IETF Logo Mail Archive

[Unwanted-trackers] FW: WG Action: Formed Detecting Unwanted Location Trackers (dult)

Roman Danyliw <rdd@cert.org> Fri, 01 March 2024 20:15 UTC

Return-Path: <rdd@cert.org>
X-Original-To: unwanted-trackers@ietfa.amsl.com
Delivered-To: unwanted-trackers@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A743BC14F61E for <unwanted-trackers@ietfa.amsl.com>; Fri, 1 Mar 2024 12:15:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yYyGS5OAXycY for <unwanted-trackers@ietfa.amsl.com>; Fri, 1 Mar 2024 12:14:56 -0800 (PST)
Received: from USG02-CY1-obe.outbound.protection.office365.us (mail-cy1usg02on0079.outbound.protection.office365.us [23.103.209.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2B59C14F617 for <unwanted-trackers@ietf.org>; Fri, 1 Mar 2024 12:14:55 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=hLMx4vRfEzP/1zG5QBNqTZjRW1NgxILEBIi6HY/3+Um1/aL+L+xV5RI73YZh3YZq5MBDly3YxzVmz7lu4WqrbdXjU3Ac3O4+Xuji5g0JpaUF3VBuJSa1wpZejiKH+l550CMwB0snrOq9VOTpUPLy57S4c8CHRAX8PwOviN6t5M1YTucnlxiJNhBys/sdwOIxkiHgP5H5apB7ktEUv6eYL2acjfVGGv+kQw3GJpRxKZueFyEqyZhNEi92BHUyzpEYhPKxBmKwojLgNhxCf6GuINyzVfb2dKTjepgm/daryl/tbDtI3az834kUiJkAlUwSAFcx/w1NiPv8lugciAchCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mS0iXCXUYwx8vjxGVcitB7/XTLz3lKwXkxCQ/nWQRFY=; b=VKXdkF8XMjqqex1crRnQ9lETZvwbNqKteo7TDvGBJ8n7lFH78y4yHZaGWg51dMTPorIylbO+5pjwwlP96EUBXRFNcrs/qdNb/mDLVy43XAVUF9p5jFi6QU9VvZhQd6oKpQmqJXPfqOzPwOjknTXiabcka7aG8/nUJWfxgo9A0QaOBvMvbjeQxO2oirEfEuJNPdVw8yzF2XXevRexfvCrxjJzFyC1X07eiN0TBx/VxS6hW/h6YQmkM2NexAfwsinmiZxz3+B9dSrFVg782G8ZiJI1SFQfOaW+7xFt0Tm9njr+L957Teu52bIjNShJ/Sv8kv4iZfDB8u1C54ZtDm+4gg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mS0iXCXUYwx8vjxGVcitB7/XTLz3lKwXkxCQ/nWQRFY=; b=c9ONsMlx7I0ZgW2DAzH8U2eFtPXuWXp0t93dvXUbDpjeA7shZ6cawckrl/KTsQGQkXNbmYF64fVgiJ9DmYbxLZE5WLzAynH/TjoWqoimPkeSLvtG0gaIy1WzCv0ddhKUFYyZFhrnLnitBC6YbFMlMNfFwyN+khtd1jk95TuPYMI=
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:168::11) by BN2P110MB1303.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:17c::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.52; Fri, 1 Mar 2024 20:14:53 +0000
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::acd1:6591:c445:e0b]) by BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::acd1:6591:c445:e0b%5]) with mapi id 15.20.7270.047; Fri, 1 Mar 2024 20:14:53 +0000
From: Roman Danyliw <rdd@cert.org>
To: "unwanted-trackers@ietf.org" <unwanted-trackers@ietf.org>
Thread-Topic: WG Action: Formed Detecting Unwanted Location Trackers (dult)
Thread-Index: AQHaa2mF6vka0NDX30+jPq6iYmW97bEjDepAgABFFNA=
Date: Fri, 01 Mar 2024 20:14:53 +0000
Message-ID: <BN2P110MB11079C973FD880C4D63FCEDDDC5EA@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
References: <170925038293.22904.9921371188734048383@ietfa.amsl.com> <BN2P110MB1107461A91A1F6C0AC91FBDADC5EA@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: <BN2P110MB1107461A91A1F6C0AC91FBDADC5EA@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN2P110MB1107:EE_|BN2P110MB1303:EE_
x-ms-office365-filtering-correlation-id: f6b06bf4-a699-477b-5bc8-08dc3a2c41d9
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3LiFASvLJdViXWI7Vb+iqCEeYcMSvDPonxDCo57Me8eLmwM1GFkvQGqgTEZjfNg4cYq8P1Ka7fQmofaibbUiLsRf2vQm8EcvpMVeRfcbfXoki/sOYXL0rJ2Wf80TQB2EDslmtFvf7htVtXFBQQT7JoO4WP9PSTaxo7fPrlfK3Mc3hO0jeXny16x5uvz1DrDau4JcK+1T6cYfyFiKA3xHW5HC16V+P33im3l43tNIfF6hd91jfk5uJEKwlO8ZGW5xu6J6KjnHml0ZqiZgKMLL8Pdc5LT5mcY33p+JMsTfFAir5iKrxlj3PUG2LVJdLLpdTr3oNemwKgPGZetp3qxOrtqxfkoLzZgZEAKbdP0JF7Tw0x2BjH+yh6gn1ERsimayLqA/8tiJF0sG0YrI8+ZjlskO103wFUxsAjT7ZZGBejWQ3hSpclhFRiFSKC3eB+JIwT7JS0cLcuxzyojrrweuq0GqDcHs22KVOXPC+HPWS8/Fau7BJ/yR+cSEHkIQSYmTAS00h+DtEYbMa+wR1B3Bq3P6kynbQd2ezs6CyLRqMami2O+iFhM85OPR7lBDxbBQTO8YWp78XGsHnNDumdocld0gcF/1kIW+5+KFZ8DdpbrmfwGs5CRLXabwqNQWR19W4qD4OFV/BMvjZ/TifLZBpdubE0ZPDGrz05gFzM7pXFk=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(41320700004)(38070700009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 4rXAporT38f21FvDRP8f3b9n5XDO9bDza3hg7P2amAK6vlI7whvizQknNXbDaa+1hPmhX7mYXmOY9fEK1eQMPlXhqeLhApr3BWCbbyksEqavlslOXwRXCQjsJT0U44c8NdXEy9JUHJMSWYXn46H+UH0N7Oz9dPaJ0C8HqFyozU0o+FCu2il1JxJe2fpOrrg3sZ8kmXuyIDNymoE2iGhAEQmvXVvDjsNj1HYXVeqNNOyryyZoFpjzA0kn9c+akbyPP+XYbP9IUOJ/pr/gDaaUjcISvYpIVAn98KeDL6TlBhw54r5GX/VCY9g9XmaEkbMBWxa9z0lpvvsvfq84XmH+Voy4vIvcCDSRxypSzlHRX6a5CT23RjLRe0VFGBHmRcckPj6uHZ6pIpJRy5YibpT/bP7Qlxrr8lAFo82WzxRCnop1mN2Mnzpsegcb03qK7WZZF3Z8kPhyjZCeS/z87QuivfEK9SA4GSei0At2oiX8LqDnJXUzoJB91bmp/t4KfN4PnMxRYx7zmLagu0UYhvp/Lw5xItspaLUG9ghFbDBAtsLsdzCb7KQ/JJP3NfIG9lO8welp/iVDBlt9yGo/xP2OrKnwT4SvwRnzHqoHg9hnMJa3yk8ooAGnX5mNsm0Vtj7lnpe87wa22OH4+NW7z5zKjq8sukGXJfGv1CwlaVoP2Ivfn8jIaUVIkv7bdx71jNp9KqBDCvHl1pkb14R1Y4++CTFKLZUvqbYoAU2d18LZwkN/RXRTm1LakfqkFs1BaT9anzFfh9W2le0FAa38h74pmVDjEKoN34NSjkN0KIlg6+VEbLDOysr90/UFIkJDNYsqjWLgJ9/xKsKWsve4iCbRJa59gkY7rC04a6u6P93ug293+Pyu3vMky5oXsgGEAxZUwLzH4dsGRFqZHqOr85mMm48VFUpQ9wgh3gAEbQO0ZgEB1R3GUKeJfKaGczF/R0aLl4/sBBxPPDq3vQuiRG5Nki0GG5TGWx/W6kF5evh+GqVw2rl3xP3LNv/7vZtDh9lFbiYy0WItPSLqIVL/YON7eABLnqAJMKba+uFCJIgexIGedJcmN5hGWcQRSpWguMi0HYCYNlatRYbQBSQabqb7/b8scDbKvxuDxLUnKi/Y2pVmJF4qItHspzjZ/6FdmcChZImQNXvFsaMV3D1efN/ktrYnDYpm0RQnvD5kjLteyGNuyBbrJ1cX3/llBy9QUyDyau90bNyFMdbAFW1qbRVWtTdkmsADeyNkJ1azhiGBGgygh6kDyW3Ujei0yO0AW4WVNm8ZQZsdvZunL8z0qhpUdBqybj1yVKR7RQ12sThRGNIMWCPrDQw2Xc00A+FpH5nYtmEJK4GUzDdXFh8L9KPzdEWwQUXY7K2UdQl+2cNl4nbmTkw5hGd1eGxNfaxaIOtJO/Virkyhem14v4i1XUbfFelseZy/VqdwsiNKL5ZqKfgSk3H4NPaNI55kbh8rdEz0gh0Ucau+NyZxBca3ou+Ci8FNl7teR8F1TMH0Pbz3c44=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: f6b06bf4-a699-477b-5bc8-08dc3a2c41d9
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Mar 2024 20:14:53.7448 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN2P110MB1303
Archived-At: <https://mailarchive.ietf.org/arch/msg/unwanted-trackers/KBHdSkpVlWMlpSBqpCSUePmYNYs>
Subject: [Unwanted-trackers] FW: WG Action: Formed Detecting Unwanted Location Trackers (dult)
X-BeenThere: unwanted-trackers@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussions on detecting unwanted location trackers <unwanted-trackers.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unwanted-trackers>, <mailto:unwanted-trackers-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unwanted-trackers/>
List-Post: <mailto:unwanted-trackers@ietf.org>
List-Help: <mailto:unwanted-trackers-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unwanted-trackers>, <mailto:unwanted-trackers-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Mar 2024 20:15:00 -0000

Hi!

Due to the robust community discussion and support, yesterday, the IESG approved the DULT WG.  Thank you all for your input that made it possible!  In particular, I want to thank: the proponents to bringing this work to the IETF and engaging the community; Brent Ledvina for his leadership in managing community feedback on the charter; and the BoF chairs (Alissa Cooper and Sean Turner)  who helped facilitate the conversation.

As we enter this new phase of activity, the WG's leadership team will be changing.  

** Having led a successful launch, Alissa Cooper will be stepping back.  Alissa, thank you for your leadership!  

** Sean (Turner) will be staying on as co-chair.

** It is my pleasure to announce that Erica Olsen will be the new-co-chair.  Erica brings significant experience in the technology aspects of gender-based violence.

** I will be stepping down as the responsible SEC AD and passing on that responsibility to Deb Cooley at the IETF 119 IESG leadership transition.

Thank you to Alisa, Sean and Erica for your willingness to serve.

DULT will meet at IETF 119.

Regards,
Roman

-----Original Message-----
From: iesg <iesg-bounces@ietf.org> On Behalf Of The IESG
Sent: Thursday, February 29, 2024 6:46 PM
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>; dult-chairs@ietf.org; unwanted-trackers@ietf.org
Subject: WG Action: Formed Detecting Unwanted Location Trackers (dult)

Warning: External Sender - do not click links or open attachments unless you recognize the sender and know the content is safe.


A new IETF WG has been formed in the Security Area. For additional information, please contact the Area Directors or the WG Chairs.

Detecting Unwanted Location Trackers (dult)
-----------------------------------------------------------------------
Current status: BOF WG

Chairs:
  Sean Turner <sean+ietf@sn3rd.com>
  Erica Olsen <eo@nnedv.org>

Assigned Area Director:
  Roman Danyliw <rdd@cert.org>

Security Area Directors:
  Roman Danyliw <rdd@cert.org>
  Paul Wouters <paul.wouters@aiven.io>

Mailing list:
  Address: unwanted-trackers@ietf.org
  To subscribe: https://www.ietf.org/mailman/listinfo/unwanted-trackers
  Archive: https://mailarchive.ietf.org/arch/browse/unwanted-trackers/

Group page: https://datatracker.ietf.org/group/dult/

Charter: https://datatracker.ietf.org/doc/charter-ietf-dult/

## Background

Location-tracking accessories provide numerous benefits to users (e.g., such as being able to find where they left their keys), but can also have security and privacy implications if used for malicious purposes. These accessories can be misused to track another person’s location without their knowledge.

Three major subsystems of an accessory tracking system, i) crowd-sourcing network, ii) unwanted tracker detection, and iii) alerting, providing information about the accessory, and enabling the non-owner to find it, have interfaces that are relevant to unwanted tracking.  These interfaces include:
enrolling in the network, broadcasting an accessory’s presence, non-owner interface for querying information from the accessory, performing non-owner actions such as play sound, querying assets and disablement instructions, querying limited owner information, disabling the accessory, and detection and exclusion of nonconformant accessories.

To address the threat of unwanted tracking, accessory manufacturers have developed independent solutions for protecting users from unwanted tracking.
However, this requires users to know about the threat of unwanted tracking, download multiple apps, and constantly be checking for the threat of unwanted tracking. In order to build a scalable solution for detecting unwanted tracking, trackers require a consistent protocol and set of behaviors that will enable protection from unwanted tracking using any tracker.

## Goals

The goal of the DULT WG is to standardize an application protocol for information exchange between location-tracking accessories and nearby devices, along with actions that these accessories and devices should take once unwanted tracking is detected. This protocol is intended to protect people against being unknowingly tracked. The intent of this WG is to make it easier for arbitrary devices to detect unwanted tracking by these accessories. The protocols and interactions between devices may be limited to certain states or modes, such as the accessory being separated from a paired/owner device.

The working group will define privacy and security properties of its solution, including privacy and security protections for accessory owners when accessories are used appropriately, and evaluate the tradeoffs. The mechanisms specified by the WG will be designed to not create new vectors for user tracking.

The WG's specified mechanisms and protocol design will be guided by an intent
to:

* Minimize hardware changes needed in tracking accessories to implement this protocol; and * Not preclude adoption by manufacturers of larger devices whose primary purpose is not location tracking, but have location tracking capabilities (e.g., headphones, bicycle, smartphone)

## Program of Work

The WG is expected to:

1. Document the current state of the tracker accessory platforms and how these technologies work (with informational document(s))

2. Develop a standards-track protocol ("DULT protocol") between tracking accessories and nearby devices, which will:
        * Specify requirements and a baseline algorithm for determination of
        unwanted tracking * Specify complete message formats for accessories
        to advertise their presence to nearby devices, for one or more
        underlying transports (e.g., Bluetooth, Near Field Communication,
        etc.) * Allow nearby devices to trigger behavior on an unwanted
        tracking accessory to aid in determining its physical location *
        Allow nearby devices to fetch additional information about a tracker
        accessory, including such things as tracker image asset(s) and
        physical disablement instructions * Define privacy and security
        requirements for all messages used for advertisement, interactions
        with crowdsourcing networks, and owners of accessories

3. Develop standards-track guidance that accessory manufacturers can implement to deter malicious use of tracking accessories and support the implementation of the WG-specified protocol which will
        * Include physical security considerations, such as user impact when
        device has been physically modified to diminish detectability and/or
        findability * Include considerations for protecting people that don't
        have a device capable of running a platform-based unwanted tracking
        detection system

4. Develop standards-track guidance for non-owner device platforms necessary to support implementation of the DULT protocol.

The standards-track guidance described above will include mechanisms to ensure that devices that do not correctly implement or adhere to the DULT protocol can be detected and excluded from being trackable via crowdsourced location networks.  These mechanisms will include considerations for addressing legacy trackers that cannot update to the DULT protocol.

The WG will work with gender-based violence experts throughout development of the protocol. Additionally, before publishing the protocol the WG will:

* Carry out a threat analysis and security analysis
* Gather implementation experience

The WG will not define requirements for interactions between accessory manufacturers and law enforcement. The focus of the WG will be on solving the use case of detecting small and not easily-discoverable accessories, supporting any functionality that is necessary for identifying and recognizing such accessories.

Since most of the existing tracking accessories use Bluetooth, the DULT WG will coordinate as needed with the Bluetooth SIG and IETF 6lo WG.

### Milestones

* By July 2025 submit an informational document about the state of tracker accessory platforms and how they work for publication * By July 2025 submit a standards document defining the protocol to detect and interact with unwanted tracker accessories for publication

Milestones:

  Jul 2025 - Submit an informational document about the state of tracker
  accessory platforms and how they work for publication

  Jul 2025 - Submit a standards document defining the protocol to detect and
  interact with unwanted tracker accessories for publication

v2.23.0 | Report a Bug | By Email