Involuntary Geolocation To Within One Kilometer 207
Schneier's blog tips an article about research into geolocation that can track down a computer's location from its IP address to within 690 meters on average without voluntary disclosure from the target. Quoting:
"The first stage measures the time it takes to send a data packet to the target and converts it into a distance – a common geolocation technique that narrows the target's possible location to a radius of around 200 kilometers. Wang and colleagues then send data packets to the known Google Maps landmark servers in this large area to find which routers they pass through. When a landmark machine and the target computer have shared a router, the researchers can compare how long a packet takes to reach each machine from the router; converted into an estimate of distance, this time difference narrows the search down further. 'We shrink the size of the area where the target potentially is,' explains Wang. Finally, they repeat the landmark search at this more fine-grained level: comparing delay times once more, they establish which landmark server is closest to the target."
Re:implications (Score:5, Interesting)
There was that story a while back about some physicists figuring out that they couldn't send email more than 500 miles [ibiblio.org].
Back on topic, I'll bet VPNs throw wrenches in their methods.
Similiar Technique used 20 years ago (Score:5, Interesting)
i see 2 points cropping up in the comments: (Score:5, Interesting)
1.. "my connection is too weird/ unique/ confabulated/ etc..."
yes, but you are 1% of internet users. the average bloke on a cable modem is reliably caught with this method
2. "there is traffic/ no way to ping/ etc..."
you have a speck of javascript on a webpage that keeps track of timestamps, opens an AJAX XMLHTTPRequest and pings alot, and the server averages things out. voila: you could get 60 samples in the time it takes you to read this comment, and therefore a good lock on your location
INCOMING...