(The source version of this essay can be found at Open Source Medical Supplies, long with other explanation: https://opensourcemedicalsupplies.org/gosqas)
Free Lightweight Global Distributed Tracking for Makers
Written by: Robert L. Read, Christina A. Cole, and Victoria Jaqua (October 25, 2023)
Lightweight Tracking Of an Object
Tracking an object or make means recording its history—when it was made, who has had custody of it, where it has been, and the opinions of the people who have interacted with it. This history is called the object’s provenance. Because Makers like to share their objects but value privacy, they desire a lightweight provenance generation system that doesn’t require trust, doesn’t share personal information, or requires cumbersome authentication. It doesn’t collect data that people don’t explicitly provide.
Global Distributed Tracking, or GDT, a project of the Global Open Source Quality Assurance System (GOSQAS) nonprofit, accomplishes this through a light use of cryptography and ruthless adherence to what we call The Provenance Principle:
Anyone who can physically handle an object has the right both to see the provenance of the object and to add to it but not to change or delete it.
Our system builds up an immutable, indelibly timestamped chain of records related to an object that is private to those who have made, owned, or handled the object. It is a compromise between security and convenience that solves many difficult problems for geographically distributed makers.
What It Can Do for Makers
Suppose you make something and give it or sell it to someone. You want them to easily give you feedback on your make. Maybe you want to know if a child enjoys your toy or if the garment you made fits them well.
Feedback can be collected simply by attaching a QR code to the object that, when scanned with a smartphone, shows the provenance of the record. The provenance page displays a short text box where a recipient may write a comment, enter some tags, record an action, upload a picture, or just rate the object.
The GOSQAS website (https://gosqas.org/) lets you start a new provenance for an object. It creates a QR code (a .png image) that, when scanned, takes you to the provenance. It also creates a secret key in the URL that the QR encodes, but in practice, many users will never need to know that the key even exists and just think of the QR code as the key to the provenance. The Maker need only add the QR to the make by putting a sticker on it or its box, printing the QR code on the instructions, laser etching it onto the object, 3D printing it onto the object, sewing an embroidered tag in, or by any other method that will work with a smartphone. For example, here is a QR code for this very paper, where you (and anyone else) can comment on it:
Just point your phone at it and, in the first record of the provenance, you will find a URL to this paper.
Our system does not currently provide a notification system, although creating such a system is on our to-do list. Currently, you won’t be informed when someone has added to the provenance of a record, but you can look at the record anytime you want exactly the same way any user does—by pointing your phone at a QR code that you printed and retained for your records.
Here are some specific ways you can use the system:
- Does your makerspace need to record calibration and cleaning on your fabrication equipment? Print a QR code in which maintenance schedules can be documented.
- You ask users to provide feedback on a game or toy that you make after they have played with it for a while. Are the toys still in circulation 5 years later? Been regifted? If you sell enough, you may get enough people to enter a provenance record to get a statistical picture.
- When a terrible disaster struck, you answered the call. You made and distributed items to save lives or relieve suffering. Wouldn’t it be nice to know that it was actually used or if it just sat on a shelf somewhere? What if you wanted to financially support makers working for humanitarian relief? If you asked donation recipients to use GDT, you might have greater confidence that your generous gift would not be misused or stolen.
- For a machine or garment that requires special maintenance, you could add a QR code, document instructions such as oiling or hand-washing, and then add the instructions as the first record of the provenance where it will be visible to all viewers. The sweater to the right was hand-knit by Kelly Carlisle and is hand-wash only.
Maybe you’ve been to a dozen Maker Faires showing off your makes, but have your ecorded when and where you were each time? You can make a QR code and keep it private just to yourself and update it at each event,much like the travel stickers on a musician’s instrument case. (Wolfgang H. Wögerer, Wien, Austria., CC BY-SA 3.0 <https://creativecommons.org/licenses/by-sa/3.0>, via Wikimedia Commons)- Are you one of the few lucky Makers or Artists whose work is popular enough to be counterfeited? Since the dawn of history, humanity has battled forgers by knowing the provenance of an object—the history of who owned it and kept it where during what period of time. You can begin the provenance of your make and encourage its development with GDT.
- Provenance can increase value to collectors. Did Buzz Aldrin look through your telescope? Did some famous actor try on some of your cosplay gear? If so, start a provenance record to capture that fact. Like a book signed by the author, your make can be (slightly) more precious.
- Let’s say you’re an installation or gallery artist. When will your installation be removed? Would you like feedback from gallery members? Adding a QR code next to your piece encourages fan interaction.
- Makers gonna make. Hackers gonna hack. You can probably come up with more ideas for how to use GDT than we can!
Making Effective Use of QR Codes
To add provenance to a record, what really matters is the URL. But, since the URL has a 128-bit random string that, in practice, is about 24 characters long, it is pretty tedious to type. We suspect 99% of the usage of GDT will be done through QR codes. That is why we generate a QR code for you whenever you press the button to generate a new key. Of course, you can create your own QR code from the URL embedding the key as well.
For example, you may add your logo in the middle of the QR image. We also offer tools for generating hundreds of keys and downloading a .png QR code for each one.
There are many ways to put a QR code on a make or a box. Just printing a sticker and labeling the object’s box is the easiest way. With a bit of computer expertise, you can easily format and print stickers of any size that you can buy or even perforate your own size.
At Maker Faire Bay Area 2023, we used the following trick: Print each QR code twice, one on a removable sticker and one on the sheet you intend to retain. Then put the sticker on the make or the box. Now the retained sheet lets you easily get back to the provenance for all your makes using your phone. If you need to, you can leave a blank space beside your retained QR code to write in a short description of the item you are tracking. You can, of course, keep a spreadsheet of the URLs for your records.
If you don’t want to use stickers, there is nothing wrong with using transparent tape to attach a simple printed piece of paper.
However, a sticker is not as durable as an etching made with a laser cutter, a relief 3D printed, or a printed or computer-embroidered fabric tag. A digital graphic artist could, of course, embed the QR code as a digital “signature” next to their autograph.
If you want to, you can add a record to each provenance to get it started, such as “pink gloves,” “Cthulhu Hat,” or “Flux Capacitor V2.3”. You might want to proudly state something like “made by Robert L. Read at the Austin Hackerspace” as the first record in the provenance, or add more identification such as physical address and professional credentials.
Since GDT is not yet well-known, people may think the QR code is just a promotional URL. They may not realize they can and should add comments to the provenance! You may wish to print a brief instruction near the QR code, like “Scan and comment,” “Scan and rate our product,” or “Scan and upload a photo of the frobulator frobbing.”
Remember, the GDT system does not record IP addresses, identity, or even geolocation, though it does indelibly record the timestamp of each new record. If you want to know where your make is, you need to ask your users to add their location to the comment. If you want to know who they are, ask them to give a name—maybe just a first name would be best.
If you make a lot of indistinguishable objects, you could just use one QR code for all of them. However, then there will only be ONE provenance. No matter where they go, everybody will see the same provenance. It may be interesting, but you won’t be able to distinguish one device from another. If you think of your makes as having serial numbers, they should probably have separate provenances.
In the act of using our system, you may misplace a key. You might forget to store either the key or a copy of the QR code. No sweat! They cost us about a thousandth of a penny to make—so just make more! But be warned—we do not store keys. If you send out a box with a QR code and you don’t have a copy of it, you will never be able to see the provenance record unless you recover the box. If all copies of a key are lost, that record is an “orphan” and lost forever, and nobody will ever be able to read it—not even us.
How Does GDT Work?
GDT is free-libre open source software released under the AGPL so that you can examine the code yourself. It is surprisingly simple. It is currently implemented with less than a thousand lines of Typescript via a Fastify server that uses SQLite as its back end (though it uses no features of SQL). It is currently hosted at a Heroku instance.
When it is asked to generate a new key, it generates a random 128-bit number and turns this into a human-readable 24-character Base58 string. A standard open-source one-way hashing function, AES CBC 128, is then applied to this random key to generate a “Device ID,” which becomes the primary key in the database. The device key itself is NOT placed in the database.
An initial record is created with the Device ID key. Thereafter, any new provenance records added to it are added to a chain. The contents of each record are totally encrypted with the device key; if you don’t have the device key, you cannot read the records. We can therefore make the database readable to the entire world with no danger that anyone can read the encrypted data. This is an essential feature because it means there is nothing for a black-hat hacker to steal.
Our database and URL are, however, a central point. Our system is not yet “distributed” in the sense that blockchain is distributed. It depends on us to host it. However, as a safety precaution, we intend to allow others to download the database to begin hosting if necessary.
How Does GDT Fight Counterfeiting?
GDT fights counterfeiting by organizing documentation and allowing a community of people, unknown to each other and not formally collaborating, to cooperatively make transparent the provenance of a device. History has already shown us that a rich provenance through time and space is almost impossible to forge. If the provenance contains chain-of-custody and detailed descriptions that let you identify forgeries, it can make a device trustworthy and make counterfeits, fraud, and theft detectable and unprofitable. In a sense, it does this simply by making it easy to associate assertions about the device.
How do we know this Sonic Screwdriver is really a Sonic Screwdriver? Do we have a good provenance for it? (Chris Sampson, CC BY 2.0 <https://creativecommons.org/licenses/by/2.0>, via Wikimedia Commons)
Because GDT is voluntary, the provenance is only as good as the amount of data it contains. For example, if a humanitarian device is made in San Francisco and eventually deployed to a relief agency in Tanzania, it has gone through a long chain of custody. The more provenance records entered along the way, the more trust the Tanzanian recipient will have that the device is a high-quality, authentic device. Since we have made it easy to create provenance, each person in this custody chain is incentivized to be a good actor preventing fraud and theft. From a business standpoint, what better way to build a reputation for trustworthy action than to frequently build provenance records?
Where Did it Come From?
In October of 2022, two non-profits, Open Source Medical Supplies and Public Invention, called a public meeting to address the problem of quality assurance of open source medical supplies and devices. To our delight, over a dozen other non-profits and University researchers agreed this was a pressing global problem and joined the Global Open Source Quality Assurance System (GOSQAS) alliance.
Having established the need for a lightweight, easy-to-use global provenance system in a white paper and described unique use-cases, we began architecting the Global Distributed Tracking website, most of which was coded by Harry Pierson. In October of 2023, we had a table and demo at Maker Faire Bay Area and received much-needed validation that we were on the right track.
The origin of GDT was to fight counterfeiting and theft of medical devices, a phenomenon observed during the pandemic. But, just like the Arduino eco-system and 3D printing, any tool or ecosystem becomes stronger when a hundred thousand Makers use it. We, therefore, want this to be widely used by the Maker community. By tracking your Whovian earrings and Star Wars cosplay gear, you will be indirectly saving lives by making GDT into a well-understood and widely accepted global tool—not unlike Wikipedia, we hope.
Where Is It Going?
GDT can empower individual Makers by making their goods more trustworthy and credible than they have ever been before. We like to imagine a virtual flash mob of tens of thousands of makers expertly using GDT for their business or artistic purposes, and empowered to action whenever a community needs their expertise. Makers want to help. They deserve a robust, transparent tracking platform as a partner in their making enterprise.
Like almost all software systems, GDT needs improvements. We are actively recruiting volunteers and potentially small contract positions for very specific roles —perhaps you, dear reader, will join the team? (Contact gosqasystem@gmail.com.)
GOSQAS is fundraising for services and programming. We are in the process of registering GOSQAS as a nonprofit and will pursue 501c3 status. In the interim, tax-deductible donations may be made through our fiscal sponsor, Public Invention, and earmarked for GOSQAS.
Following standard industry best practices, we are using a git repository and an issue tracking system to organize our work and to allow input from you, the potential user. Anyone can read our code. Anyone can make a pull request suggesting an improvement. Anyone can report a bug or suggest an improvement.
Just as much as we need coders, artists, marketers, and tech writers, we need users! The more Makers use the GDT system, the sooner it will be a polished, reliable, and, most importantly, an understood and trusted global tool.
References
Barton, A. (2023, September 21). The Global Open Source Quality Assurance System
(GOSQAS): Does it fulfill the requirements of a customer complaint system for the production
and distribution of regulated medical devices made in the United States?. Google Drive.
https://drive.google.com/file/d/18Y6GDyqTxMyNWZWuzncJTz2s_t0bghoF/view
Read, R., Pierson, H., & Cole, C. (2023, June 7). Gosqasorg/asset-provenance-tracking.
GitHub. https://github.com/gosqasorg/asset-provenance-tracking
Snipe-It, Open Source IT Asset Management. Snipe-It. (n.d.). https://snipeitapp.com/
Wikimedia Foundation. (2023, June 25). Global Trade Item Number. Wikipedia.
https://en.wikipedia.org/wiki/Global_Trade_Item_Number
Security FAQ
We believe GDT has found a “sweet spot” that balances convenience with security. It has weaknesses and flaws which do not prevent it from being useful. Discussing these weaknesses informs the Makers decision to use it.
Vandalization
The biggest weakness is not a bug but an inherent feature. Anyone who has handled the device can copy the QR code (and the key) and add deceitful material to the provenance record. If a bad actor is in a warehouse or walks by a Maker booth, they could take a picture of the QR code on a device and then add an offensive photograph to the record. A maker might share their QR code on social media, unintentionally allowing internet trolls to vandalize the provenance record.
Of course, a bad actor in a warehouse could attempt to steal or destroy the device, so we must keep this risk in context. If a key is compromised, it partially compromises the provenance of the device, but only the provenance of that specific device. If your supply chain is physically secure, then it is secure from this risk. Even if a provenance record is vandalized, that cannot destroy the records that are already added or the records that will be added in the future. The ability to hide, but not delete, offensive images is a future enhancement.
Currently, vandalization risk seems miniscule when compared to the benefits of GDT.
Key Storage
At present, the user must trust that we (GOSQAS) are not actually storing keys to spy on their data. Fixing this is a future enhancement.
GitHub Link: https://opensourcemedicalsupplies.org/gosqas/