Is the Remote ID a Threat to the Drone's Location Privacy on the Internet of Drones?

The Remote ID is a rule proposed by the Federal Aviation Administration (FAA) of the United States to provide a safer environment for drones. It consists of broadcasting standard messages containing sensitive drone information, for instance, its identity and location. However, this rule can be a threat to the drones' privacy since the information is broadcast as cleartext, and any device with a Remote ID module can store the data. In this study, we technically demonstrate that Remote ID is a risk to the drone's location privacy, mainly in the envisioned Internet of Drones (IoD) scenario. We design a location-based attack to track the drone's trajectory based on the Remote ID message. We highlight that the attack can correctly identify more than 90% of a drone's trajectory through extensive simulations. Furthermore, we discuss that existent IoD protection mechanisms meet the Remote ID specification and can be applied as an enhanced version of this protocol. Indeed, our results also reveal that these mechanisms can mitigate the attack's success, providing a proper level of location privacy. (AU)