The only universal fix I can think of for this class of attacks is to have routers bound latency to a lower limit (eg. 200ms), with fixed latency buckets (eg. 500ms granularity) when it goes beyond that.<p>That is, no traffic would traverse the router in less than 200ms, and every other flow would be fixed at 700ms, 1200ms, 1700ms, etc amounts of latency. Tweaked correctly that would limit location to continent, unless I'm missing something.<p>It would effectively trade quick responses to/from close networks for some extra amount of privacy (in the case that GeoIP has already been taken care of)<p>The latency would have to be controlled on both ingress and egress to account for internal and external threats. I've got a niggling feeling that an attacker that could control latency of enough geographically diverse networks could find the boundary by manipulating responses to get finer detail, but can't quite work the problem into a solution...<p>Is there a less horrible or more reliable universal mitigation that I'm not thinking of?
I can see where a FQDN candidate is no biggie in a browser's offer/answer since DNS lookups occur all the time. But I imagine the simple fix for Signal's WebRTC use, since they control both sides of the exchange, is to just disregard non-IP candidates. Or even better, don't do anything with the candidates until the call is accepted. Worst case, could just have a geographically centralized signaling server (or shared IP). Granted, since Signal controls both sides, might as well only serve fixed "host" candidates and disallow any offer/answer with custom crafted ones.<p>One also wonders, to prevent other forms of leaks, if Signal can make a blanket policy to prevent DNS lookups or in general get tighter control on outbound network.
> if a Signal user wishes to hide their private/public IP addresses even from contacts who call, then it has an option “Always Relay Calls” in its privacy options<p>I thought Signal was all about privacy <i>by default</i>? :D<p>Signal fans love to dunk on Telegram for secret chats not being the only kind of chat.. well turns out on Signal, private is not the only kind of call, and your IP address is exposed by default.
WebRTC and signaling can be an interesting attack vector. If rooms are not protected technically from uninvited people to enter you can get all kinds of information but even worse you can sometimes even hijack a call.
<a href="https://archive.is/SYq8H" rel="nofollow">https://archive.is/SYq8H</a><p>I got a blank page on the original domain, perhaps due to DNS adblocking.