← Back to context

Comment by anilr

4 days ago

Has this been tested, or is it just an idea. I imagine it would have some very serious limitations. Perhaps it could tell if you are likely in the US or Europe, but I doubt could get much more granular than that.

Starlink internet customers, and users of Apple's private relay (vpn-like service) would all be excluded?

Tailscale uses latency to pick home DERPs and I am re-evaluating it as we observe what appear to be manipulated STUN latencies for users in Asia particularly in or close to China. The latencies are often raised to over 300ms to affect this, and steer clients toward the US west coast. The reason for these manipulations is unclear, but it's easy to speculate.

  • > The reason for these manipulations is unclear, but it's easy to speculate.

    Care to elaborate? I don’t know why anyone would do this.

    • This is tin-foil-hat speculation, but for example, if you observe a locality measurement protocol picking where it should connect to, but you already know all of the local sites of interest that are relevant, you might want to find remote sites of interest. If you manipulate the more open sampling protocol to lean toward that remote site, you can then observe where secured connections to which you're otherwise blind, connect to. Now you have new remote targets of interest.

We (IPinfo) run active measurements through our 900 servers and produce a standard IP geolocation data product. However, to my knowledge, we haven’t partnered with any organizations or institutes to support a project like this, although we certainly have the potential capacity to do so.

I tested it from my home and got a radius of about 200 km. But would be nice to get some additional validation. In any case it's not super precise but it adds more friction to manipulation and in conjunction with IP based geolocation and other things it may turn out to be useful for some parts of an online democracy.

The goal is to easily get a representative and un-manipulated sample of popular opinion. To achieve that, it might be ok to discriminate against certain users who use connections which cannot prove their location, as long as it's not heavily skewing the results.