MapSafe QGIS plugin offers location privacy mechanisms for users to protect their datasets before publishing or putting them on maps. The plugin leverages all these security functions in a workflow to offer a complete geoprivacy approach from their familiar desktop application.
Users can first use donut masking or hexagonal binning to obfuscate coordinates, provisioning access to data at lower levels of accuracy.
The resulting datasets, having different levels of detail are then protected using symmetric key encryption, while the passphrase
itself is protected using public key encryption. permitting only intended parties to decrypt it. Finally, to complete the security process,
the final encrypted volume's filename and hash value are notarised on the blockchain as a public record.
Data recipients can use the notarised record to verify the encrypted volume's originality and the original dataset therein,
before decrypting and accessing it.
The plugin aims to solve geoprivacy challenges, not currently addressed in other desktop GIS software, by combining security functions
into a single workflow and graphical environment in QGIS.
Our QGIS-based geoprivacy plugin replicates and advances our recent browser-based geoprivacy tool of the same name https://www.mapsafe.xyz . The ``MapSafe: A complete tool for achieving geospatial data sovereignty'' paper describes how the tool offers a complete approach for sovereign data owners to safeguard sensitive geospatial data by anonymising, encrypting, and notarising it. This QGIS plugin replicates the funcationality within QGIS for a reliable geoprivacy tool for desktop applications.
About Mapsafe
MapSafe completely safeguards sensitive geospatial datasets using obfuscation, encryption, and notarisation. These functions are implemented within the browser using popular open source JavaScript libraries without ever requiring users to install or download any software.
Whether you're a GIS expert, a GIS researcher, or a newbie, if you need to safeguard your geospatial data but aren't quite sure how, MapSafe makes your life easier and brings previously cumbersome geospatial data safeguarding methods into reach.
Safeguarding
MapSafe uses three techniques to completely safeguard sensitive geospatial datasets. These techniques are carried out in a sequential order.
Anonymisation
MapSafe first allows users to use donut masking or hexagonal binning functions to anonymise coordinates. This allows users to share maps with approximate locations without overly affecting any spatial patterns, while preventing exposing sensitive data or violating anyone's privacy.
Encryption
The anonymised geospatial dataset is further protected using encryption where the original data is transformed into a form unrecoverable by an adversary. MapSafe uses the PyCryptodome AES Python library which is native to the Operating System, delievering faster speed.
Notarisation
Finally, MapSafe generates a hash value of the encrypted anonymised geospatial data and notarises it as a public record on the tamper-proof Ethereum blockchain. This approach guarantees that the digital signature remains unchanged and can be used for verification of encrypted datasets.
Access
The verification process compares the before and after hash values of the encrypted file, after which the user can proceed with the decryption and display of the dataset.
Verification
The data receipient party loads the encrypted data, while MapSafe generates a hash value for verification against the hash stored in the blockchain. Matching values signify the volume has not been tampered with, and the user can then proceed with decryption.
Decryption
Decryption uses the encryption key to transform the encrypted data back into the original form. Based on the recipient's privilege, a passphrase of certain length will be shared using which the user decrypts to a certain encrypted level, containing different representations of the original dataset.
Display
In the final step, the geospatial dataset of different resolutions is displayed. Based on their privilege, users will see either the original or a masked representation of the original dataset.