In principle, if you ping from multiple known interfaces and paths, you can infer probable location, with confidence going up with the more known points of reference you have. You can do a little calculation and triangulation based off of latency and responsive known targets traversing the same path as the endpoint you're trying to geolocate, and get a very high confidence result for zip code, city, or maybe even 3-4 block radius, if there are a bunch of ISPs in the region. Even with only 3-4 ISPs, by sourcing from different directions along different networks you can get more resolution in the final estimated radius for geolocation.

You can even use a whole bunch of fuzzy rough estimations for endpoints in a region to get progressive increments in resolution until you're happy with a precise location. You can also use educated guesses about the type of router at each hop, then use response times and behaviors for pings coming from different directions at different times. If you can arrange to traverse a node and pump traffic over it, you can use behavior with different types of traffic to elicit the type of router, the policies in place, and so on.

It's a good idea to turn off responses to pings and minimize the amount of information available, even if it seems mostly harmless. The amount of information you can get from the public internet, just in terms of basic network utility functions and behaviors, is probably a lot more than most people ever consider.