GPS monitoring without extra eyes

"If you are not paranoid, this does not mean that no one is following you." The development of the Internet has taken this statement to a whole new level. It is already possible to track without leaving your home, and the monitoring object itself will voluntarily provide all the information. People post their personal data on the network, but do not always think about who they can access. The login / password and "Show only to friends" are reassuring. It creates the illusion that we control the privacy of our own data. But there are still administrators and authorities who find out everything that interests them, without demand and without your knowledge.

This is a problem for all systems centrally serving many clients. For example, any popular social network has a single data store (possibly distributed), which is available for official purposes for a certain circle of people. Users are gradually becoming aware of the threat: peer-to-peer social networks appear (see links in the article about Pandora ), but they are struggling to make their way.

A similar situation with privacy holds for transport monitoring systems. For them, you can offer a fundamentally different approach, which will allow the user to completely control access to their data. The idea is simple - provide everyone with their own dedicated server in the cloud!

Watch yourself, be careful!

GPS monitoring systems breed like mushrooms after rain. You can come up with a dozen scenarios for their use. For example, a company monitors its own fleet, spouses follow each other, parents follow their children, children follow their dogs, and someone else simply watches their own car. Common for such systems is a web-based interface that allows you to find out not only where the monitoring object is now from any device connected to the Internet, but also see the history of its movements (tracks) or statistics. It is convenient, but is it safe?

Just don’t say that nobody cares about your movements! Tracks can tell too much about your lifestyle: where and when you are and, potentially, what you do there. Where do you live, where do you work? What stores do you go to? What time are you usually not at home? Are you in a country house or on vacation in another country now? And already somehow I do not want to place this data on a foreign server. It would be nice to have your own and keep everything under personal supervision.

Such a service is also offered on the market. Many companies are ready for a fee to install a monitoring system on your server. If, of course, you have it ( judging by the statistics, probably not). And where is the guarantee that it is suitable, compatible with the operating system and installed components? And it is unlikely that you will have the desire to let someone set up there. There is only one solution: start a separate server exclusively for monitoring. But not every IT specialist will be able to deploy his server and correctly (!) Configure it, but for an average average user or a company that does not have a system administrator, this generally seems an impossible task - in terms of complexity or money. Therefore, the process of obtaining and configuring the server should be as automated as possible, and the cost of ownership is not very large. Thus, we are talking about a personal transport monitoring system that focuses just on ordinary people (perhaps generally far from IT) or on small companies.

Cloud-only lightness

Fortunately, there are cloud service providers in the world. You can use AWS services , among which there is EC2 Micro Instance - a virtual cloud server of minimum power, which is quite sufficient to monitor a dozen objects. It is no less pleasant that it is provided free of charge for a trial period, that is, for a whole year.

Typically, to create a server, you need to specify one of the many AMI virtual modules containing images of already configured operating systems, and specify a number of parameters. For an unprepared person this is not easy, but for an advanced person it is boring, although it takes about 20 minutes with a certain dexterity. For a monitoring system, you will need a pre-prepared AMI and a fully automated process for installing and installing the system.

There remains the problem of registering on Amazon and pre-setting the account. There is no effort on the part of the user. In fact, all that is required is to fill out several forms and put checkmarks in the right places in the management console. This may seem like a trifle to the habractor, but again, we are talking about the most ordinary users. For them, filling out forms, especially not localized ones, can be a nontrivial task. In what format should I enter my phone? Why does the address have 2 lines? What to do if there is no bank card or do not want to indicate its data? In general, we need a detailed step-by-step instruction created based on the results of monitoring a test group of users.

As a result, the user receives the key file generated by AWS. These keys are transmitted to the system installation server in order to obtain access parameters to your new server in 5 minutes. During this time, the scripts install AMI, create Amazon S3 storage (Simple Storage Service) for data and backup, configure the server and its components, generate random passwords, start the monitoring system and send access parameters to the user.

It may seem that key transfer is a security bottleneck, because installation scripts may well save them in some database. Therefore, it is better for real paranoid people to independently change all the keys and passwords after installation - already without the help of third parties.

Domus sua cuique est tutissimum refugium

(~ my home is my castle)

Using a personal server provides additional benefits:

• On a shared server, problems from one client can affect the rest. Here your system is, and no one else can be there.
• Theoretical security is higher due to fewer potential vulnerabilities: available scripts, queries, input forms. Having come to your site, a stranger will not be able to go beyond the first page without authentication.
• The possibilities of another application of the server are not limited in any way. If you wish and some experience, you can store any data there or raise a backup FTP. And you can completely forget about vehicle monitoring - a good way to get a configured server in 5 minutes.

And this is not even the most important thing. There is a feeling that the concept of personal servers can radically change the entire Internet. Therefore, it would be very interesting to know the opinion of professionals about this approach.

A monitoring system that implements these principles has already been developed as part of the “proof-of-concept”, it is free and available for review, but before finalizing it and presenting it to the general public, I wanted to put the idea to the test and get a portion of constructive criticism of its security from the habrasociety and weak points.