GeoIP database issues and the real world consequences
nathana at fsr.com
Wed Apr 13 09:41:54 UTC 2016
+1; had similar thoughts, even when reading the article. However, I don't really get especially angry/frustrated with the individual idiots who ignorantly used some sort of geolocation service to try to hunt down and exact revenge on somebody whom they *thought* they were being victimized by. I'm not saying what they did was acceptable, but I fully expect that kind of behavior from the average joe.
What I do get upset hearing about, though, is law enforcement agencies using that kind of data in order to execute a warrant. There is nothing actionable there, and yet from the sounds of it, some LEAs are getting search warrants or conducting raids on houses where they believe they have a solid 1-to-1 mapping of IP address to physical address. Which is absolutely inexcusable.
The one area where a company like MaxMind might have some potential blame to shoulder is their marketing. I know next-to-nothing about them and their product, having only heard about them for the first time in the context of this story, so I have no idea how they represent their solutions to prospective users. And maybe it wasn't even them exaggerating what is technically possible, but some other front-end service that uses their APIs and their data. But one has to wonder how someone in law enforcement might have gotten the idea that you can plug an IP address into a service like this and get back a lat/long that accurately represents to within a few meters where that traffic originated.
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Todd Crane
Sent: Tuesday, April 12, 2016 10:58 PM
To: Jean-Francois Mezei
Cc: nanog at nanog.org
Subject: Re: GeoIP database issues and the real world consequences
I like (sarcasm) how everybody here either wants to point fingers at MaxMind or offer up coordinates to random places knowing that it will never happen. What ever happened to holding people responsible for being stupid. When did it start becoming ((fill in the blank)) coffee shop’s for you burning your tongue on your coffee, etc. I’ve seen/used all sorts of geolocation solutions and never once thought to myself that when a map pin was in the middle of a political boundary, that the software was telling me anything other than the place was somewhere within the boundary. Furthermore, most geolocation services will also show a zoomed-out/in map based on certainty. So if you can see more than a few hundred miles in the map that only measures 200x200 pixels, then it probably isn’t that accurate.
As to a solution, why don’t we just register the locations (more or less) with ARIN? Hell, with the amount of money we all pay them in annual fees, I can’t imagine it would be too hard for them to maintain. They could offer it as part of their public whois service or even just make raw data files public.
Just a though
More information about the NANOG