Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Involuntary Geolocation To Within One Kilometer

Soulskill posted more than 3 years ago | from the proxy-stock-rising dept.

Privacy 207

Schneier's blog tips an article about research into geolocation that can track down a computer's location from its IP address to within 690 meters on average without voluntary disclosure from the target. Quoting: "The first stage measures the time it takes to send a data packet to the target and converts it into a distance – a common geolocation technique that narrows the target's possible location to a radius of around 200 kilometers. Wang and colleagues then send data packets to the known Google Maps landmark servers in this large area to find which routers they pass through. When a landmark machine and the target computer have shared a router, the researchers can compare how long a packet takes to reach each machine from the router; converted into an estimate of distance, this time difference narrows the search down further. 'We shrink the size of the area where the target potentially is,' explains Wang. Finally, they repeat the landmark search at this more fine-grained level: comparing delay times once more, they establish which landmark server is closest to the target."

Sorry! There are no comments related to the filter you selected.

Involuntary Nullification (0, Troll)

Smidge207 (1278042) | more than 3 years ago | (#35756398)

Rob Malda is a 26-year old white male with a stocky build and a beard. His head is shaved. He responded to my ad to be interviewed for this article wearing only leather pants, leather boots and a leather vest. I could see that both of his nipples were pierced with large-gauge silver rings.

Questioner: I hope you won't be offended if I ask you to prove to me that you're a nullo. Just so that our readers will know that this isn't a fake.

Rob: Sure, no problem. (stands and unbuckles pants and drops them to his ankles, revealing a smooth, shaven crotch with only a thin scar to show where his genitals once were).

Q: Thank you. That's a remarkable sight.

(laughs and pulls pants back up). Most people think so.

Q: What made you decide to become a nullo?

(pauses). Well, it really wasn't entirely my decision.

Q: Excuse me?

The idea wasn't mine. It was my lover's idea.

Q: Please explain what you mean.

Okay, it's a long story. You have to understand my relationship with Michael before you'll know what happened.

Q: We have plenty of time. Please go on.

Both of us were into the leather lifestyle when we met through a personal ad. Michael's ad was very specific: he was looking for someone to completely dominate and modify to his pleasure. In other word, a slave.

The ad intrigued me. I had been in a number of B&D scenes and also some S&M, but I found them unsatisfying because they were all temporary. After the fun was over, everybody went on with life as usual.

I was looking for a complete life change. I wanted to meet someone who would be part of my life forever. Someone who would control me and change me at his whim.

Q: In other words, you're a true masochist.

Oh yes, no doubt about that. I've always been totally passive in my sexual relationships.

Anyway, we met and there was instant chemistry. Michael is a few years older than me and very good looking. Our personalities meshed totally. He's very dominant.

I went back to his place after drinks and had the best sex of my life. That's when I knew I was going to be with Michael for a long, long time.

Q: What sort of things did you two do?

It was very heavy right away. He restrained me and whipped me for quite awhile. He put clamps on my nipples and a ball gag in my mouth. And he hung a ball bag on my sack with some very heavy weights. That bag really bounced around when Michael fucked me from behind.

Q: Ouch.

(laughs) Yeah, no kidding. At first I didn't think I could take the pain, but Michael worked me through it and after awhile I was flying. I was sorry when it was over.

Michael enjoyed it as much as I did. Afterwards he talked about what kind of a commitment I'd have to make if I wanted to stay with him.

Q: What did he say exactly?

Well, besides agreeing to be his slave in every way, I'd have to be ready to be modified. To have my body modified.

Q: Did he explain what he meant by that?

Not specifically, but I got the general idea. I guessed that something like castration might be part of it.

Q: How did that make you feel?

(laughs) I think it would make any guy a little hesitant.

Q: But it didn't stop you from agreeing to Michael's terms?

No it didn't. I was totally hooked on this man. I knew that I was willing to pay any price to be with him.

Anyway, a few days later I moved in with Michael. He gave me the rules right away: I'd have to be naked at all times while we were indoors, except for a leather dog collar that I could never take off. I had to keep my head shaved. And I had to wear a butt plug except when I needed to take a shit or when we were having sex.

I had to sleep on the floor next to his bed. I ate all my food on the floor, too.

The next day he took me to a piercing parlor where he had my nipples done, and a Prince Albert put into the head of my cock.

Q: Heavy stuff.

Yeah, and it got heavier. He used me as a toilet, pissing in my mouth. I had to lick his asshole clean after he took a shit, too. It was all part of a process to break down any sense of individuality I had. After awhile, I wouldn't hesitate to do anything he asked.

Q: Did the sex get rougher?

Oh God, yeah. He started fisting me every time we had sex. But he really started concentrating on my cock and balls, working them over for hours at a time.

He put pins into the head of my cock and into my sack. He attached clothespins up and down my cock and around my sack. The pain was pretty bad. He had to gag me to keep me from screaming.

Q: When did the idea of nullification come up?

Well, it wasn't nullification at first. He started talking about how I needed to make a greater commitment to him, to do something to show that I was dedicated to him for life.

When I asked him what he meant, he said that he wanted to take my balls.

Q: How did you respond?

Not very well at first. I told him that I liked being a man and didn't want to become a eunuch. But he kept at me, and wore me down. He reminded me that I agreed to be modified according to his wishes, and this is what he wanted for me. Anything less would show that I wasn't really committed to the relationship. And besides, I was a total bottom and didn't really need my balls.

It took about a week before I agreed to be castrated. But I wasn't happy about it, believe me.

Q: How did he castrate you?

Michael had a friend who was into the eunuch scene. One night he came over with his bag of toys, and Michael told me that this was it. I was gonna lose my nuts then and there.

Q: Did you think of resisting?

I did for a minute, but deep down I knew there was no way. I just didn't want to lose Michael. I'd rather lose my balls.

Michael's friend restrained me on the living room floor while Michael videotaped us. He used an elastrator to put a band around my sack.

Q: That must have really hurt.

Hell yeah. It's liked getting kicked in the balls over and over again. I screamed for him to cut the band off, but he just kept on going, putting more bands on me. I had four bands around my sack when he finished.

I was rolling around on the floor screaming, while Michael just videotaped me. Eventually, my sack got numb and the pain subsided. I looked between my legs and could see my sack was a dark purple. I knew my balls were dying inside.

Michael and his friend left the room and turned out the light. I lay there for hours, crying because I was turning into a eunuch and there wasn't anything I could do about it.

Q: What happened then?

Eventually I fell asleep from exhaustion. Then the light switched on and I could see Michael's friend kneeling between my legs, touching my sack. I heard him tell Michael that my balls were dead.

Q: How did Michael react?

Very pleased. He bent down and felt around my sack. He said that it felt cold.

Michael's friend told me that I needed to keep the bands on. He said that eventually my balls and sack would dry up and fall off. I just nodded. What else could I do at that point?

Q: Did it happen just like Michael's friend said?

Yeah, a week or so later my package just fell off. Michael put it in a jar of alcohol to preserve it. It's on the table next to his bed.

Q: How did things go after that?

Michael was really loving to me. He kept saying how proud he was of me, how grateful that I had made the commitment to him. He even let me sleep in his bed.

Q: What about the sex?

We waited awhile after my castration, and then took it easy until I was completely healed. At first I was able to get hard, but as the weeks went by my erections began to disappear.

That pleased Michael. He liked fucking me and feeling my limp cock. It made his dominance over me even greater.

Q: When did he start talking about making you a nullo?

A couple of months after he took my nuts. Our sex had gotten to be just as rough as before the castration. He really got off on torturing my cock. Then he started saying stuff like, "Why do you even need this anymore?"

That freaked me out. I always thought that he might someday take my balls, but I never imagined that he'd go all the way. I told him that I wanted to keep my dick.

Q: How did he react to that?

At first he didn't say much. But he kept pushing. Michael said I would look so nice being smooth between my legs. He said my dick was small and never got hard anymore, so what was the point of having it.

But I still resisted. I wanted to keep my cock. I felt like I wouldn't be a man anymore without it.

Q: So how did he get you to agree?

He didn't. He took it against my will.

Q: How did that happen?

We were having sex in the basement, and I was tied up and bent over this wooden bench as he fucked me. Then I heard the doorbell ring. Michael answered it, and he brought this guy into the room.

At first I couldn't see anything because of the way I was tied. But then I felt these hands lift me up and put me on my back. And I could see it was Michael's friend, the guy who took my nuts.

Q: How did you react?

I started screaming and crying, but the guy just gagged me. The two of them dragged me to the other side of the room where they tied me spread eagled on the floor.

Michael's friend snaked a catheter up my dick, and gave me a shot to numb my crotch. I was grateful for that, at least. I remember how bad it hurt to lose my balls.

Q: What was Michael doing at this time?

He was kneeling next to me talking quietly. He said I'd be happy that they were doing this. That it would make our relationship better. That kind of calmed me down. I thought, "Well, maybe it won't be so bad."

Q: How long did the penectomy take?

It took awhile. Some of the penis is inside the body, so he had to dig inside to get all of it. There was a lot of stitching up and stuff. He put my cock in the same jar with my balls. You can even see the Prince Albert sticking out of the head.

Then they made me a new pisshole. It's between my asshole and where my sack used to be. So now I have to squat to piss.

Q: What has life been like since you were nullified?

After I got over the surgery and my anger, things got better. When I healed up, I began to like my smooth look. Michael brought friends over and they all admired it, saying how pretty I looked. It made me feel good that Michael was proud of me.

Q: Do you have any sexual feeling anymore?

Yes, my prostate still responds when Michael fucks me or uses the buttplug. And my nipples are quite sensitive. If Michael plays with them while fucking me, I have a kind of orgasm. It's hard to describe, but it's definitely an orgasm.

Sometimes Michael says he's gonna have my prostate and nipples removed, but he's just kidding around. He's happy with what he's done to me.

Q: So are you glad Michael had you nullified?

Well, I wouldn't say I'm glad. If I could, I'd like to have my cock and balls back. But I know that I'm a nullo forever. So I'm making the best of it.

Michael and I are very happy. I know that he'll take care of me and we'll be together always. I guess losing my manhood was worth it to make that happen for us.

implications (2)

Hazel Bergeron (2015538) | more than 3 years ago | (#35756400)

I don't know about your internet, but mine involves alternative routes to a particular physical location. Not just because that's how the Internet works, but because there are competing providers. And there are all sorts of things which delay, from WiFi to pipe congestion to intentional prioritisation to the OS having something more interesting to do.

Although I should have stopped reading at "time it takes to send a data packet to the target" - really? How does one measure precisely this?

Re:implications (0)

Anonymous Coward | more than 3 years ago | (#35756436)


Re:implications (1)

Hazel Bergeron (2015538) | more than 3 years ago | (#35756458)

No. What does ping actually measure?

Re:implications (1)

Ynot_82 (1023749) | more than 3 years ago | (#35756494)

Total round-trip time
Ping isn't a measurement in a single direction

Re:implications (1)

CastrTroy (595695) | more than 3 years ago | (#35756680)

So if you introduce some random delay in responding to pings, or don't reply to them at all, does that mean they can't figure out where you are? By introducing delay into your reply, could you fake your position to somewhere completely different?

Re:implications (1)

abarrow (117740) | more than 3 years ago | (#35756794)

No, because along with a simple ping, one would employ some sort of traceroute that would record the routers that a particular route used. So, if I traceroute to you once and see the routers that were used, then trace again, get the same routers, but a different round trip time, I would just assume that you are trying to fool me or your network interface is very busy.

Re:implications (2)

mikkelm (1000451) | more than 3 years ago | (#35757040)

.. Or that one or more of the routers in the path are doing something more important than sending Time Exceeded messages, or that something big and bursty hit one of the pipes, or that the message yielded to higher priority traffic, or any of the many other things that introduce unpredictable delay across the Internet.

The entire premise is fairly absurd in that, aside from the obvious shortcomings, it completely ignores that A) delay doesn't indicate direction, and B) most ISP access services reach at least 2 miles in any direction, and often 10 miles and more. So how does this guy propose to locate an individual when the last layer 3 hop in the path is a CMTS serving a neighborhood 10 miles to the North, and another neighborhood 10 miles to the South?

Re:implications (1)

CastrTroy (595695) | more than 3 years ago | (#35757120)

Not to mention that traceroute hasn't worked in a long time, most of the time, the routers will just not respond. I've haven't been able to do a reliable traceroute in years, at least for many places I tried to trace.

Re:implications (1)

_0xd0ad (1974778) | more than 3 years ago | (#35756936)

So if you introduce some random delay in responding to pings

Then they just have to ping you enough times and the random delay will average out.

or don't reply to them at all

It doesn't necessarily have to be a ping. Any connection would work as long as you could time how long it took between sending the packet and getting a response. That said, putting a condom over your ethernet plug would probably protect you quite well.

By introducing delay into your reply, could you fake your position to somewhere completely different?

You'd probably have to know the locations of the servers you were being pinged from and introduce specific delays to make it look like you were farther from the ones closest to you than you were from the ones closer to where you wanted to seem to be. Theoretically possible, at least.

Re:implications (1)

lemonfresh33 (1367367) | more than 3 years ago | (#35757122)

if I add in a random amount of time delay, but you average them out, you don't find out the time to my system, but the average amount of delay I have added PLUS the time to find my system. I'll end up looking further away than you think whatever happens. The only time when averaging out would sum to zero is if I sometimes add a negative delay, and sometimes a positive delay.

Re:implications (1)

_0xd0ad (1974778) | more than 3 years ago | (#35757612)

I'll end up looking further away than you think whatever happens.

I'm not worried about how far away you seem to appear, I'm worried about the relative distances you appear to be from points A, B, and C. Given that larger distances cause larger average delays, I can triangulate your location. It doesn't matter if there's a constant added to the delay somewhere, as long as it's always the same constant after I've averaged out enough samples.

And I'll leave alone the bit about adding a negative delay...

Re:implications (1)

Captain Hook (923766) | more than 3 years ago | (#35757222)

Actually, since you can't randomly make the reponse time shorter, what ever the shortest response time they get back is going to be the most accurate.

The best you can do is make it appear you are further away than you really are.

Of course that actually depends on this technique working which does sound very unlikely.

Re:implications (0)

Anonymous Coward | more than 3 years ago | (#35756512)


Re:implications (1)

petermgreen (876956) | more than 3 years ago | (#35756958)

It measures the time to send a packet to the target and get a reply back.

While I could see this technique working in some cases there are several factors that work against it.

One is jitter, afaict you can't directly measure the time from a router to the target. You can only measure the time from yourself to the router and from yourself to the target. A subtraction should yeild the difference BUT only if the time from you to the router is stable.

Things are further complicated by the fact that afaict you can only trace the outbound route of a packet and there is no gaurantee that the return path will match the outbound path and more importantly in particular there is no gaurantee that two users who share a router in the outbound path will take the same return path..

Finally I don't know what internet infrastructure is like in the US but there is no way they would achive that accuracy on average here in the UK. Too many people are on ADSL connections that are effectively tunneled to london.

Re:implications (1)

s0litaire (1205168) | more than 3 years ago | (#35756482)

If it was only ping, they'd probably locate my half way to the moon.
The joy's of multiple P2P connections on ping....

Oh! and Geo-location puts me in a different country than i actually am ^_^

Re:implications (1)

bberens (965711) | more than 3 years ago | (#35757012)

For some reason I giggled a bit when thinking about pinging through TOR. hop, hop, hop, hop, hop

Re:implications (2, Funny)

j00r0m4nc3r (959816) | more than 3 years ago | (#35756492)

My internet is just a series of tubes, so all you need to do is measure the distance the hamster travels in the tube. Simple.

Re:implications (2)

thomasdz (178114) | more than 3 years ago | (#35756944)

My internet is just a series of tubes, so all you need to do is measure the distance the hamster travels in the tube. Simple.

My internet is also a series of tubes, but I think mine use compressed air to send messages I think you must have "dial-up" and I must have that "high speed broadband".

Re:implications (1)

circletimessquare (444983) | more than 3 years ago | (#35757242)

my sex partner is just a series of tubes. coincidentally, a hamster is also involved

Re:implications (1)

rcamans (252182) | more than 3 years ago | (#35757446)

Hamsters? I want my internet upgraded to Hamsters. All I got were worms.

Re:implications (1)

ColdWetDog (752185) | more than 3 years ago | (#35757702)

Despite the advertising claims to the contrary, my Internet line appears to be turtles, all the way down.

Re:implications (0)

Anonymous Coward | more than 3 years ago | (#35757580)

mmm, lemmiwinks methinks!

Re:implications (3, Informative)

cgenman (325138) | more than 3 years ago | (#35757710)

It's easier than that. Just figure out how much energy a hamster consumes walking a mile in the tubes. Weigh them when you send them out, and weigh them again when they come back.

Re:implications (1)

circletimessquare (444983) | more than 3 years ago | (#35756514)

it's reporter-speak for a ping

you could do this on a webpage with some fairly innocuous javascript that keeps track of timestamps and reports back

and yes, if you have alternate routes, this method fails. except that describes only 0.1% of internet users. for your average bloke with a cable modem opening a webpage with a speck of seemingly harmless javascript, this method should work fairly reliably

Re:implications (1)

Shados (741919) | more than 3 years ago | (#35756612)

Bingo. I see a lot of people already going "BUT BUT THIS DOESNT WORK WHEN (insert edge case here).

Even if this is 70%~ reliable at most, it would still be a marketing gold mine, where the accuracy is very low to begin with and relies heavily on loose estimation.

Re:implications (1)

poetmatt (793785) | more than 3 years ago | (#35756676)

70%? I wouldn't even gamble on it being reliable information outside of it's use as a ping. 1 Kilometer can be a small range or a huge range depending on population density and whether urban vs rural.

Re:implications (1)

circletimessquare (444983) | more than 3 years ago | (#35756732)

you have a speck of javascript on a webpage that opens an XMLHTTPRequest (AJAX) and sends a series of overlapping timestamps. you could have a couple dozen samples in the time it takes you to read this comment, average them out on the server side, include some more sophisticated methods taking into other extraneous measurements like traffic estimates for time of day and general location, type of modem/ internet provider, etc, and get a genuinely reliable lock for any average web user sitting on any average cable modem

this is a real game changer, for advertising, and for expectation of privacy

so i'm going to be marketing my ping time obfuscator shortly for you in the 300 BLOCK OF SYCAMORE ROAD IN TACOMA WASHINGTON (blink, blink, blink)

Re:implications (1)

Anonymous Coward | more than 3 years ago | (#35756810)

1 Kilometer in marketing is a small range. Population density doesn't matter. What matters is that the person is within walking distance of .

Re:implications (2)

cgenman (325138) | more than 3 years ago | (#35757748)

If it increases marketing responses by even 0.1%, you know it will be standard on every single web ad served up in three years.

Re:implications (1)

JWSmythe (446288) | more than 3 years ago | (#35757212)

    I think that's why they said they could get the IP within 690 meters on average.

    You have to figure in that Google does plenty of data mining. Consider what they know about so many users. They know the name, address, phone number, and a bunch of demographics on a lot of users.

    Consider if Person A was to be located by Google. He comes from a particular subnet on a large ISP. They already know that recently active users on that subnet give a physical/mailing address at addresses within .5 kilometers of a point. They can also pretty easily judge the latency without a ping. For example, the time that a Google Adsense javascript was loaded, to the completion time of a contained element.

    There are still plenty of "edge" cases, where a user utilizes Tor (again, identifiable), VPN to another site, wireless bridging, etc.

      It's already obvious Google has a hint of where you are, if you are not blocking ads. The displayed ads are not only based on what you search for and the content of the page, but frequently give local vendors. For example, I just went to Google and searched for "Food". On the right side, it shows a little map with the center within about 10 miles of my location, and 7 named locations within 10 miles of me. The same applies for "tires" and "parts" (separate searches). I've been doing a good bit of automotive work on my own vehicles lately, and some has involved searches for vehicle specific things, so they're showing items related to my recent searches, although I specifically set my Google account to not track me. (Hmmm). Lately, I've been working on American cars, so it showed me primarily American automotive related things. When I've done work on foreign cars (such as Mercedes and BMW), the ads shift towards those types of vehicles for a couple weeks.

    So their geolocation isn't completely dependent on network items, but somewhat based on your own Internet usage. (my Google login, the Google fingerprint of my computer, Google Analytics, Adsense, etc).

    While we have plenty of edge cases, where we VPN, use Wireless bridges, etc, those are still the minority. It's just like, how many people clear their browser cache and cookies on a regular basis. Probably users here do frequently, but the total probably account for less than 1% of the general population online.

Re:implications (1)

circletimessquare (444983) | more than 3 years ago | (#35757328)

it's a given google pretty much knows more about the average bloke than the average bloke knows about himself

but this research demonstrates a way anyone can piggy back on google's servers and get that info for themselves as well, which ups the creep factor considerably

furthermore, with triangulation of servers, and a bunch of pings over time, i bet you could refine the results considerably, down to one location

it's one thing for google, some advertiser, or the feds to be able to locate you by ip. its another thing entirely for any asshole with a creepy attraction or creepy grudge to find you this way, just by getting you to visit some web page

Re:implications (5, Interesting)

Rinisari (521266) | more than 3 years ago | (#35756556)

There was that story a while back about some physicists figuring out that they couldn't send email more than 500 miles [] .

Back on topic, I'll bet VPNs throw wrenches in their methods.

Re:implications (0)

Anonymous Coward | more than 3 years ago | (#35756952)

That's an interesting story. Funny what happens when you let someone else into your system.

Re:implications (1)

jpapon (1877296) | more than 3 years ago | (#35756560)

I don't see your point. It's very simple to measure the time it takes a packet to get somewhere and back.

You seem to be under the impression that they're simply taking the speed of light and dividing by the delay to get distance. That is, of course, not what they are doing at all.

Re:implications (1)

jpapon (1877296) | more than 3 years ago | (#35756570)

I of course meant multiply, not divide.

Re:implications (1)

gstoddart (321705) | more than 3 years ago | (#35756644)

I don't know about your internet, but mine involves alternative routes to a particular physical location. Not just because that's how the Internet works, but because there are competing providers.

Yeah, but in practice depending on where you live and how your ISP is set up, you'll probably find the address allocated to your cable modem is fairly static, or at least consistently within a range. I just don't think that if you're in a fairly major center this isn't already fairly well established.

Fairly consistently, if I'm using my iPad and using anything with location-based stuff, it pretty much knows where I'm at for all but a few places I've been (and that's without 3G, purely based on my wifi).

I also see a lot of embedded ads that know what city I'm in. Sadly, I fear that just by brute force, most possible locations for most ISPs are already fairly well mapped out and your location is already well known.

I alternate between being creeped out by this, and liking the fact that things like Urban Spoon [] work when I travel.

Re:implications (0)

Anonymous Coward | more than 3 years ago | (#35756736)

So, this can be thwarted by...torrenting?

Re:implications (1)

jhoegl (638955) | more than 3 years ago | (#35756834)

Each packet sent has a time association with it.
You do a packet capture on one end, and a packet capture on the other.
Ping is not needed.

how accurate? (1)

ruiner13 (527499) | more than 3 years ago | (#35756836)

I assume that like most places, the cables aren't direct lines from A to B, so an accurate judge of distance seems hard to do. Cable length, perhaps... but coiled wires, vertical spans, and other runs of cable would seem to skew the judge of distances based on packet times. Am I wrong? Wouldn't that at least introduce a large margin of error? What about packet buffering?

IPv6 (1)

CynicTheHedgehog (261139) | more than 3 years ago | (#35756404)

Will the same technique work for IPv6?

Re:IPv6 (1)

SmilingBoy (686281) | more than 3 years ago | (#35756432)

Why shouldn't it? IPv4 and IPv6 are not that different. Only problem is that few web sites are IPv6 enable currently, so you would have less landmark servers.

Re:IPv6 (0)

Anonymous Coward | more than 3 years ago | (#35756638)

IPv4 had nothing to do with this except that it identifies the end node. You could do the same for any network protocol.

Hopefully people will start tunnelling their connections en masse in the near future, seeing as onion routers and darknets are becoming user friendly. Someone could figure out where an intermediary node is, and little more (unless they're at Fort Meade)

Well, there goes my identity. (1)

Compaqt (1758360) | more than 3 years ago | (#35756424)

Used to be, on the Internet, no one knows you're a dog.

I've been playing a lawyer for a long time, but I guess it's better to disclose before being found out. You heard it here first.

Re:Well, there goes my identity. (1)

JohnRoss1968 (574825) | more than 3 years ago | (#35756548)

Thats fair since Lawyers have been pretending to being human since the dawn of time.
(some exceptions of course including a certain Legal Eagle from the NY area that is well know here on /.)

Landmark servers? (0)

Anonymous Coward | more than 3 years ago | (#35756444)

What are the landmark servers they speak of? I can sort-of understand pinpointing someone from several different locations (much like triangulation) but I have a hard time seeing you could do this with latency from one point in space only.

Re:Landmark servers? (1)

xaxa (988988) | more than 3 years ago | (#35756622)

A server you know the location of.

If you know the spacial location of, and the route to is the same except for the last couple of very short hops, you can guess they're quite close.

Re:Landmark servers? (1)

peragrin (659227) | more than 3 years ago | (#35757018)

It isn't you need though.

it is the gateway servers of a given city, combined with the internal routers of what ever the local ISP is.

a traceroute to my home on Time warner shows all packets route first through NY city, then Syracuse , NY and then to my home city with at least 2 different gateways inbetween.

The trick is the first gateway is located in my home city and the second isn't. so you really can't narrow it down on ping time times as 1 ms can be several dozen kilometers apart.

Distance not the only source of latency (2)

Burdell (228580) | more than 3 years ago | (#35756468)

How do they expect to tell the difference between latency due to distance and latency due to protocols, encoding, etc.? For example, a local T1 might have round-trip latency in the 3-4ms range, while a DSL to the same location might be 10ms (in fast mode, even higher for interleaved). A dialup connection will be much higher, while a metro-ethernet might be less than 1ms. All those times also assume no congestion along the path.

Since the speed of a signal in single-mode fiber is about .6 c, each 1ms difference in round-trip latency gives a 90km margin of error.

Re:Distance not the only source of latency (2)

Dan East (318230) | more than 3 years ago | (#35756642)

Further, the best accuracy you can obtain with DSL, for example, is the radius of area served by a particular station. The DSL latency times per kilometer are in the dozens of microseconds, so it would not be possible to resolve distances within a DSL service area just by millisecond ping times. In my rural area they push DSL out at least 3 miles. So even if you consider "average" as half of that radius, that gives an accuracy of 2,400 meters. I think they claim to narrow that down by the fact that DSL stations are placed in the center of population centers.

However, just as scary (in differing ways) is that entities like Google are able to take your position via Google Maps on your cell phone and correlate it with your wireless router's Mac Address (if your phone connects to your wifi). That's how Google knows EXACTLY where I'm at even when from my home PCs now. That is coupled with their wardriving efforts to map out mac addresses directly.

Re:Distance not the only source of latency (0)

Anonymous Coward | more than 3 years ago | (#35756800)

"However, just as scary (in differing ways) is that entities like Google are able to take your position via Google Maps on your cell phone and correlate it with your wireless router's Mac Address (if your phone connects to your wifi). That's how Google knows EXACTLY where I'm at even when from my home PCs now. That is coupled with their wardriving efforts to map out mac addresses directly."

This is wrong because your MAC address does not traverse the IP layer, i.e. only your ISP knows your MAC address.
More likely and easier for google is to just track from which IPs accounts are logged in from, and then compare that to the gmail account on your phone.

Re:Distance not the only source of latency (1)

Albanach (527650) | more than 3 years ago | (#35757412)

This is wrong because your MAC address does not traverse the IP layer, i.e. only your ISP knows your MAC address.

Well, sort of. Your ISP knows it, as does your PC/phone. Most wireless routers broadcast a BSSID including the MAC address of the wireless access point. Your phone/computer etc can then see the MAC address of the device it's connected to as well as those of other networks in the vicinity.

You're correct this doesn't traverse the IP layer normally. However, google offer a geolocation API. In using this, a device can send a list of the wireless router MAC addresses visible to it in the vicinity. Google can then lock these up in their database of geolocated MAC addresses and use a form of triangulation to locate the user's position.

Re:Distance not the only source of latency (0)

Anonymous Coward | more than 3 years ago | (#35756712)

If you measure from multiple surrounding locations the latencies probably cancel out on average. Honestly, I'm sur

Re:Distance not the only source of latency (1)

_0xd0ad (1974778) | more than 3 years ago | (#35756786)

The amount of latency inherent in your connection wouldn't matter, so long as it was fairly consistent. As long as a route of longer distance consistently returned longer ping times than a route of shorter distance, it could be inferred that you're closer to the server which can ping you quicker.

Won't work for 3G (0)

Anonymous Coward | more than 3 years ago | (#35756480)

3G IP addresses are gateway-ed from a single location typically. My IP resolves to Oldham, UK. In reality I am 300 miles away...

Re:Won't work for 3G (1)

petermgreen (876956) | more than 3 years ago | (#35756992)

Plus at least with O2 3G connections are behind ISP level NAT.

Not involuntary surely? (0)

Anonymous Coward | more than 3 years ago | (#35756484)

Involuntary? Unless you're voluntarily providing them with millisecond-accuracy timing information as to when you exactly receive the packet they've sent (or responding to pings), the best they can hope for is a TTL expired from the router immediately prior to you to get some timing information. Which, if they know the exact location of anyway (as their technique seems to require) doesn't exactly resolve your location to any greater accuracy than contemporary methods.

Location steganography (2)

mbone (558574) | more than 3 years ago | (#35756522)

Seems like this would be easy to counteract (although at the kernel hack level). All you would have to do is introduce a 30-50 msec time variable delay into all new packet sends (i.e., ICMP responses, first packet of a TCP session, etc.).

In fact, if you encrypt everything, you may get these sorts of delays "for free."

Also, this will not work well if you are using encrypted tunnels or VPNs to access the web. Your delay then is (tunnel delay) + (tunnel end point to attacker delay) + (encryption delays), so you seem a good deal further away than you really are.

Re:Location steganography (1)

Anonymous Coward | more than 3 years ago | (#35756598)

Introducing a bigger delay doesn't stop you ping from being closer to a closer computer's than a farther away computers. The initial sweep is much less important than the Google Maps Landmark server comparison. As long as you're not introducing some significant sort of chaos to your latency, the tracer can always triangulate you with three or more servers in your general area. And if you can't be caught on the initial sweep, they can triangulate with three or more servers in a huge range around you.

That being said, this will pretty much give an accurate location of where your proxy is if you're using one. So that method of obscuring your location seems like it should still hold.

Re:Location steganography (1)

mbone (558574) | more than 3 years ago | (#35756824)

Well, if you are going to introduce an arbitrary delay to foil geolocation, it should certainly be a random delay.

However, I think that even a constant delay (or a tunnel) would still work pretty well.

Suppose I am using a tunnel, and the tunnel delay is 20 msec, and the tunnel end point is in Boston. Now, they can certainly find out that the lowest latency is for a probe from Boston, and so Boston is "closer" to me than LA or Seattle or Washington. But, they cannot be sure that this means that

- I am in Boston and injecting 20 msec of constant delay or
- I am somewhere else (say in upper Vermont) and my network routing goes through Boston (with or without injecting an arbitrary delay), and it just happens that there is not a "landmark" router near me.
- I am 20 msec from Boston and using a tunnel.

Given that 20 msec (one way) spans the continent, and that a 40 msec round trip delay is not perceptible in VOIP, it seems that this could hide you pretty effectively.

Also, note that it would be pretty trivial to vary the latency in a software tunnel.

This is why... (1)

fotoguzzi (230256) | more than 3 years ago | (#35756586)

...I connect to the internet with a 15 km fibre optic cable.

Re:This is why... (1)

VolciMaster (821873) | more than 3 years ago | (#35757148)

...I connect to the internet with a 15 km fibre optic cable.

In the middle of the LHC Token Ring, eh?

Marco Polo (2)

HikingStick (878216) | more than 3 years ago | (#35756606)

So, in reality, they figured out a way to use ping responses the way kids at the lake (or pool) play Marco...Polo.

I wonder how many they had already kicked back when they came up with their idea?

Don't get me wrong--it's cool tech, but I continue to be amazed by how so many "new" technologies simply mimic things that already exist in other parts of life. Kudos to the researchers. I think I'd rather spend time at the lake.

Similiar Technique used 20 years ago (5, Interesting)

cavreader (1903280) | more than 3 years ago | (#35756610)

Back in the early 80's a Physic's grad student at Berkley was working in their data center and noticed a descrepency in user usage statistics and started investigating. He was able to isolate the user ID of the unauthorized user by analysing the usage statistics. At the time the user statistics were used for billing computer time. The user was basically trying to use the Berkley system as a proxy for attacks on other systems. He eventually spliced into the network to intercept packets containing the User ID in question and calculated the amount of time it took for those packages to complete a round trip to determine the geo location of the person hacking into the system. At first he thought he was wrong because his calculations based on signal response time said the unauthorized user was 6000 miles away. He later discovered the calculation was correct and the hacker was located in Germany. He published a book called "The Cuckoos Egg" with all the details. It is a really good book.

Re:Similiar Technique used 20 years ago (1)

Anonymous Coward | more than 3 years ago | (#35757060)

Clifford Stoll is the author (, and that was my first thought too.

My second thought was that I can use the Tor network to geolocate myself to the moon (and beyond).

Youngsters (0)

Anonymous Coward | more than 3 years ago | (#35757164)

If you are just now hearing about Cliff Stoll, get off my lawn!

(Oh, and did you hear about the kid who's got cancer and wants to collect greeting cards?)

amateurs (0)

Anonymous Coward | more than 3 years ago | (#35756614)

The government just log into server backdoors mandated in all domestic ISPs, and extract node locations directly.

Re:amateurs (0)

Anonymous Coward | more than 3 years ago | (#35756758)

Right, or through the backdoor in Windoze ..... hold on I forgot to put on my foil hat. . .. .

i see 2 points cropping up in the comments: (4, Interesting)

circletimessquare (444983) | more than 3 years ago | (#35756620)

1.. "my connection is too weird/ unique/ confabulated/ etc..."

yes, but you are 1% of internet users. the average bloke on a cable modem is reliably caught with this method

2. "there is traffic/ no way to ping/ etc..."

you have a speck of javascript on a webpage that keeps track of timestamps, opens an AJAX XMLHTTPRequest and pings alot, and the server averages things out. voila: you could get 60 samples in the time it takes you to read this comment, and therefore a good lock on your location


Re:i see 2 points cropping up in the comments: (1)

black3d (1648913) | more than 3 years ago | (#35756918)

the average bloke on a cable modem is reliably caught with this method

Well, the average bloke is narrowed down to 1km, that's still a good 50-100 residential properties, and no way for the "attacker" to know which, so this attack on it's own doesn't do much. This coupled with perhaps someone's surname and a telephone book, might get a hit for a malicious attacker, but a lot of folks don't list in telephone books anymore. Ahh.. who knows. It might be useful for something. :)

Re:i see 2 points cropping up in the comments: (1)

_0xd0ad (1974778) | more than 3 years ago | (#35757050)

the average bloke is narrowed down to 1km, that's still a good 50-100 residential properties, and no way for the "attacker" to know which, so this attack on it's own doesn't do much

It'd be plenty good for showing him ads for restaurants and stores that he'd probably drive past on a regular basis, though.

Re:i see 2 points cropping up in the comments: (1)

circletimessquare (444983) | more than 3 years ago | (#35757178)

i think you could do better than that by triangulating with different servers and averaging out over time

i think law enforcement/ counterterrorism/ etc. could make good use of this methodology. yeah, those guys could just subpoena the ip address, but in time sensitive issues, this is a pretty neat trick

heck, your average stalker weirdo with access to a number of servers in different farms/ colos either because of his job or just because he's a very committed stalker weirdo could do this

you could triangulate (1)

circletimessquare (444983) | more than 3 years ago | (#35757084)

Same-Origin-Policy enforcement in the AJAX means means the javascript can't hook out to other servers... unless you control 3 or 7 or 37 different servers in different farms/ colos under the same domain name. the distant servers couldn't receive the info, but you could have each server fire in cycle, and have one receiving server take the timestamps in. so with a heavy rotation of pings over a brief period of time, and a bunch of different servers to triangulate ping times over time, and some extraneous info like traffic estimates/ internet provider/ etc., i bet you could get an exact location that would resolve itself in a couple of seconds with good accuracy

Re:i see 2 points cropping up in the comments: (0)

Anonymous Coward | more than 3 years ago | (#35757010)

1... yada, yada, yada.......THAT's RIGHT! and as one of those 1 per cent, I say, NYAH, NYAH, NYAH!!!

Re:i see 2 points cropping up in the comments: (0)

circletimessquare (444983) | more than 3 years ago | (#35757206)

congratulations. paranoid schizophrenia has an upside

Re:i see 2 points cropping up in the comments: (2)

mikkelm (1000451) | more than 3 years ago | (#35757246)

How does this get +5, Interesting?

How far do you think that this "average bloke" on a cable modem is from his CMTS? How far in any other arbitrary direction do you think that another "average bloke" with a CM in the same addressing pool is from the same CMTS?

Re:i see 2 points cropping up in the comments: (1)

circletimessquare (444983) | more than 3 years ago | (#35757380)

say i control a number of servers under the same domain, and i use a simple script to run many pings quickly. can't i correct for errors and refine the technique researched here and resolve you apart from your neighbor?

Re:i see 2 points cropping up in the comments: (2)

mikkelm (1000451) | more than 3 years ago | (#35757776)

No. Not realistically possible even with a single CMTS feeding a single neighborhood.

Completely impossible is telling your location apart from another customer on the same CMTS, in the same addressing pool, topologically located as far from the CMTS as you are, but in the opposite direction. Unless your electrons carry a compass.

Thank you (0)

Anonymous Coward | more than 3 years ago | (#35756666)

This should be helpful.
Time to make some people not-so-anonymous.

But seriously, this arrives at a time where people have been increasingly joining the Anonymous Collective to stand up for internet freedom.
A time where DDoSing is at an all time high equally.
This now makes IPs a weapon for those being attacked.

This also makes me wonder if Sony will try to use this against those DDoSing their networks due to buttmad pirates.
Oh, don't take that as me agreeing with their attempts to see who viewed the videos or twitter information though, continue making everyone know of this and that it is, in no way, showing that someone was aiding any sort of hackery.
Quite a few people who never even had a PS3 almost certainly watched those videos, merely from curiosity or to laugh.

Google Landmark Server? (0)

Anonymous Coward | more than 3 years ago | (#35756672)

What is a Google Landmark Server?

Re:Google Landmark Server? (4, Funny)

Waffle Iron (339739) | more than 3 years ago | (#35756860)

What is a Google Landmark Server?

Always on the lookout for more places to put their server farms, Google has a deal with the National Park Service to rent out unused space in national landmarks. For example, the Washington Monument is hundreds of feet tall, but it has almost no windows. It would be a waste not to fill up the lower floors with server racks. The same goes for other buildings that have no other practical function, such as the Lincoln Memorial and Grant's Tomb.

Unfortunately however, unless a deal is reached within the next few hours, all those servers will probably have to go offline tonight at midnight.

What an unfortunate name. (0)

ikarys (865465) | more than 3 years ago | (#35756674)

"We shrink the size of the area where the target potentially is" says Wang. What an unfortunate name.

Re:What an unfortunate name. (0)

Anonymous Coward | more than 3 years ago | (#35757020)

It's pronounced "wong", you insensitive clod.

Nothing new (0)

Anonymous Coward | more than 3 years ago | (#35756678)

I've been doing this for years as a hobby. Latency, combined with some general information about the area, the ISP in question, the last mile transmission medium (dsl, cable, cellular, fiber), you can narrow an IP address to a neighborhood. That's about it. I would say a lot farther then 690 meters. It's still funny to scare people on IRC and claim you know where they live, using a little bluffing & social engineering.

This method works best in developed countries for numerous reasons too long to type.

If it were possible to narrow down where people live to 690 meters, guess who would have done it already? -Adultfriendfinder. Cuz' you know-there are just so many horny single girls in Lansing, Michigan!

It may just find your ISP (1)

Geeky (90998) | more than 3 years ago | (#35756694)

All the location based adverts I see in the UK (mainly "hot girls in are waiting for you", but I digress...) seem to centre on the location of my ISP's data centre.

The only routers visible to the outside world will be upstream of my ISP. Latency might tell someone how far I am from them +/- the distance from my ISP, but last time I looked my ISP blocked ping anyway.

I would imagine this would apply to the majority of UK DSL users.

Re:It may just find your ISP (0)

Anonymous Coward | more than 3 years ago | (#35757340)

It's the same for me, location based ads think I'm 200 miles away from my place, that's a long way to go for 'hot girls'.

As a Tor User, I'm on the Moon (1)

Anonymous Coward | more than 3 years ago | (#35756750)

I figure that with the Tor router latency, this system will geolocate me as being on the moon.

Triangulation? (1)

denyingbelial (2014450) | more than 3 years ago | (#35756770)

I haven't rtfa'd, but wouldn't they employ a form of triangulation? pings from three land-mark servers (or more) to help pinpoint which it's closest to and by how much? I mean, triangulation is pretty precise and the encryption, connection type, etc, wouldn't affect it as much since it wouldn't be an issue of how long it takes, but how long it takes to reach from one server compared to the other. I can't shake the feeling they are using the ratios converted to distance, not the latency directly. The summary kinda suggests they use just one server-to-target connection to do the estimate, but that doesn't sound very plausible.

Bad Internet Connections FTW (1)

bill_mcgonigle (4333) | more than 3 years ago | (#35756776)

Good luck, boys, my cable modem is two miles from the house.

Re:Bad Internet Connections FTW (1)

drinkypoo (153816) | more than 3 years ago | (#35757158)

Being able to find your repeater is as good as finding you... Now if you have multiple hops with directionals only on your side then it could take them a minute...

Re:Bad Internet Connections FTW (1)

bill_mcgonigle (4333) | more than 3 years ago | (#35757574)

Yeah, I'm almost 20 devices, 4 houses, and multiple VDSL/802.11 conversions away from the Internet connection. One of the VDSL lines is buried and goes over a ridge.

But, really, I'd give up any anonymity that provides for a cable or DSL line to the house - doing tech support for your neighborhood after an ice storm sucks.

so where is the demo? (1)

LWATCDR (28044) | more than 3 years ago | (#35756802)

I want to try this out and see how they do. Every other geoplocation service I have tried puts me miles from where I am at. I take that back may have gotten it exactly right. They only show the town but the marker was right one my office.

Re:so where is the demo? (0)

Anonymous Coward | more than 3 years ago | (#35757252)

Same, no chance it'll locate me.

It'll locate my city, but me? Not a chance. And to a 690 meter radius, not a chance.

Won't work if the ISP PoP isn't nearby (1)

Guspaz (556486) | more than 3 years ago | (#35756922)

I have DSL. My ISP's closest PoP is over 500KM away in a Toronto (I'm in Montreal). My PPPoE session is carried over an L2TP tunnel; my first hop is 500KM away. This is actually a very common scenario for anyone in Ontario or Quebec, since that's how all DSL in the region works. If you're on Bell Canada, your PoP is probably in the same city, but if you're using a wholesaler, it's probably not. Because the lowest possible latency to me is in Toronto, that's where this technique would see me.

As such, it'd be impossible for anybody to geolocate me down to 1KM, or even 100KM. Every geolocation service I've ever tried has pegged me as being 500KM away. You might suggest that they could calculate my distance to Toronto based on last-hope latency plus known DSL fastpath latency and figure out that I'm in Montreal as it'd probably be the only major intersecting city at that distance. The problem with that is that the last-hop latency depends on too many factors, such as connection speed, connection type, interleave depth...

Could Add-on Stop This? (0)

Anonymous Coward | more than 3 years ago | (#35757106)

If you're using JavaScript to AJAX a timestamp (via Date object I'm assuming), could you make a Firefox addon that essentially zeros out the millisecond accuracy of the Date object? I.e., force the Date object to always return 1000 rounded numbers when calling getTime() function. Good luck calculating an accurate ping time from that, eh?

Network Topology (1)

mbone (558574) | more than 3 years ago | (#35757234)

Note that it is not enough that there is a "landmark" router physically near you, it also has to be near you from a network topology sense. It doesn't help geolocation much if the museum next door has a landmark router if the peering point between your networks is 1000 km away.

Now, if you are in a city on a major ISP, this is likely not to be problem. If, on the other hand, you are out in the country, then there is unlikely to be a landmark router near, and if there is one, it is quite possibly on a different network, with a peering point many miles away. For example, many university extension campuses connect back to the main University NREN, and all Internet traffic then goes through one or two "GigaPOPs" in the state. So, even if there is a university extension next door, it is likely to help with geolocation much.

So, I predict that this will not be good to anything like 1 km accuracy away from major cities.

Old news (0)

Anonymous Coward | more than 3 years ago | (#35757274)

FBI has been doing this for well over a decade, even offers software for many years now to banks and other financial companies to insert this right into the transaction processing stream. For example, sites that take money for online casinos and live-sex-cams use it to know where you were when you bought chips, so they can get a decent rate with credit card companies since those transactions have higher dispute rates than average.

WiMax (0)

Anonymous Coward | more than 3 years ago | (#35757520)

I can turn my antenna to have poor reception, and can have 1000-2000+ms pings when desired (or 29ms when aligned properly).

If not working with the ISP to measure signal direction and strength, it would be near impossible to actually determine my location within a 10 km radius, or it'd show as being somewhere around the tower (which is 5km away).

Even with help from the ISP, it's still not exact as there are some directions to point the antenna that the signal happens to 'bounce' the right way or is picked up by a different tower.

So, with ICMP responses blocked... (1)

TrentTheThief (118302) | more than 3 years ago | (#35757768)

... and sitting behind the mystical, seven anonymous proxies, the method is useless to find anyone actually smart enough to properly operate a computer.

I suppose it'll be helpful to find the average user who's playing at cyberstalking or sending threatening emails.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?