Increasing problems with geolocation/IPv4 access

Mon Feb 6 00:09:02 UTC 2023

One would also think that large OTT content providers which publish Android
and IOS apps could use the geolocation-permission data gathered from the
device, telemetry reported to their own internal systems to gather their
own independent data sets on where customers are geographically located, at
least as coarse to a specific metro area.. And use that to clean up
geolocation features where 3rd party IP geolocation datasets don't match
reality.

At the smallest scale of customer count: For instance if they have many
dozens or hundreds of subscribers whose devices often sign in from the same
/24 block, *and* in which that block is not known to be cellular
carrier/MNO/MVNO IP space, *and* the devices' geolocation API data reports
they're in a certain suburb of Portland. Or even if you have something like
a smart TV in a house which has no geolocation ability/API exposed but many
of the customers' *other* devices which *do* report geolocation API often
sign in to the same account from the same residential-last-mile-provider
dhcp pool /32 address.

The amount of telemetry data collected off an android or ios devices these
days by most consumer apps is quite comprehensive, and as we all known the
average person is extremely likely to click "Yes/accept" on any
software/interface modal popups, so the majority of the devices will not
have geolocation blocked.  They already have whole teams of highly paid
software developers working on the DRM-specific code in their video
streaming apps, so clearly some use of that data is made already.

On Sat, Feb 4, 2023 at 11:41 PM John van Oppen <john at vanoppen.com> wrote:

> Honestly, the only way I’ve found to fix this is completely fill it with
> subscribers off a BNG and give support a script about what to tell
> customers.
>
>
>
> I’ve had folks literally get the wrong TV channels because we assign
> unused blocks in Portland Oregon out of our parent large aggrigates and the
> geo folks have our whois address in the seattle area so give them seattle
> channels.    God forbid these OTT folks just design the product right and
> use the verified billing zip code on the account or something else that
> actually is authoritative.
>
>
>
> *From:* NANOG <nanog-bounces+john=vanoppen.com at nanog.org> *On Behalf Of *Josh
> Luthman
> *Sent:* Monday, January 23, 2023 1:09 PM
> *To:* Jared Mauch <jared at puck.nether.net>
> *Cc:* nanog <nanog at nanog.org>
> *Subject:* Re: Increasing problems with geolocation/IPv4 access
>
>
>
> Every block I've gotten I just went through TheBrothersWisp geo location
> page and just had them fix their information.  This includes virgin and
> re-issued blocks from ARIN.
>
>
>
> I've had a couple of random issues like Hulu thinking I'm a VPN, PSN
> blocking a /24 because a /32 failed his password too many times, and
> various streaming issues of which I tell customers to complain to the
> streaming provider because all of the other ones work.
>
>
>
> On Fri, Jan 20, 2023 at 7:32 PM Jared Mauch <jared at puck.nether.net> wrote:
>
> I’ve been seeing an increasing problem with IP space not having the
> ability to be used due to the behaviors of either geolocation or worse,
> people blocking IP space after it’s been in-use for a period of time.
>
> Before I go back to someone at ARIN and say “your shiny unused 4.10 IP
> space” is non-functional and am at a place where I need to
> start/restart/respawn the timer, I have a few questions for people:
>
> 1) Do you see 23.138.114.0/24 in any feeds from a security provider that
> say it can/should be blocked?  If so, I’d love to hear from you to track
> this down.  Over the new year we had some local schools start to block this
> IP space.
>
> 2) many companies have geolocation feeds and services that exist and pull
> in data.  The reputable people are easy to find, there are those that are
> problematic from time-to-time (I had a few customers leave Sling due to the
> issues with that service).
>
> 3) Have you had similar issues?  How are you chasing all the issues?
> We’ve seen things from everything works except uploading check images to
> banks, to other financial service companies block the space our customers
> are in.  If we move them to another range this solves the problem.
>
> 4) We do IPv6, these places aren’t IPv6 modern at all, so that’s no help.
>
> 5) IRR+geofeed are published of course.  I’m thinking that it might be
> worthwhile that IP space have published placeholders when it’s well
> understood, eg: ARIN 4.9 space, I can predict what our next allocation
> would be, it would be great to have it be pre-warmed.
>
> I’ve only seen a few complaints against all our IP space over time, so I
> don’t think there’s anything malicious coming from the IP space to justify
> it, but it’s also possible they didn’t make it through.
>
> If you’re with the FKA Savvis side, can you also ping me, I’d like to see
> if you can reach out to our most recent complaint source to see if we can
> find who is publishing this.  Same if you’re with Merit or the Michigan
> Statewide Educational Network - your teachers stopped being able to post to
> powerschool for their students over the new year break.  They’ve fed it up
> to their tech people towards the ISD.  Details available off-list.
>
> Any insights are welcome, and as I said, I’d like to understand where the
> source list is as it starts out working then gradually breaks, so someone
> is publishing things and they are going out further.
>
> - Jared
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20230205/528f70e3/attachment.html>