Skip to content(if available)orjump to list(if available)

Traffic Light Protocol

Traffic Light Protocol

19 comments

·October 24, 2025
Visit

lbourdages

I was at a security conference recently and one of the presentations had some TLP:RED slides in it.

I couldn't help but find that pointless. The conference is open to the public, the only barrier to entry being a small amount of money to purchase a ticket. How would that prevent bad actors from signing up to access the sensitive information?

It absolutely makes sense when used within an organization where access/membership is properly vetted, but there, I feel like there was no point.

ape4

Wikipedia article: https://en.wikipedia.org/wiki/Traffic_Light_Protocol

Its NOT about controlling traffic lights. Some are networked ("synchronized") so it might be interesting to read about how that's done. https://en.wikipedia.org/wiki/Traffic_light_control_and_coor...

hexomancer

Yeah I got exited thinking this is about traffic lights. I use a bike to commute to work and recently I was thinking if I could adjust my cycling cadence so that I never hit a red light, but unfortunately the timing of the traffic lights in my city is not constant. If there was a publicly accessible API to get the current timing info, I could write an app to do that.

helterskelter

If you're in America, take a look at the strobe on top of school busses. I'm not sure if they still have them (they used to). It would flash at a specific frequency and trip a photovoltaic sensor connected to the traffic light, which would turn it green so the kids aren't late for class. If you had a bright enough strobe which flashed at the same frequency...you get the idea.

dylan604

I never heard about this being used on school busses. This was always something for emergency services like firetrucks/ambulances to not have to sit in traffic at a red light, but it was only active if they were actively responding to a call with their lights on. Otherwise, they sit at the lights too.

pavel_lishin

Is that actually true? I've heard of ambulances & police cars having such devices, but they were supposed to be infrared.

The last time I saw the strobe on top of a school bus active, it was when I was a passenger in one, driving down the freeway at night, and it wasn't strobing particularly fast. It's possible that our driver just forgot to turn it off, I suppose - he was that kind of guy.

jagged-chisel

Emergency vehicles have devices that announce their presence to get traffic lights to change in their favor. “Kids being late to class” is not on the order of importance to create a complex scheme to change traffic lights based on strobe lights from a bus.

Sounds like urban legend.

woodruffw

I've always found TLP confusing: it's not really clear (despite definition) what a community or organization is, which means that there's no clear decision procedure for determining whether a degree of access has been violated.

In my experience doing security embargos/disclosures, it's a lot easier to just explicitly enumerate the set of people/organizational entities who should be given access to non-public information.

yohannparis

From the protocol the community and organization needs to be defined by the source of the information. If not, then it cannot be shared without request from the source. They even have example for those situations.

woodruffw

It's not clear to me that I'm not able to meaningfully define these things, or that I'm even remotely unique in being unable to!

sxzygz

Since you’re being abstruse, consider information by definition is in possession by an entity (or rephrased a property of a system). For that information to move the system needs to be brought into contact with another system, and it is the nature of this contact that is being policed. If information doesn’t have an ambient system that is discernible then there is no distinction to be made if its sensitivity—it may as well be noise.

MattSayar

In practice, "organization" usually means your company or business. "The community" usually means an Information Sharing and Analysis Center (ISAC) aka a group of similar orgs that share information with each other; think financial services companies in the US, or energy companies in Japan.