I guess what he was trying to say was that by using VPN the user could hide the fact that he was using StarLink as the real IP address was hidden.
But just as you said, why would anyone need to check someone's network traffic to determine whether he was using StarLink? The RF signal itself is more than enough.
- If your adversary has access to your ISP's data they can tie IP to address/geofences.
- If they where clever they could time the latency and find how far you are on relative to the satellite. Giving a circle path to look at. Meaning plane could find you by flying along the circle. So I guess it could help them track the radio signal...
> - If they where clever they could time the latency and find how far you are on relative to the satellite. Giving a circle path to look at. Meaning plane could find you by flying along the circle. So I guess it could help them track the radio signal...
If they had compromised your satellite providers infrastructure, otherwise no. This isn’t how the internet works.
Lets say I control a few assets like a website, news.com, a DNS server, and relegram, a messaging app, and control the ASs that route to them.
Let's say the target posted something to relegram. I grab to logs and gain the IP. Cool, now I have the IP.
I add the IP to a list that instructs my controlled ASs to collect latency stats during handshake protocols (could do it from the end assets but this should be easier/better).
Meanwhile I also look up who owns the blocks the IP is from, likely finding their ISP.
If it a satellite provider I could go grab a a friendly dish in a known location and add that to list as well for the baseline. I could at this point double check my seconds/meter converter by moving said dish but it likely to track with physical constants.
After getting ten thousand hits or so I take the difference between the mean baseline latency and target latency and translate it to distance with my constant. Now I know the target should be within ~x of the satellite. I also have a map with terrain so the torus becomes a circle with a hole in it.
Now I take a plane and hopefully it can fly high enough between the satellite and the circler path as to 'shadow' a statistically significant portion of the area as it goes around.
There's a bunch of flawed assumptions hidden in this. Some examples:
* The distance between the user and the satellite is fixed. With a LEO system, the difference between a satellite being straight overhead at 400km elevation and at 10 degrees elevation over the horizon is a difference of 1000km. Passes at this elevation are minutes long, capping out around 15 minutes.
* The path from the satellite to the groundstation is fixed. Same reasoning above.
* A user in a fixed location's traffic would go through only a single groundstation to the internet. Unless that user is colocated with a groundstation, there's going to be periods of covisibility with different groundstations, so there's going to be wholly separate paths for the traffic to take. This varies even more as you start to look at polar satellites, which SpaceX has outfitted with optical crosslinks. Your traffic could be getting dumped onto the internet at groundsites thousands of kilometers away within the a single pass.
This isn't to say that there's zero chance of latency analysis from an adversary with enough internet presence, but it's many orders of magnitude harder than your simple analysis would suggest.
I was assuming geostationary satellite in example to point out that obscuring the IP could add a layer of security.
In regards to your general point I am making assumptions and it would be harder. But within an order of magnitude. A great place to use some basic machine learning.
In regards to LEO being harder... I agree the the latency analysis will have more moving pieces. But it being better in terms of resulting anonymity would depend on its implementation...
