I tested on several hosts I know to be running pretty much "as delivered by ISP" NAT and they correctly respond with RST on receipt of a SYN for which there is no listening service. Anyway it doesn't detract from the point that you can also measure that from the client side with reasonably simple JS.

I disable JavaScript and all client side scripting by default, who doesn't (don't answer that, too few).

My router (Netgear DG843Gv3) ignores unsolicited requests as a default (as far as I know).

If there is a principle, it is if you want privacy, don't volunteer information.

The characteristic resonance given off by the particular make of tin foil in your TFH should worry you more.

When you can reliably identify my location by tin-foil resonance I'll start worrying!

In reply to a post by john2007:

Not relevant to you (as you are retired).

But someone posting from work and home could well be uniquely identified.

If you know enough about someone to be able to equate their home and work addresses you probably doin't need to be doing TDR-alike comparisons to triangulate their location.

In reply to a post by john2007:

Not quite the point. Final leg pings (exchange to home) should be consistent.

Shame that on virtually all ISPs this last leg is done over layer 2 or encapsulated in a higher level protocol

On BT Wholesale for example you'll see nothing after the ISP LNS until the client despite there being however many routers and/or ATM switches in between. Same on most LLU, regional aggregation points and layer 2 links to exchange. Only Sky use IP DSLAMs as far as I'm aware.

Yes. If you know someones work and home address you wouldn't need to use additional technology to discover their work or home address.

The TCP timestamp option is another nice easy way of measuring RTT, it can be set by either end of a TCP connection (from memory) and gets "reflected" back with ACKs. So you could measure latency using an <img> tag in a plain HTML page for example. There are plenty of innocent ways to measure something as simple as latency, I'm sure there are some far more creative ones I've not even considered too.

This technology is flawed in any event, it relies on there being similarly configured access networks between the landmarks and the target. DSL has a number of interleave profiles, cable modem also has variable interleave and base latency and neither is a match for a point to point fibre connection.

There's also the assumption of the same optical route to places which may or may not be the case again, looking for the same routers is all well and good but with MPLS networks hiding hops and use of PPP and L2TP along with layer 2 VPLS networks this isn't massively reliable either.

It's interesting but that's as far as it goes imho. Assumes too much to be too useful in many cases.

I'd draw a distinction between volunteering information (visiting a web-site) and being probed (ping).