this post was submitted on 30 Jul 2023
163 points (100.0% liked)
Technology
37727 readers
624 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This type of attack theoretically also works with signal or telegram or whatever message service that works entirely without a phone number.
This is unlikely to work for internet messaging services. If you're finding the location of the phone based on the location of the tower that delivers the message to the phone, the analogous part in modern internet messaging services would be a cloud server in a cloud data center hub. There are few of these in the world, so even if you could narrow it down that way, you'd end up with vague locations like "western North America" or "Europe".
Additionally, the routing of messages in internet messaging services is usually not so sophisticated. You can only tell the difference between sending a message to somebody from their east and sending a message to somebody from their west if the message is taking a different route to get to the user based on the physical direction. If the path of the message is always sender->infrastructure->central database->infrastructure->receiver, you change only change the sender->infrastructure and maybe the infrastructure->central db latency. Without being able to change the path the message takes back out of the system to the target, you can't gain any useful information.
It should work with direct IP networking, but for locating IP addresses we already have location databases and traceroute so it wouldn't be necessary. Maybe it could work if there was a pseudo p2p service where clients connect to the nearest Cloudflare edge compute node or something and then the nodes connect directly between each other at the IP layer, because in that case you would be going through sufficiently sophisticated internet routing but the target's IP wouldn't be available for a less sophisticated and more accurate approach.
I don't think I understand the attack then. So a timing attack on Read receipts gives you approximate location how?
I understood the SMS case because the tower data could then be extrapolated. But if we're just talking about a standard internet application like signal. The read receipts are coming over the internet and not coming from Tower records.
Or at least that's my understanding. If I have a computer attached to some point on the internet. People could use ping timings to theoretically restrict the location but not very accurately right?
You just measure the time until the delivery recipe arrives. You can approximate how far away the recipient is. Now you keep doing that while changing your own location (use vpns etc.) and you can slowly get a more accurate location of the target. Now you automate that stuff and also utilize machine learning to interpret the data.
That makes sense. It wouldn't give you very accurate data. But it'll get you within a hundred kilometers or so?
Though it seems like the solution here isn't always on VPN. So the measurements would only get to your VPN endpoint. Which is trivial to know by the IP address