From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: unwanted-trackers@ietf.org
Reply-To: iesg@ietf.org
Subject: WG Review: Detecting Unwanted Location Trackers (dult)
A new IETF WG has been proposed in the Security Area. The IESG has not made
any determination yet. The following draft charter was submitted, and is
provided for informational purposes only. Please send your comments to the
IESG mailing list (iesg@ietf.org) by 2024-02-26.
Detecting Unwanted Location Trackers (dult)
-----------------------------------------------------------------------
Current status: BOF WG
Chairs:
Sean Turner <sean+ietf@sn3rd.com>
Assigned Area Director:
Roman Danyliw <rdd@cert.org>
Security Area Directors:
Roman Danyliw <rdd@cert.org>
Paul Wouters <paul.wouters@aiven.io>
Mailing list:
Address: unwanted-trackers@ietf.org
To subscribe: https://www.ietf.org/mailman/listinfo/unwanted-trackers
Archive: https://mailarchive.ietf.org/arch/browse/unwanted-trackers/
Group page: https://datatracker.ietf.org/group/dult/
Charter: https://datatracker.ietf.org/doc/charter-ietf-dult/
## Background
Location-tracking accessories provide numerous benefits to users (e.g., such
as being able to find where they left their keys), but can also have security
and privacy implications if used for malicious purposes. These accessories
can be misused to track another person’s location without their knowledge.
Three major subsystems of an accessory tracking system, i) crowd-sourcing
network, ii) unwanted tracker detection, and iii) alerting, providing
information about the accessory, and enabling the non-owner to find it, have
interfaces are relevant to unwanted tracking. These interfaces include:
enrolling in the network, broadcasting an accessory’s presence, non-owner
interface for querying information from the accessory, performing non-owner
actions such as play sound, querying assets and disablement instructions,
querying limited owner information, disabling the accessory, and detection
and exclusion of nonconformant accessories.
To address this threat of unwanted tracking, accessory manufacturers have
developed independent solutions for protecting users from unwanted tracking.
However, this requires users to know about the threat of unwanted tracking,
download multiple apps, and constantly be checking for the threat of unwanted
tracking. In order to build a scalable solution for detecting unwanted
tracking, trackers require a consistent protocol and set of behaviors that
will enable protection from unwanted tracking using any tracker.
## Goals
The goal of the DULT WG is to standardize an application protocol for
information exchange between location-tracking accessories and nearby
devices, along with actions that these accessories and devices should take
once unwanted tracking is detected. This protocol is intended to protect
people against being unknowingly tracked. The intent of this WG is to make it
easier for arbitrary devices to detect unwanted tracking by these
accessories. The protocols and interactions between devices may be limited to
certain states or modes, such as the accessory being separated from a
paired/owner device.
The working group will define privacy and security properties of its
solution, including privacy and security protections for accessory owners
when accessories are used appropriately, and evaluate the tradeoffs. The
mechanisms specified by the WG will be designed to not create new vectors for
user tracking.
The WG's specified mechanisms and protocol design will be guided by an intent
to:
* Minimize hardware changes needed in tracking accessories to implement this
protocol; and * Not preclude adoption by manufacturers of larger devices
whose primary purpose is not location tracking, but have location tracking
capabilities (e.g., headphones, bicycle, smartphone)
## Program of Work
The WG is expected to:
1. Document the current state of the tracker accessory platforms and how
these technologies work (with informational document(s))
2. Develop a standards-track protocol ("DULT protocol") between tracking
accessories and nearby devices, which will:
* Specify requirements and a baseline algorithm for determination of
unwanted tracking * Specify complete message formats for accessories
to advertise their presence to nearby devices, for one or more
underlying transports (e.g., Bluetooth, Near Field Communication,
etc.) * Allow nearby devices to trigger behavior on an unwanted
tracking accessory to aid in determining its physical location *
Allow nearby devices to fetch additional information about a tracker
accessory, including such things as tracker image asset(s) and
physical disablement instructions * Define privacy and security
requirements for all messages used for advertisement, interactions
with crowdsourcing networks, and owners of accessories
3. Develop standards-track guidance that accessory manufacturers can
implement to deter malicious use of tracking accessories and support the
implementation of the WG-specified protocol.
* Include physical security considerations, such as user impact when
device has been physically modified to diminish detectability and/or
findability * Include considerations for protecting people that don't
have a device capable of running a platform-based unwanted tracking
detection system
4. Develop standards-track guidance for non-owner device platforms necessary
to support implementation of the DULT protocol.
The standards-track guidance described above will include mechanisms to
ensure that devices that do not correctly implement or adhere to the DULT
protocol can be detected and excluded from being trackable via crowdsourced
location networks. These mechanisms will include considerations for
addressing legacy trackers that cannot update to the DULT protocol.
The WG will work with gender-based violence experts throughout development of
the protocol. Additionally, before publishing the protocol the WG will:
* Carry out a threat analysis and security analysis
* Gather implementation experience
The WG will not define requirements for interactions between accessory
manufacturers and law enforcement. The focus of the WG will be on solving the
use case of detecting small and not easily-discoverable accessories,
supporting any functionality that is necessary for identifying and
recognizing such accessories.
Since most of the existing tracking accessories use Bluetooth, the DULT WG
will coordinate as needed with the Bluetooth SIG and IETF 6lo WG.
### Milestones
* By July 2025 submit an informational document about the state of tracker
accessory platforms and how they work for publication * By July 2025 submit a
standards document defining the protocol to detect and interact with unwanted
tracker accessories for publication
Milestones:
Jul 2025 - Submit an informational document about the state of tracker
accessory platforms and how they work for publication
Jul 2025 - Submit a standards document defining the protocol to detect and
interact with unwanted tracker accessories for publication
WG action announcement
WG Action Announcement
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>,
dult-chairs@ietf.org,
unwanted-trackers@ietf.org
Subject: WG Action: Formed Detecting Unwanted Location Trackers (dult)
A new IETF WG has been formed in the Security Area. For additional
information, please contact the Area Directors or the WG Chairs.
Detecting Unwanted Location Trackers (dult)
-----------------------------------------------------------------------
Current status: BOF WG
Chairs:
Sean Turner <sean+ietf@sn3rd.com>
Erica Olsen <eo@nnedv.org>
Assigned Area Director:
Roman Danyliw <rdd@cert.org>
Security Area Directors:
Roman Danyliw <rdd@cert.org>
Paul Wouters <paul.wouters@aiven.io>
Mailing list:
Address: unwanted-trackers@ietf.org
To subscribe: https://www.ietf.org/mailman/listinfo/unwanted-trackers
Archive: https://mailarchive.ietf.org/arch/browse/unwanted-trackers/
Group page: https://datatracker.ietf.org/group/dult/
Charter: https://datatracker.ietf.org/doc/charter-ietf-dult/
## Background
Location-tracking accessories provide numerous benefits to users (e.g., such
as being able to find where they left their keys), but can also have security
and privacy implications if used for malicious purposes. These accessories
can be misused to track another person’s location without their knowledge.
Three major subsystems of an accessory tracking system, i) crowd-sourcing
network, ii) unwanted tracker detection, and iii) alerting, providing
information about the accessory, and enabling the non-owner to find it, have
interfaces that are relevant to unwanted tracking. These interfaces include:
enrolling in the network, broadcasting an accessory’s presence, non-owner
interface for querying information from the accessory, performing non-owner
actions such as play sound, querying assets and disablement instructions,
querying limited owner information, disabling the accessory, and detection
and exclusion of nonconformant accessories.
To address the threat of unwanted tracking, accessory manufacturers have
developed independent solutions for protecting users from unwanted tracking.
However, this requires users to know about the threat of unwanted tracking,
download multiple apps, and constantly be checking for the threat of unwanted
tracking. In order to build a scalable solution for detecting unwanted
tracking, trackers require a consistent protocol and set of behaviors that
will enable protection from unwanted tracking using any tracker.
## Goals
The goal of the DULT WG is to standardize an application protocol for
information exchange between location-tracking accessories and nearby
devices, along with actions that these accessories and devices should take
once unwanted tracking is detected. This protocol is intended to protect
people against being unknowingly tracked. The intent of this WG is to make it
easier for arbitrary devices to detect unwanted tracking by these
accessories. The protocols and interactions between devices may be limited to
certain states or modes, such as the accessory being separated from a
paired/owner device.
The working group will define privacy and security properties of its
solution, including privacy and security protections for accessory owners
when accessories are used appropriately, and evaluate the tradeoffs. The
mechanisms specified by the WG will be designed to not create new vectors for
user tracking.
The WG's specified mechanisms and protocol design will be guided by an intent
to:
* Minimize hardware changes needed in tracking accessories to implement this
protocol; and * Not preclude adoption by manufacturers of larger devices
whose primary purpose is not location tracking, but have location tracking
capabilities (e.g., headphones, bicycle, smartphone)
## Program of Work
The WG is expected to:
1. Document the current state of the tracker accessory platforms and how
these technologies work (with informational document(s))
2. Develop a standards-track protocol ("DULT protocol") between tracking
accessories and nearby devices, which will:
* Specify requirements and a baseline algorithm for determination of
unwanted tracking * Specify complete message formats for accessories
to advertise their presence to nearby devices, for one or more
underlying transports (e.g., Bluetooth, Near Field Communication,
etc.) * Allow nearby devices to trigger behavior on an unwanted
tracking accessory to aid in determining its physical location *
Allow nearby devices to fetch additional information about a tracker
accessory, including such things as tracker image asset(s) and
physical disablement instructions * Define privacy and security
requirements for all messages used for advertisement, interactions
with crowdsourcing networks, and owners of accessories
3. Develop standards-track guidance that accessory manufacturers can
implement to deter malicious use of tracking accessories and support the
implementation of the WG-specified protocol which will
* Include physical security considerations, such as user impact when
device has been physically modified to diminish detectability and/or
findability * Include considerations for protecting people that don't
have a device capable of running a platform-based unwanted tracking
detection system
4. Develop standards-track guidance for non-owner device platforms necessary
to support implementation of the DULT protocol.
The standards-track guidance described above will include mechanisms to
ensure that devices that do not correctly implement or adhere to the DULT
protocol can be detected and excluded from being trackable via crowdsourced
location networks. These mechanisms will include considerations for
addressing legacy trackers that cannot update to the DULT protocol.
The WG will work with gender-based violence experts throughout development of
the protocol. Additionally, before publishing the protocol the WG will:
* Carry out a threat analysis and security analysis
* Gather implementation experience
The WG will not define requirements for interactions between accessory
manufacturers and law enforcement. The focus of the WG will be on solving the
use case of detecting small and not easily-discoverable accessories,
supporting any functionality that is necessary for identifying and
recognizing such accessories.
Since most of the existing tracking accessories use Bluetooth, the DULT WG
will coordinate as needed with the Bluetooth SIG and IETF 6lo WG.
### Milestones
* By July 2025 submit an informational document about the state of tracker
accessory platforms and how they work for publication * By July 2025 submit a
standards document defining the protocol to detect and interact with unwanted
tracker accessories for publication
Milestones:
Jul 2025 - Submit an informational document about the state of tracker
accessory platforms and how they work for publication
Jul 2025 - Submit a standards document defining the protocol to detect and
interact with unwanted tracker accessories for publication