Thursday, June 16, 2005

Prevention of GeoSpatial SPAM – A Solution!!!

Oreillynet has an article titled: The Geospatial Web: A Call to Action

It lists out 10 action points we need for creating a “Sustainable GeoSpatial Web”. I quote the ninth point from that list -

9. Vigorous, well-funded, productive R&D focused on the prevention of geospatial spam.
Quite a few geobloggers have attempted to put geocoordinates in the head and meta sections of HTML documents. However, this approach hasn't been widely accepted, because pages are not searchable by location. The problem, while still hypothetical, is spatial spam. There's nothing to prohibit spammers from putting multiple locations in the HTML of a single page so that the page shows up in searches for different locations. Based on early, painful experience with meta tag spam, search engines just ignore meta tags altogether. Spatial spam is one problem we can anticipate before it happens. Let's figure out a solution.

If you are wondering what this is all about… I guess you have not heard about the following:
1. maps.google.com and google map hacks.
2. Geo Blogging.
3. The Where 2.0 conference.
4. GPS.
5. GPS Camera Phone.
If the above terms look like Chinese to you, then check out my earlier post titled “The GeoSpatial Web – Backgrounder”.

Every photo on this planet needs to have its longitude and latitude co-ordinates and Time embedded (invisibly as exif data). This allows us to query very specific details in general. For Example: You could ask :
  • Show all Photos taken in Afghanistan between 4 am to 10 am on 15th September 2005.
  • Show all marriage photos of marriages conducted at a particular resort so you glean some hints of how you could plan your own wedding there.
  • Crime statistics on Maps.
  • Pollution sources marked on Maps.
  • The list just goes on… Check out this long list if you want.

GPS camera phones can embed co-ordinates and time into photographs. But users will soon fill in fake co-ordinates to put promotional / advertising material onto the maps. One solution to this problem is to use manual labor to sort out the correctly marked co-ordinates from the false ones. One may use user ratings, wiki like mechanisms etc. However it is still a very hard process especially when you can expect each Camera or Camera Phone owner to be uploading hundreds and thousands of photos.

[[Disclaimer: First let me confess, I have not done an extensive search to confirm if some one has already come up / patented this idea. The hope is that this counts as prior art if I am indeed the first one to come up with it so that no one in the future can patent it. I have also posted this on www.shouldexist.org with the same intention.]]

My suggestion :

A GPS Camera Phone with hardware that “Digitally Signs” photos it takes along with its metadata like co-ordinates and time.

If you are new to the concept of Digital Signatures Please look up my earlier post titled “Backgrounder - Digital Signatures”. Else Please continue reading...

Ok so here is what happens.
  • The camera has one or more Public/Private Key pairs. The private keys are generated and stored in the hardware in such a manner that to get to the keys you will need to rip apart the IC and get the keys. The Public keys are available to the public.
  • Before the cameras are shipped for distribution, the manufacturer (who would be the Certifying Authority CA in this case) vendor issues a Digital Certificate saying that the particular Public Key/Keys correspond to Private keys embedded inside Cameras manufactured by them).
  • The camera captures the GPS, co-ordinates and time and puts it inside the EXIF data. (Note: time can be verified using the GPS subsystem itself. For more details pls check Wikipedia).
  • The camera signs the image with the EXIF data and inserts the signature also into the image as EXIF data.

Whenever a site like GeoBloggers comes across photos which contain co-ordinates that are signed… It can be sure that these photos were taken at the mentioned co-ordinates and time.

How hard is this for the users?
Users do not need to know anything. Just buy a signature enabled GPS camera phone.. Snap and send photo. Nothing more!!!

How hard is it for manufacturers?
As phones are becoming smarter and the usage of https or secure connections increase, the need for cryptographic hardware on phones increases anyway. So in fact this feature won’t cost the Mobile manufacturers much extra except for a change in attitude. Also just look at how affordable RSA security gadgets have become now a days…

How hard is it for flickr, geoblogger etc?
For Flickr or geoblogger the signatures are just EXIF data. Signature verification algorithms/libraries are already available. They just need to hook them up!!!

And here is another hidden benefit free…
Once the infrastructure is in place, you can confirm not only the co-ordinates and time on a photo but also that the photo itself is unaltered and is as seen by the camera.

Does that mean that once the system becomes prevalent, those who have older cameras or camera-phones will not be able to use their devices?
Suppose the geotagged items are displayed on a map, then links to
1. All "camera signed snaps" can be shown with say Blue Push Pins.
2. The ones approved by a moderator can be shown with say Green Push Pins.
3. The ones that have been there for a long time and not removed by the moderator say with Yellow Push Pins.
4. The new ones with Orange Push Pins.
5. Those reported as Spam with Red Push Pins.
The user will have the choice about the type of Links he would like to see.

Do you think there is a trivial way of bypassing the GeoSpatial Spam Prevention Method mentioned here?

Do you think the cost involved would be too high? If so what according to you would be the most expensive aspect of the system? Can u Justify?

Do you think there are easier ways of accomplishing the same or better results? if so what are they?

Looking forward to an intellignt discussion in the comments...