-
Notifications
You must be signed in to change notification settings - Fork 291
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Required rotation of deeplinks vehicle identifier #247
Conversation
A stable vehicle identifier in a deeplink poses the same issue as a stable bike_id, and we missed including this in the initial addition of deeplinks.
This disucssion has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
I hereby call a vote on this proposal. Voting will be open for 10 full calendar days until 11:59PM UTC on December 9th, 2021. Please vote for or against the proposal, and include the organization for which you are voting in your comment. Please note if you can commit to implementing the proposal. |
+1 from Transit |
+1 from Google Maps, we use whatever links are present in the feed. |
-1 from Dott, as discussed in the GBFS Developers' Workshop that took place on Tuesday, October 19. I feel that this is not an actual fix to the underlying concern of traceability. An example could be the creation of a mapping of a vehicle's id (and vehicle identifier in this proposal) across time (without a massive effort), potentially rendering the rotation useless. Furthermore, this increases the complexity of the implementation for a little gain and might be a deterrent to have open feeds. |
Entur supports this proposal |
+1 from nextbike |
@viestat Given that we now have 4 votes in favor of this change, I wonder if you might consider changing your position or abstaining from this vote. The governance states that a single vote against kills the proposal so currently it won't pass. The privacy issue posed by the deep link vehicle id has been well documented (see #146 ) and should have been fixed when Since |
Voting on this PR closes in 2 calendar days. Please vote for or against the proposal, and include the organization for which you are voting in your comment. Please note if you can commit to implementing the proposal. |
-1 Spin is NO on this proposal. I agree with @viestat in that it doesn't really fix the problem and just unnecessarily complicates implementations. |
Just a reminder that it was an oversight when bike_id rotation was made required, to not include the deeplinks. It should have been done there. That PR was passed by 7 votes for, 0 against:
|
So I wasn't aware we were doing this for bike_ids. However I am still not entirely sure what this is intending on protecting. If you're trying to make it hard to understand a trip (start / end location) I can see how rotation helps - maybe? If you're trying to protect user privacy I do not see how this helps. But to be consistent with the bike_id which is now rotating, then I think it would make sense to do so - although I still maintain it's an high burden compared to benefit in terms of privacy gained. +1 |
@ncancelliere It is indeed intended to make it more difficult to pinpoint start/end of a trip. That decision was made after a community member was able to identify particularly sensitive trips (including from a high school to a reproductive health care provider). My understanding is that before the rotation of bike_id, most deeplink implementations were using bike_id within the link, and that after rotation, most deeplink implementations would continue using the bike_id that was rotated. |
I am ok to unblock so that it is also consistent with However Dott will not be implementing this anytime soon. +1. |
This vote has now closed, and it passes! Votes in favor: In the end, there were no votes against. Thank you to everyone for spending the time on this one - I know it was a challenging one to pass, especially with folks coming into the conversation after last year’s id rotation was already decided. We hope that this finally addresses the concerns raised in 2019 and we can keep moving forward! We will tag and merge this into v3.0-RC2 in the coming weeks. |
A stable vehicle identifier in a deeplink poses the same issue as a stable bike_id, and we missed including this in the initial addition of deeplinks.