GeoIP database issues and the real world consequences
laszlo at heliacal.net
Wed Apr 13 12:40:19 UTC 2016
On 2016-04-13 05:57, Todd Crane wrote:
> As to a solution, why don’t we just register the locations (more or less) with ARIN? Hell, with the amount of money we all pay them in annual fees, I can’t imagine it would be too hard for them to maintain. They could offer it as part of their public whois service or even just make raw data files public.
> Just a though
Ultimately these services want to locate users, not routers, servers,
tablets and such. If you want to answer the question "where is the
user?" then you have to ask them - only they know the answer - not their
ISP, not ARIN, not DNS. If you really insist on using the IP address,
then maybe you could connect to it and ask it, like an identd scheme.
This could be built into a web browser and prompt the user asking
permission. As long as we're using a static list of number -> location
we will just be guessing and hoping they stay near the assumed location
and we're not too wrong. This whole practice of trying to map network
numbers is the problem.
Also note that one of the things that wasn't explicitly mentioned in the
original article but was hinted at was the use of something similar to
Skyhook, another static list of address -> location. It sounded like the
'find my phone' services were leading people to an Atlanta home based on
having a wireless access point that was recorded as being there. This
is similarly wrong, but not the same as geolocating IP addresses. It
geolocates wireless AP MAC addresses. You can really see this break
down when the wireless AP is on a bus.
More information about the NANOG