alt Hacker NewsInteresting to learn you can identify the real country/area of origin using probe latency. Though could this be simulated? Like what if the VPN IP just added 100ms-300ms of latency to all of its outgoing traffic? Ideally vary the latency based on the requesting IP's location. And also just ignore typical probe requests like ICMP (ping). And ideally all the IPs near the end of the traceroute would do all this too.
To use an example, 74.118.126.204 claims to be a Somalian IP address, but ipinfo.io identifies it as being from London based on latency. Compare `curl ipinfo.io/74.118.126.204/json` vs `curl ipwhois.app/json/74.118.126.204` to see. If that IP ignored pings and added latency to all outgoing packets, I wonder if that would stymie ipinfo's ability to identify its true origin.
Replies
Once you know the exit IP you can just find network(s) advertising it.
The VPN provider only controls their network, not their upstream.
So you can set minimum latency on your responses. But your upstream networks won't be doing this.
It's possible to deduce password hashes by timing responses over the internet if the server isn't using constant time comparison. Noise is just that, a noise.
It isn't just latency, but "triangulation".
[IPinfo] pings an IP address from multiple servers across the world and identify the location of the IP address through a process called multilateration. Pinging an IP address from one server gives us one dimension of location information meaning that based on certain parameters the IP address could be in any place within a certain radius on the globe. Then as we ping that IP from our other servers, the location information becomes more precise. After enough pings, we have a very precise IP location information that almost reaches zip code level precision with a high degree of accuracy. Currently, we have more than 600 probe servers across the world and it is expanding.
Not that simple.
If they added latency to all packets then London would still have the lowest latency.
If you ping it from UK and it ping >10ms then you know its there. And you are triangulating from multiple countries.
with enough packets you can trilaterate an approximate locatuon. adding random jitter will just delay it a bit.
If you 300ms latency then yes, you defeat this detection mechanism.
Does this really work? I would think the ping time would not be dominated by speed of light, but by number of hops, and connection quality.
As a hypothetical example, an IP in a New York City data center is likely to have a shorted ping to a London data center, than a rural New York IP address.