Involuntary Geolocation To Within One Kilometer

← Back to Stories (view on slashdot.org)

Involuntary Geolocation To Within One Kilometer

Posted by Soulskill on Friday April 8, 2011 @01:26AM from the proxy-stock-rising dept.

Schneier's blog tips an article about research into geolocation that can track down a computer's location from its IP address to within 690 meters on average without voluntary disclosure from the target. Quoting: "The first stage measures the time it takes to send a data packet to the target and converts it into a distance – a common geolocation technique that narrows the target's possible location to a radius of around 200 kilometers. Wang and colleagues then send data packets to the known Google Maps landmark servers in this large area to find which routers they pass through. When a landmark machine and the target computer have shared a router, the researchers can compare how long a packet takes to reach each machine from the router; converted into an estimate of distance, this time difference narrows the search down further. 'We shrink the size of the area where the target potentially is,' explains Wang. Finally, they repeat the landmark search at this more fine-grained level: comparing delay times once more, they establish which landmark server is closest to the target."

21 of 207 comments (clear)

Min score:

Reason:

Sort:

implications by Hazel+Bergeron · 2011-04-08 01:30 · Score: 2

I don't know about your internet, but mine involves alternative routes to a particular physical location. Not just because that's how the Internet works, but because there are competing providers. And there are all sorts of things which delay, from WiFi to pipe congestion to intentional prioritisation to the OS having something more interesting to do.
Although I should have stopped reading at "time it takes to send a data packet to the target" - really? How does one measure precisely this?
1. Re:implications by j00r0m4nc3r · 2011-04-08 01:39 · Score: 2, Funny
  
  My internet is just a series of tubes, so all you need to do is measure the distance the hamster travels in the tube. Simple.
2. Re:implications by Rinisari · 2011-04-08 01:43 · Score: 5, Interesting
  
  There was that story a while back about some physicists figuring out that they couldn't send email more than 500 miles.
  Back on topic, I'll bet VPNs throw wrenches in their methods.
  
  --
  Colin Dean Go a year without DRM
3. Re:implications by thomasdz · 2011-04-08 02:19 · Score: 2
  
  My internet is just a series of tubes, so all you need to do is measure the distance the hamster travels in the tube. Simple.
  My internet is also a series of tubes, but I think mine use compressed air to send messages around...so I think you must have "dial-up" and I must have that "high speed broadband".
  
  --
  Karma: Excellent. 15 moderator points expire sometime.
4. Re:implications by mikkelm · 2011-04-08 02:25 · Score: 2
  
  .. Or that one or more of the routers in the path are doing something more important than sending Time Exceeded messages, or that something big and bursty hit one of the pipes, or that the message yielded to higher priority traffic, or any of the many other things that introduce unpredictable delay across the Internet.
  The entire premise is fairly absurd in that, aside from the obvious shortcomings, it completely ignores that A) delay doesn't indicate direction, and B) most ISP access services reach at least 2 miles in any direction, and often 10 miles and more. So how does this guy propose to locate an individual when the last layer 3 hop in the path is a CMTS serving a neighborhood 10 miles to the North, and another neighborhood 10 miles to the South?
5. Re:implications by cgenman · 2011-04-08 03:03 · Score: 3, Informative
  
  It's easier than that. Just figure out how much energy a hamster consumes walking a mile in the tubes. Weigh them when you send them out, and weigh them again when they come back.
  
  --
  The ______ Agenda
6. Re:implications by cgenman · 2011-04-08 03:06 · Score: 2
  
  If it increases marketing responses by even 0.1%, you know it will be standard on every single web ad served up in three years.
  
  --
  The ______ Agenda
7. Re:implications by _0xd0ad · 2011-04-08 03:10 · Score: 2
  
  The best you can do is make it appear you are further away than you really are.
  That's all you need to do. Your network's latency will already make you look farther away than you really are, so the triangulation will have to ignore it.
  If your average ping is 50 ms to LA and 12 ms to NYC, you're probably closer to NYC.
  If you're on a connection with high latency and your ping is 500 ms to LA and 120 ms to NYC, you're still probably closer to NYC.
  So if your real ping is 50 ms to LA and 12 ms to NYC, by delaying long enough before sending responses to servers in NYC it'll appear that you're closer to LA.
8. Re:implications by bennomatic · 2011-04-08 05:16 · Score: 2
  
  Your poor hamster...
  
  --
  The CB App. What's your 20?
9. Re:implications by JWSmythe · 2011-04-08 06:32 · Score: 2
  
  You know, I totally misread the article the first time around, and saw it as saying that it was a Google project.
  Triangulation doesn't really do much for you. You have to consider the routes used. I ran a side project at one job for a while, which mapped routes between our own points. Well, there is a full description here. In doing this, we had traceroutes run about once every 5 minutes.
  I had more detailed reporting that wasn't shown in the portfolio.
  In what the story is referencing, a report showing all nodes that we controlled, to a specific endpoint would be similar. What we'd see is what anyone else who has done the same thing would see. You may get a few distinct routes to the provider, but once inside the ISPs network, it'll generally go down one route. The best you could know with that is a maximum range from the edge of the ISP network to the end user. Using the Google landmark server only gives you a range from the ISP to the Google server. It's less useful as knowing the ISP edge router. Of course, if you don't know where an ISP's edge is, then this would bring it into the right vicinity. With just network information, you can identify me within the correct US Census MSA, or making me effectively one of about 3 million people. I've had a little luck identifying users locations based on IP, but that uses a machine on the same provider, at a geographical edge and watching the latency. For example with one of the providers, the machine I can use is on the far East side of the MSA. Very low latency means they're nearby, within about 10 miles in any direction. Mid-range latency (for the purposes of this, (15ms to 30ms) puts them in the middle, or a 10 to 20 mile radius towards the West. 30ms to 50ms puts them on the far side of the area. That area is bounded by water on the West side, so you don't have anyone farther west. Over 50ms means they are farther than the West boundary, which either means North or South on the Western edge.
  The network topology makes it pretty easy to visualize. I know generally (or sometimes specifically) where several routers are, and they use an extended star topology. Traceroutes are very useful there, since the end user may be doing a lot of traffic, but generally their first uplink connection won't be saturated.
  
  --
  Serious? Seriousness is well above my pay grade.
Distance not the only source of latency by Burdell · 2011-04-08 01:36 · Score: 2

How do they expect to tell the difference between latency due to distance and latency due to protocols, encoding, etc.? For example, a local T1 might have round-trip latency in the 3-4ms range, while a DSL to the same location might be 10ms (in fast mode, even higher for interleaved). A dialup connection will be much higher, while a metro-ethernet might be less than 1ms. All those times also assume no congestion along the path.
Since the speed of a signal in single-mode fiber is about .6 c, each 1ms difference in round-trip latency gives a 90km margin of error.
1. Re:Distance not the only source of latency by Dan+East · 2011-04-08 01:51 · Score: 2
  
  Further, the best accuracy you can obtain with DSL, for example, is the radius of area served by a particular station. The DSL latency times per kilometer are in the dozens of microseconds, so it would not be possible to resolve distances within a DSL service area just by millisecond ping times. In my rural area they push DSL out at least 3 miles. So even if you consider "average" as half of that radius, that gives an accuracy of 2,400 meters. I think they claim to narrow that down by the fact that DSL stations are placed in the center of population centers.
  However, just as scary (in differing ways) is that entities like Google are able to take your position via Google Maps on your cell phone and correlate it with your wireless router's Mac Address (if your phone connects to your wifi). That's how Google knows EXACTLY where I'm at even when from my home PCs now. That is coupled with their wardriving efforts to map out mac addresses directly.
  
  --
  Better known as 318230.
Location steganography by mbone · 2011-04-08 01:40 · Score: 2

Seems like this would be easy to counteract (although at the kernel hack level). All you would have to do is introduce a 30-50 msec time variable delay into all new packet sends (i.e., ICMP responses, first packet of a TCP session, etc.).
In fact, if you encrypt everything, you may get these sorts of delays "for free."
Also, this will not work well if you are using encrypted tunnels or VPNs to access the web. Your delay then is (tunnel delay) + (tunnel end point to attacker delay) + (encryption delays), so you seem a good deal further away than you really are.
Marco Polo by HikingStick · 2011-04-08 01:48 · Score: 2

So, in reality, they figured out a way to use ping responses the way kids at the lake (or pool) play Marco...Polo.

I wonder how many they had already kicked back when they came up with their idea?

Don't get me wrong--it's cool tech, but I continue to be amazed by how so many "new" technologies simply mimic things that already exist in other parts of life. Kudos to the researchers. I think I'd rather spend time at the lake.

--
I use irony whenever I can, but my shirts are still wrinkled...
Similiar Technique used 20 years ago by cavreader · 2011-04-08 01:48 · Score: 5, Interesting

Back in the early 80's a Physic's grad student at Berkley was working in their data center and noticed a descrepency in user usage statistics and started investigating. He was able to isolate the user ID of the unauthorized user by analysing the usage statistics. At the time the user statistics were used for billing computer time. The user was basically trying to use the Berkley system as a proxy for attacks on other systems. He eventually spliced into the network to intercept packets containing the User ID in question and calculated the amount of time it took for those packages to complete a round trip to determine the geo location of the person hacking into the system. At first he thought he was wrong because his calculations based on signal response time said the unauthorized user was 6000 miles away. He later discovered the calculation was correct and the hacker was located in Germany. He published a book called "The Cuckoos Egg" with all the details. It is a really good book.
1. Re:Similiar Technique used 20 years ago by Raenex · 2011-04-08 08:14 · Score: 2
  
  Clifford Stoll is the author (https://secure.wikimedia.org/wikipedia/en/wiki/Clifford_Stoll), and that was my first thought too.
  And he's on Slashdot occasionally, too:
  http://slashdot.org/~Cliff+Stoll
i see 2 points cropping up in the comments: by circletimessquare · 2011-04-08 01:48 · Score: 4, Interesting

1.. "my connection is too weird/ unique/ confabulated/ etc..."
yes, but you are 1% of internet users. the average bloke on a cable modem is reliably caught with this method
2. "there is traffic/ no way to ping/ etc..."
you have a speck of javascript on a webpage that keeps track of timestamps, opens an AJAX XMLHTTPRequest and pings alot, and the server averages things out. voila: you could get 60 samples in the time it takes you to read this comment, and therefore a good lock on your location
INCOMING...

--
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
1. Re:i see 2 points cropping up in the comments: by mikkelm · 2011-04-08 02:37 · Score: 2
  
  How does this get +5, Interesting?
  How far do you think that this "average bloke" on a cable modem is from his CMTS? How far in any other arbitrary direction do you think that another "average bloke" with a CM in the same addressing pool is from the same CMTS?
2. Re:i see 2 points cropping up in the comments: by mikkelm · 2011-04-08 03:07 · Score: 2
  
  No. Not realistically possible even with a single CMTS feeding a single neighborhood.
  Completely impossible is telling your location apart from another customer on the same CMTS, in the same addressing pool, topologically located as far from the CMTS as you are, but in the opposite direction. Unless your electrons carry a compass.
Re:Google Landmark Server? by Waffle+Iron · 2011-04-08 02:13 · Score: 4, Funny

What is a Google Landmark Server?
Always on the lookout for more places to put their server farms, Google has a deal with the National Park Service to rent out unused space in national landmarks. For example, the Washington Monument is hundreds of feet tall, but it has almost no windows. It would be a waste not to fill up the lower floors with server racks. The same goes for other buildings that have no other practical function, such as the Lincoln Memorial and Grant's Tomb.
Unfortunately however, unless a deal is reached within the next few hours, all those servers will probably have to go offline tonight at midnight.
Re:Youngsters by mbone · 2011-04-08 04:20 · Score: 2

If you are just now hearing about Cliff Stoll, get off my lawn!
But not before I tell you about these investment opportunities in blocked Nigerian accounts !