If their fix uses random noise per api call they are again vulnerable (just take the average of the each result).
Also again reduced precision on the reported distance won't fix the issue, you can sweep the map for changes in the last digit (by changing the attackers reported position)
They must reduce the precision of the users input not the reported distances precision.
ps. the problem in here is the accuracy not the precision
They must reduce the precision of the users input not the reported distances precision.
That's an interesting idea: randomly perturbing a user's reported location.
I've been developing a social network app that, in v1 (development was outsourced to someone else), sent the distance to a particular profile (I'm not sure how accurately). In v2, I wasn't sure what to do so I've left it out, but it's currently at number 3 on my TODO list.
In our case, it's pretty important to be able to do location sorting client side. We have the geo extensions for SQLite and are intending on using that.
So, question: if I randomly perturbed user's locations reported to the server by anywhere from 1-5 miles, would that be sufficient to ensure privacy, while also enabling the app feature, which only needs precision at the level of a few miles?
UPDATE: I thought about this some more, and what I'd do is the following:
1. Take the location of the device and make it imprecise, but accurate. For example, it could be anywhere within a five square mile radius, but it really would be within that radius.
2. On a per-user basis, pseudo-randomly but deterministically perturb the imprecise location for that user, to generate the stored location.
The second requirement is to prevent averaging multiple location updates for the same person over time, to pinpoint a location. Each user would have a different random, but deterministic offset for each five square mile area on the globe.
The perturbed location for that device in that area would be the same for everyone, so you wouldn't be able to merge the output of multiple users "view" of that device's location to increase accuracy, either.
It really depends on what your trying to do - you might be overthinking it. I think rounding all inputs to the nearest minute or two of latitude and longitude is probably sufficient for most cases... Basically, treating the world as a grid of some sort, and dealing in exact points at that level.
Also again reduced precision on the reported distance won't fix the issue, you can sweep the map for changes in the last digit (by changing the attackers reported position)
They must reduce the precision of the users input not the reported distances precision.
ps. the problem in here is the accuracy not the precision