If you're doing latency-based probing, location spoofing is presumably possible to an extent by adding artificial delays and possibly spoofing ICMP "TTL expired" packets like https://github.com/blechschmidt/fakeroute
I am not sure whether this kind of IP spoofing will impact our accuracy because we will likely identify the noise and behavioral anomaly and discard the location hint derived from traceroute.
We have tons of historical traceroute data patterns, and generic traceroute behaviors are likely modeled out internally. So, if you can spoof the traceroute to your IP address, our traceroute-based location hint scoring weight for that IP address will decrease, and we will rely on the other location hints.
You have to be extremely deliberate to misguide us. But I would love to see this in action, though.
Yeah, I doubt there are more than a couple of hosts on the entire internet serving fake traceroutes anyway. Even finding hosts that don't enforce BCP38 requires quite some effort these days.
While we're on the subject of maps-related bugs, I was recently borrowing a new Tesla Model Y and took it on a RORO ferry. After the crossing, the car’s GPS was convinced I was still at the port where I had departed from. I restarted it a couple of times, but nothing. I drove off using Waze on my phone instead of the car's navigation. The map on the car kept moving relative to the direction I was driving, so the navigation was showing me driving into the sea and eventually started complaining that it would be impossible to find a charger.
Approximately 5 hours later, just as I was about to arrive, the car finally managed to figure out my correct location.
Exciting trip, not a huge fan of Teslas, but their charger planning is really nice. It was very unpleasant to suddenly lose it.
I just genuinely wonder how such a bug can actually occur, surely you'd update the GPS fix more often than every couple of hours. Hard to imagine the car just suddenly couldn't get a GPS fix for hours either. But if it did somehow totally lose the ability to use GPS, the car must have a pretty good dead reckoning system given how well it was responding to my changes in direction.
On a vaguely related note, driving 3000 kilometers through Europe in an electric car was surprisingly nice. Certainly didn't affect the length of the trip nearly as much as I'd have expected, but it was certainly super annoying to try and figure out the optimal rate of travel on the Autobahn. Charging at Tesla's supercharges was vastly more expensive than I expected, the "fuel" costs weren't much lower than what you could easily reach with a diesel car.
I had a Volvo XC90 that “jumped” off the interstate and onto a parallel mountain road east of Knoxville. It did its best to track along those roads and somehow made its way into North Carolina. But even when I was back in Chicago, it was still stuck in NC trying to find a way off those mountain roads. Dozens of on/off cycles did nothing. I disconnected the battery overnight and that didn’t work. At the next service appointment, the dealer had to do a full firmware reset to wipe the memory and get it working again.
It amazed me that Volvo programmed an SUV to disbelieve that it could ever actually leave a road.
Last summer traveling down a rural road in southwestern Ontario, Apple maps told me to return to the route. We hadn't turned in 10 kilometers, but it was showing that we were 200 meters into a cornfield.
I don't think I could have ended up there if I tried in the Golf we were in. Nice try.
My kids thought it was the funniest thing, but it's a good technology lesson.
In Boston it's a very frequent occurrence to be driving in the Central Artery Tunnel and have your map software think you're on the surface, or vice versa, or to be on a highway overpass and again have it think you're on a surface road that is inaccessible from your location. You get used to it.
This seems like an entirely different level of craziness, though.
Yeah I remember back in the early 2000s before phones had turn-by-turn navigation, there were PDAs to do it and it was common for the software to just ask whether you were driving on the surface road or an elevated viaduct.
My dad used to have a crappy aftermarket GPS in his car that did the same thing. It would get lost dozens of miles away, and then hundreds of miles away.
The explanation I found online at the time was that a GPS receiver needs to download data about the exact orbits of all GPS satellites from time to time. Satellites slowly lose altitude and change their orbits. Up-to-date information is constantly broadcasted by every satellite, but it takes about 15 minutes for a device on the ground to download this dataset.
Most GPS devices do this automatically whenever they get the chance. But if your GPS is somehow unable to stay online for 15 consecutive minutes (bad firmware, faulty memory, tunnels, underground parking lots, etc), it will be relying on increasingly outdated info and drift far off its actual location.
There's no way a modern smart phone or car relies on those ephemeris transmissions. They all just get it from the internet, which takes less than a second. That's one of the reasons why a smart phone has a reliable GPS fix basically instantly after being booted up, while old-school offline GPS units needed minutes to get a fix.
That's only the case for non-internet connected GPS units. Throwback to the early 2000s when my family car had such a unit, which, after having been turned on, would require ~15 minutes of waiting before it became functional. Funnily, I remember the mapping app would refuse to use the device clock and only use the time from GPS satellites. So at least you would know you need to wait if it didn't know the current time.
Well, that's certainly not the case. Each satellite transmits a low-precision almanac to the receiver that helps it lock onto the others, as well as a higher-resolution ephemeris that provides the necessary pseudorange accuracy for that particular SV.
But it's true that neither of those factors accounts for miles of error. That has to come down to either poor sky coverage/signal strength, poor software, or (more likely) both.
That's no excuse for disbelieving GPS for extended periods of time.
Google Maps gets it right: it tried to keep you on road, but only for a few tens of seconds. After that, if you are in the middle of uncharted territory, it'll show the marker there.
(This is probably because Google Maps can be used for walking/biking too)
Well, when I’m driving in Kyiv, and there is an air raid alert, usually my car navigation starts to derp, and after a few minutes it thinks that it’s suddenly in Lima, Peru.
Not that I mind too much, I know how to get around without navigation.
It does teleport to Peru but it also fast-forwards time to about a year into the future, which caused my car to think its overdue for that oil change. It even synced that back to the headquarters and I got an email asking me to take it to service.. (and arriving there on the wrong side of the Dnieper, I just decided to wait it out)
Wish we could put it into a manual mode where you just reset it's position once and then it updates based on wheel encoders & snapping to roads.
The technology should be resilient against GPS spoofing. If it “knows” it never left the mountain road, it’s not crazy to design it to reject an anomalous GPS signal, which might be wrong or tampered with.
I think the likelihood of that happening is significantly less than the likelihood that a car took a new road or other path not show in the cars mapping data.
>(This is probably because Google Maps can be used for walking/biking too)
Please don't do that. The map is simply not good enough and does not have enough context (road quality, terrain, trail difficulty) for anything but very causal activity. Even then I highly recommend to use a proper map, electronic or paper.
It has a lot more map data accessible and you can even overlay National Park Service maps, land ownership, accurate cell service grids, mountain biking trails, weather conditions and things like that.
Disclaimer: Just because you see a route on a map, digital or paper, does not mean it is passable today. Or it may be passable but at an extremely arduous pace.
We used the walking directions for dual sport motorcycles once. It was pretty nice. We did have a few places where it became sketchy. Those and maybe more places would be sketchy for walking too. Not that google maps could do much about it. Terrain is a living thing. These were mostly huge cracks in the earth due to rain water.
Trail? Terrain? I use it for walking for 10-20mins around a (mostly flat) city and I expect that’s what 90% of people use it for, the comment didn’t mention hiking
It depends what you are doing but for hill walking in Italy I found the footpathapp.com app good. There are no decent paper maps in the area I go and Google maps are also rubbish for local paths but the app kind of draws in paths based on satellite images I think and you can draw on it to mark the ones you've been on.
Yeah, that is my guess, there must have been bug, issues where GPS suddenly teleports you. One way to remedy that is to give the roads virtual walls so what ever GPS weirdness comes in, the location service will at least put the car close to its "previous" location for some time.
2. Car entered dead reconning mode used for tunnels and such
3. Car left ferry, acquired GPS
Then either:
4a. Location via dead reconning vasty disagreed with GPS because the car doesn't know about the ferry's movements, triggering some kind of failsafe.
Or:
4b. There's just a plain old bug in the condition to switch back to GPS and maybe people haven't noticed because you don't get as badly desynced in a tunnel.
>the car must have a pretty good dead reckoning system
Yeah all the pieces are there: accelerometers and gyros for stability control, compass for navigation, and the wheel speed sensors give you exact distance traveled.
My local roro ferry drops you off pretty close to downtown. If you don't get a good fix as you get off the boat before you get into the urban canyon, satnav is pretty hopeless for a few minutes.
Doesn't usually take 5 hours to figure out where it is though. At least not on my vehicles, even the one that's always getting confused.
TomTom's have for at least 15 years or so. They have accelerometers to measure the motion when cut off from the GPS satellites. I worked there, knew the guy who developed it, and saw him give a presentation about it.
That's cool... so I guess this works something along the ways of "calculate the speed via GPS before entering the tunnel, and then try to update this speed using the data from the accelerometer while in the tunnel"? Because as long a the car is moving at constant speed in a straight line, the accelerometer shouldn't register anything...
Well it registers gravity, so you can detect i.e. driving off a cliff. ;)
What helps is that tunnels don't usually branch, so once you're in it, your path is usually quite predictable.
TomTom maps also have a statistical model of what speed is expected along each stretch of road by hour and weekday/weekend (not 7 individual days, but 2 kinds of days). But I don't know if it uses that to help estimate your expected speed when dead reckoning, it's actually for route planning.
One of my co-workers came up with the great idea of gamifying driving: maintain a real time speed leader board, showing the top ten speeders along any stretch of road! So on every road in the world you could compete with other TomTom users who drove it. Kind of like checking in with 4Square, but more fun and dangerous! TomTom legal did not approve.
I suggested gamifying and monetizing driving with TomTomagotchi, a virtual pet that gets depressed if you don't drive it around enough, begs you to visit interesting landmarks and sponsored points of interest, like driving through McDonalds to feed it, or through the park to let it take a shit, or driving fast enough to make the leaderboard to entertain it. I'm sure Bandai's lawyers wouldn't approve.
I swapped out the satnav in a 2008 Honda for a modern unit and the car had a “speed pulse” wire. I looked it up and that wire is used for dead reckoning.
Dead reckoning shouldn't be a problem for a built-in nav device that has access to the car's odometer (or at least its speed). But as long as the car itself isn't moving, because it's parked in a ferry's car deck, I reckon (SCNR) it shouldn't do any dead reckoning...
A practical issue is that GPS can be spoofed relatively easily. If autonomous driving became a thing, and ubiquitous, with vehicles that prioritized remote over local consistency, then a single GPS spoof could cause some interesting things to happen. This is probably a concern that does drive decisions, at least to a degree. It creates a weird scenario where you kind of need to trust GPS, but you simultaneously also can't treat it as authoritative.
OTOH creating a dumb user experience for a fairly common scenario, to try to preempt a hypothetical scenario is probably not a great idea. A fun problem to think about, though it may be completely unrelated to this issue.
I do hope self-driving software works out a better system, before it becomes common place. Autopilot has been incorporating GPS in aviation for decades, and it's still surprisingly common to have major problems when a loss of GPS occurs.
Every swept-wing jet has a tendancy to enter a positive feedback loop of rolling and yawing, called a dutch roll, when flying at altitude, so even when not using autopilot, an active system is needed to fly straight and level. If the Phenom 300 doesn't have a valid GPS signal, that system fails.
If it becomes common place, spoofing is easy to counter. Directionality and parallax of the signal is enough to figure out the true signal, all it requires is an additional antenna.
This won't prevent jamming, that requires a different mechanism, but spoofing should be prevented.
> On a vaguely related note, driving 3000 kilometers through Europe in an electric car was surprisingly nice.
Having done a number of multiple-thousand km trips in Europe in an EV (not a Tesla, nobody buys those anymore) — it's amusing how non-EV muggles think this is somehow an ordeal. It's just fine! There are drawbacks: you do have to use your brain and plan ahead more than you do when burning dinosaurs. But I found that the 20-30 minute stops every 2h really improve how I feel after a day or two of driving.
Agreed about prices: there is gouging going on with some crazy margins. When charging at home, an EV is 2-4x less expensive per km than a gasoline-powered car, but when fast-charging on a road trip the cost of energy is nearly the same.
> But I found that the 20-30 minute stops every 2h really improve how I feel after a day or two of driving.
I honestly started considering this a feature. I am a huge believer in "productive friction" - where some things are intentionally made annoying or hard so that humans avoid them - and this is a really good example.
Muggles, in Harry Potter books, are non-magic people, who do not have magic, do not understand it, have a lot of misconceptions about it, and fear it. :-)
So you are the enlightened one because you drive an EV or what? I dont think that this divisive and patronizing attitude is helpful in this discussion.
Range anxiety is a fact, only recently electric vehicles have started to have more acceptable and practicable ranges and also, the charger network is evolving more and more. In winter the ranges are also reduced by about 10-20%.
So I dont think people cant see the "magic", the mass market is just risk averse and doesnt want to get stuck in the middle of the highway with 2 screaming kids in the back seat.
Also now that most European countries (and also the US) have stopped subsidizing EVs, the real costs are shining through, so maybe that 1.9L Diesel engine looks more attractive now again.
No need to get agitated. Some people enjoy sitting in the car for multiple hours, some people don't. I found it changed for me as I got older.
However, about those 20 minutes — this, again, is a misconception. Stop at a busy rest area or a gas station and actually start your stopwatch. If you are a single male, it might take you shorter. If you are with a family, 20 minutes is pretty much the minimum.
As a citizen I wish cars had similar driving break requirements as trucks do: mandatory 30 minutes break after 4.5 hours, 9-ish hours per day, minimum 9~11 ish hours break between driving days.
Such minimum reasonable rest is what keeps you from killing innocents with your 2-ton weapon/tool.
I suspect that my Tesla adjusts its location based on dead reckoning after losing GPS lock except that it assumes that I'm driving forwards. I.e. If I reverse out of my garage, then the map ends up in the wrong place and now I'm driving parallel to the road!
Back in the days of MapQuest there was a (usually) very good site called mapsonus.com, but it evidently had one of the ferries that crossed Boston Harbor in its map as a zero distance link.
Since it was offline, the bug was obvious although a bit frustrating - you had to put in multiple waypoints to make it forget its urge to send you on the ferry to Hull when you were trying to get to parts of the South Shore.
As you're mentioning a RO/RO ferry, recently, and Europe... are you sure you weren't in a GPS-denied environment, where the car (correctly) detected that GPS was jammed or spoofed and ignored it?
One hypothesis I can offer is that your car could not, for whatever reason, use assisted gps to download the almanach which relies on mobile networks. Gps devices that download the almanac via gps itself can take up to twelve hours (in higher latitudes i think)!
>On a vaguely related note, driving 3000 kilometers through Europe in an electric car was surprisingly nice.
I did 2 cross country road trips here in the US (~5000mi/8000km total) and had a similar experience. The nav's automatic charger routing did a great job, and we had 0 issues with charging.
Possibly it was using WPS keyed to the ferry's WiFi and didn't consider the possibility that the ferry itself could move out of where it was registered (ie, the port)?
Perhaps the car is programmed to ignore all external signals for a while if it detects significant disagreement for a prolonged time, as might have happened if it had access to both WPS and GPS during the ferry ride. In such cases it would be safe to assume that something is being spoofed, and fall back to INS.
Civilian GPS (as in, the DoD’s Navstar) alone isn’t accurate enough to actually place you on a specific road. To compensate, auto navigation systems will snap you to the nearest road parallel to your current heading. Tesla likely didn’t consider the edge case of ferries and other off road situations in their mapping software and you hit some corner case bug.
This used to be true, but the DoD turned off "selective availability" (the intentional degrading of the civilian signal) back in 2000, and the current generation of satellites do not have the capability (https://www.gps.gov/selective-availability). What they do have though is a separate, encrypted, military broadcast that can be used for those purposes (I think the plan in those situations is to turn off civilian GPS entirely - but I think that there's no reason for that, now, due to the other navigation systems like GLONASS).
Even without selective availability gps is only accurate to within about 30’ in normal urban conditions which is more than enough to punt you over to a side street without heuristics on top.
I wonder if it's using a compass and odometry (distance) with dead reckoning. A strange choice when GPS is available, but it would account for the map moving in the car's direction and it not changing locations when it moved without rolling (ferry).
Almost certainly. GPS is not only easily jammed, but easily spoofed. If the car believed GPS instead of its own eyes, so to speak, then there’s significant potential that you’d see glitches more often. It could also be something of a safety risk when using its self-driving capabilities.
Makes me wonder why there isn't a UI feature within easy reach to let the user drag a pin on a map and tap "I know I'm here right now"... and if that agrees with where GPS also indicates, let's it reset its notion of "I must be getting spoofed right now" thoughts in addition to calibrating other notions of current location.
In addition to sibling's comments about jamming and self driving safety, there are many driving situations where there is no or poor GPS reception: tunnels, double deck bridges, double deck freeways, underpasses, urban canyons, actual canyons, etc. Also regional problems. The GPS constellation is in a 55° inclination, so if you are north of ~55N, or south of ~55S, you need a clear view of the southern/northern sky, respectfully, for reception, since there will be no overhead satellites.
Somewhat pointless given that for most of these companies this would have to be an international effort. Google will hand over your info if the "authorities" from Azerbaijan request it.
For all the negative press he gets and the way he treats his workers I'm surprised he still has resources allocated to handle complaints sent to his inbox.
It's unlikely to be Bezos himself handling those mails but it's still going to be some secretary with much more options than the cheapest phone support worker money can buy.
This also works for many other companies by the way - find or guess the email of someone high enough up the management chain and you have a much better chance of your issue ending up with someone who can actually do something about it than phone support following a fixed script. Bottom barrel support options are a choice the company is making and you do not have to play by their rules.
I'm just always a little surprised to read things like "i couldn't live without Amazon," and i wonder if there are no other alternatives for two day shipping on other countries or what it is that keeps people stuck on Amazon instead of using other next-day deliveries
It's convenience. Two day shipping is irrelevant to me but there are no alternatives here even approaching the breadth of stock. So instead of dealing with one devil I know I would have to deal with several devils, some of which will be worse than Amazon.
People in my circles in the US (in an area with tons of alternative options) look at me like I have two heads when I say we don’t have Prime and never shop on Amazon. For many, I think, Amazon has simply been the default option to buy anything for long enough now that it’s ingrained muscle memory.
Big part of that is just that it's insanely easy to use compared to most of the competition.
But still, most people go to the shop to buy toilet paper. Once you get used to Amazon, it just saves so much time and effort. The prices aren't bad either, I just checked toilet paper on amazon.com and 30 rolls of good quality amazonbasics toilet paper costs $0.22 more than the equivalent kirkland product on costco.com
You can order almost everything you need in the same app, whenever you feel like it. Just a couple of clicks, no need to fill in delivery information or anything.
The only part where YMMV is receiving the parcels obviously.
I did have Prime for like 10 years, I just eventually realized that between the not-infrequent annoyances with shipping and the endless search results full of total junk and/or fake products it wasn’t as convenient as I’d thought, it more so just became my default.
There’s a corner store about a two minute walk from my front door, I’m certain their toilet paper is more expensive than Amazon’s, but I can have it right now if I want, and I’m not dealing with the stupid interface asking me if I want “18-count (345 sheet, 9 pack)” or the “XL 27 count (256 sheet, 5 pack)” version of the same product.
Target will deliver anything i want next day for free, without a subscription, and same day with a subscription. Walgreens, 2 days. There's almost never anything i need faster than 2 days time that one of them doesn't have. And if i do, well, then worth the premium to go to an actual physical shop.
I live between central London and a smaller European city, the competition is generally much much worse.
Sure, for every individual item there might be a better better local option. I'd have to spend time finding that, then go through the terrible order process and hope their delivery service isn't utter shit. Oh, and yeah, half the time they'll probably block my order because I'm using a non-european card.
Just being able to use Amazon for almost everything starting from bottled water and toilet paper saves me immense amounts of time. I can generally trust that the stuff I order reliably arrives at the concierge, which isn't a given.
And FWIW, most of the time I've shopped around, Amazon has been cheaper or essentially the same price. Doesn't really matter to me, but it is a plus. I'd happily pay more for a more convenient service, but in this case it seems I'm usually paying less.
Why i asked what country, here in the US i can order same-day or next-day from several other places than Amazon for roughly the same price, and without paying for prime
It's not that Amazon is irreplaceable, but sometimes it's the best option by far depending on where you live and what you're looking for.
I'm in Austria (not Australia) and local retail prices are infamous for being 25% to 100% higher than in neighboring Germany for the same stuff because of cartel behavior of local retail industry.
Buying from amazon Germany means I can get the same prices as Germans (with +1% extra for higher Austrian VAT) for the same goods.
I'd love to give up Amazon in favor of local stores but local cartels are just as bad or even worse.
So to fix the Amazon problem you need to fix the competition problem first, which is caused by players other than Amazon too.
Worse is that local shops also often have a bad customer experience when things go wrong - but now it's a new different flow for every store instead of a known quantity.
>At the same time, AML solutions tend to be a closely guarded black box which simply tells you to block a customer, finding out why is pretty difficult.
For a good reason! You, as a rule, really don't want to tell the customer why you're blocking them. What will happen in the end is that you will be facing federal charges for assisting the money launderers because you kept telling them what they're doing wrong.
> This is the same failure mode of all security-through-obscurity. Secrecy means that bad guys are privy to defects in systems, while the people who those systems are supposed to defend are in the dark, and can have their defenses weaponized against them.
That’s a great article - explains what I haven’t fully thought through or quite been able to put into words but what I’ve always felt, because the “you can’t tell people the secret rules” with things like money laundering is treated by many as obvious, but has never sat right with me.
I disagree with this article—its premise relies too heavily on the oft repeated, oft misunderstood line “there is no security in obscurity.”
This concept is used to argue that obscurity shouldn’t be used at all as a defense mechanism, when really all it means is it shouldn’t be your only line of defense.
Obscuring aspects of a system can contribute to its overall functioning: it’s a filter for the laziest of adversaries, and it creates an imperative for more motivated ones to probe and explore to understand the obfuscation, creating signal and therefore opportunities to notice their behavior and intervene.
I think for anyone who has dealt firsthand with mitigating online fraud, hackers, spam, trolls, cheating etc, the idea of having completely transparent defense mechanisms is pretty much ludicrous.
Also, to be fair, for money laundering it does raise the barrier to entry quite a bit. Doesn't matter if you have billions of dollars to launder, could already make quite a bit of a difference if you only have millions of dollars to launder.
reply