If it is different in your
country, or any other that you know of, I'd love to see a link to
those rules! And agin, which server owner?
> As an Igate sysop if the Universal APRS messaging gets out of
> control and is
> abused then the easiest way would be to exclude
> messaging from the Igate every Igate Sysop is in control of his /
> her own
Absolutely, that is where the responsibility rightfully, and (at least
in the US) legally belongs. I turned off the internet to RF direction
of my IGate on the day many years ago when the APRS Internet System
became insecure. The thing I fear I have still not adequately conveyed
is there is NO new insecurity in the APRS IS. From the day aprsd
published the source code to do APRS IS validation, ANYONE could send
ANYTHING on the APRS IS completely without detection or traceability.
Anyone who thinks there has been any security on the APRS IS for the
last ~8 years, and that internet messaging makes it worse, either does
not understand the situation or is burying their head in the sand.
> Bob, you want Universal APRS messaging and software writers to produce
> software how about getting on to those that have
> these programs and get them to either update them or release them to
> that can carry on improving them
> APRS/CE would be a go start ...
That's a whole separate argument, but I firmly believe that everyone
has the right to do whatever they like with their own intellectual
property. For example, I can't begin to understand why Roger chose to
end UI-View when he became terminally ill, instead of handing it off.
I want what I've created to outlive me, but I absolutely respect his
right to choose how to handle the situation, and I'll fight viciously
anyone who claims they have the right to force someone to act against
Once APRS development was closed. Anyone that was on the sig in early
1999 will tell you I fought (yes, viciously) to get it opened up to
all developers. I did that so you could write your own version. If you
want a CE version, write it!
More information about the aprssig