amuck-landowner

How “IP mapping” turned a Kansas farm into a digital hell

fm7

Active Member
Excerpts


...


The plot has been owned by the Vogelman family for more than a hundred years, though the current owner, Joyce Taylor née Vogelman, 82, now rents it out. The acreage is quiet and remote: a farm, a pasture, an old orchard, two barns, some hog shacks and a two-story house. It’s the kind of place you move to if you want to get away from it all. The nearest neighbor is a mile away, and the closest big town has just 13,000 people. It is real, rural America; in fact, it’s a two-hour drive from the exact geographical center of the United States.


But instead of being a place of respite, the people who live on Joyce Taylor’s land find themselves in a technological horror story.


For the last decade, Taylor and her renters have been visited by all kinds of mysterious trouble. They’ve been accused of being identity thieves, spammers, scammers and fraudsters. They’ve gotten visited by FBI agents, federal marshals, IRS collectors, ambulances searching for suicidal veterans, and police officers searching for runaway children. They’ve found people scrounging around in their barn. The renters have been doxxed, their names and addresses posted on the internet by vigilantes.


...


The trouble for the Taylor farm started in 2002, when a Massachusetts-based digital mapping company called MaxMind decided it wanted to provide “IP intelligence” to companies who wanted to know the geographic location of a computer to, for example, show the person using it relevant ads or to send the person a warning letter if they were pirating music or movies.


...


In order to deal with that imprecision, MaxMind decided to set default locations at the city, state and country level for when it knows only roughly where the IP address lives. If it knows only that an IP address is somewhere in the U.S., and can’t figure out anything more about where it is, it will point to the center of the country.


...


As any geography nerd knows, the precise center of the United States is in northern Kansas, near the Nebraska border. Technically, the latitudinal and longitudinal coordinates of the center spot are 39°50′N 98°35′W. In digital maps, that number is an ugly one: 39.8333333,-98.585522. So back in 2002, when MaxMind was first choosing the default point on its digital map for the center of the U.S., it decided to clean up the measurements and go with a simpler, nearby latitude and longitude: 38°N 97°W or 38.0000,-97.0000.


As a result, for the last 14 years, every time MaxMind’s database has been queried about the location of an IP address in the United States it can’t identify, it has spit out the default location of a spot two hours away from the geographic center of the country. This happens a lot: 5,000 companies rely on MaxMind’s IP mapping information, and in all, there are now over 600 million IP addresses associated with that default coordinate. If any of those IP addresses are used by a scammer, or a computer thief, or a suicidal person contacting a help line, MaxMind’s database places them at the same spot: 38.0000,-97.0000.


Which happens to be in the front yard of Joyce Taylor’s house.


...


Tony Pav lives in a house at the end of a cul-de-sac in Ashburn, Virginia. Among other things, Ashburn is home to a number of large data centers. As a result of all of these data centers, there are a gigantic number of IP addresses associated with Ashburn—more than 17 million in all.


And due to the way MaxMind selected its default locations, all 17 million of these IP addresses appeared to be located in Pav’s home.


Pav told me he first started experiencing problems four years ago. In 2012, he came home late one night to find the police about to break down his door. They said they were looking for a stolen government laptop with personal information on it. He let them in to search; it wasn’t there, even though its IP address was pointing right at his house.


“They tore up my house looking for it, and found nothing,” he said.


...


The physical mapping of computer addresses is one of the many aspects of the internet infrastructure that is almost completely unregulated. It is a task performed by private companies, and not just MaxMind. No one is officially in charge, and so there was no obvious party that Tony Pav or Joyce Taylor could go to in order to find out why this was happening, or get it fixed.


...


Now that I’ve made MaxMind aware of the consequences of the default locations it’s chosen, Mather says they’re going to change them. They are picking new default locations for the U.S. and Ashburn, Virginia that are in the middle of bodies of water, rather than people’s homes.


...



Full article:


http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/
 
Last edited by a moderator:

lowesthost

Member
Verified Provider
I have noticed this flaw many times and did not think much about  it (the Kansas one) . If I noticed almost immediately why couldn't law enforcement DUH.   At any-rate it should not have been like that in the first place  they should jut put the coordinates at the North or south pole or would Law enforcement make a special trip to arrest Santa Clause (for the north pole) :) 
 

drmike

100% Tier-1 Gogent
Thanks for posting this :)


I read this the other day.  What can I say?


Irresponsible of MaxMind.   Place the coordinates in the middle of a lake or ocean if undetermined.  Been like this for a decade plus.


I saw the potential in geo-location, however, every idiot has went this route and it is frustrating.  I live on VPN.  So daily my world mutates into me being in UAE, being in California, being in New York, etc.  Most it literally is from VPN reconnecting as happens and GEO-IP being retarded on whatever public IP I then have.


Many sites use the same stupidity.  Was looking at national big box retailers regionally for parts other day.  Not only am I geo wrong, but changed to regional store and it wouldn't stick.  So multiple times changing the crap.


That only addresses the end user terror experience of IP = location cause some asshat company arbitrarily said so.


The law enforcement relationship, people in government jobs should be fired for gross incompetence and violating the rights of citizens.  They wouldn't hire an officer without proper firearms training and let the idiot go shoot themself or other officers?  But for some reason when it comes to warrants and digital work it is like anything goes and some low IQ jock steamrolls into Court where equally ambitious jocks rubberstamp shit?  Sorry but Courts should delegate research to staff before signing anything like this.  Make super sure facts seem legit.  Warrant service is nothing to just be sloppy with or to disregard the rights of others cause some judge wearing a dress and absent his powdered wig just can stamp it and give 0 f-cks.


I really really feels for the people mentioned in this article.  They should bring a lawsuit.


I use IP data, but it's not gospel, nor should it ever be. Purely use it for internal data and reporting and nothing that would implicate innocent person or cause their view of online to be manipulated to random place relationship.
 

fm7

Active Member
Thanks for posting this :)


I read this the other day.  What can I say?


Irresponsible of MaxMind.   Place the coordinates in the middle of a lake or ocean if undetermined.  Been like this for a decade plus.

The law of unintended consequences is at work always and everywhere. :)


IMO blaming MaxMind promotes "IP location" to "Supreme Truth" and arises the question how should MaxMind proceed with dynamic IPs? Drown them too? :)


Time to Google Rat (Beta) and its massive database of MAC addresses and locations.
 

KuJoe

Well-Known Member
Verified Provider
The owners of the Kansas farm are missing a big business opportunity with this if they're truly getting as many visitors as they say they are. Maxmind is not at fault here because they decided to round off the coordinates and it happened to land within a property that is 360 acres. Seriously, the article neglects to mention the size of the property (15681600sqft is over half a square mile), it's not like some 1000sqft house on a 2000sqft property, if you look up the coordinates on Google Maps it literally puts you in the middle of a field and not near their house. This is horrible reporting at it's best to stir up conflict where there isn't any. Do you know where where Maxmind would send people if they didn't round? Here: http://www.kansastravel.org/geographicalcenter.htm


So if the choices are the middle of a field or an actual landmark which is worse?
 
Last edited by a moderator:

fm7

Active Member
 Seriously, the article neglects to mention the size of the property

First paragraph:


"An hour’s drive from Wichita, Kansas, in a little town called Potwin, there is a 360-acre piece of land with a very big problem."


BTW ...

Last year, I discovered a young couple in Atlanta that suffered from a similar, but less severe, issue: Since the couple moved into their home a year ago, dozens of strangers have visited looking for lost and stolen smartphones. The visitors are led there by Find-My-Phone apps that say the phones are located inside the house. (They aren’t.) While helping the couple try to figure out their mystery, I teamed up with the podcast Reply All and a security researcher named Dave Maynor. When Maynor visited the house to investigate, he discovered that it was one of the only houses in the neighborhood with a router and wifi. The couple lived in a digital desert, and because of the way some location mapping works, looking for a permanent network in the area to act as an anchor, lots of IP addresses were getting attached to the house.


After I published that story, I began wondering if there were other homes in the country like it. I asked Maynor if there was a way to find out and he said he could build a program that would crawl through a public Maxmind database of mapped IP addresses to see if there were physical locations that appeared repeatedly. Within a couple of days, he had sent me a spreadsheet with thousands of home addresses along with the number of IP addresses attached to them. The Taylor home was at the very top of the list; the 600 million IP addresses attached to the home were an order of magnitude higher than at any other location. (The Atlanta home was number 865 on the list.)
 
Last edited by a moderator:

DomainBop

Dormant VPSB Pathogen
This is from a MaxMind blog post patting themselves on the back for having more accurate geolocation data than the competition:

The gold standard for establishing IP geolocation accuracy involves comparing databases against ground truth data, known IP-location pairs. The CAIDA researchers were able to access three such datasets representing French DSL end users, academic IPs, and routing infrastructure.


MaxMind’s GeoIP City database, which is optimized for locating end-users, was by far the most accurate in geolocating the French DSL users, accurately geolocating 70% of addresses within 10km of the ground truth.

Using the College Board's GPA scale to rate MaxMind's accuracy, the "most accurate" geolocation data provider gets a grade of  C- or a 1.7 GPA.   There aren't many industries where providing customers a dataset that barely qualifies as mediocre would be a source of pride.

Time to Google Rat (Beta) and its massive database of MAC addresses and locations.

Google needs to work on their accuracy.  In the past 6 months their geolocation has placed my main VPN IP (which is hosted on a VPS in a DC in NYC) in Toronto, Hong Kong, Los Angeles, and Istanbul so I've had the please of learning Chinese and Turkish when I try to do a search on Google. :)

So if the choices are the middle of a field or an actual landmark which is worse?

MaxMind should change the default location of those 600 million unknown IPs from the farmer's field to their own office.  Problem solved. :p
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
I forget what the total stupid numbers were that were off / randomly set by Maxmind, if it factors out to a C-, that's seemingly good... mediocre.


Guess I expect more... Since they've conned so many into their net and source of so much bad experience.


Junior-level GeoIP Release Engineer

MaxMind is looking for a talented and highly motivated person to help us build, release, and improve our GeoIP databases. This is a great opportunity for someone with some background with Linux and programming who is interested in becoming a software engineer. Our GeoIP data is used by thousands of companies around the world, including most of the world’s most visited websites.

Founded in 2002, MaxMind is an industry-leading provider of IP intelligence and online fraud detection tools. MaxMind is privately held and based in Waltham, Massachusetts.

The Position
Every week we release a few dozen GeoIP databases in various formats. To do so we must prepare the input data, transform it using multiple build steps, and check the quality of the output against the previous release.

As part of the existing process we always look for ways to improve our data quality. We also want to improve the build code and automate the build steps. Ultimately, this will result in a more efficient release cycle.

You will be responsible for both managing the current build process and improving it. This will involve documenting the current build process as you go, using command line tools, maintaining the legacy build code in Perl, and automating the build process, and refactoring and rewriting parts in modern Perl as appropriate.

MaxMind will provide a dedicated, in-office programmer to pair with, give guidance, and review code. We will also provide paid time and a budget for learning opportunities as appropriate.

Required Knowledge, Skills, and Abilities
Unlike most positions which seek existing ability to do a job, we are looking for someone who can grow into a software engineer.

In particular, we are looking for someone who has:

High aptitude with logic and mathematics and the ability to learn new programming languages, including Perl
Experience with Linux/Unix, command line tools, and some programming background
Comfort working with large amounts of data in sometimes messy datasets
A willingness to work with and make improvements to a large, crufty legacy codebase




I think they need some SENIOR level help.
 

fm7

Active Member
MaxMind tests the accuracy of the GeoIP2 and GeoIP Legacy Databases on a periodic basis. In our recent tests, the databases were 99.8% accurate on a country level, 90% accurate on a state level in the US, and 81% accurate for cities in the US within a 50 kilometer radius.


Our GeoIP2 Precision: City and Insights services accurately geolocate 2% more IPs to cities and 5% more IPs to postal codes in the United States than the GeoIP2 and GeoIP Legacy downloadable databases.


Please enter a country in the text box to view accuracy data for that country or leave it blank to view data all countries. The location is considered to be correctly resolved if it falls within the selected distance of the true location of the IP address.


50 km


 


Correctly Resolved


Incorrectly Resolved


Unresolved


Argentina


73%


14%


13%


Australia


74%


23%


3%


Austria


70%


8%


22%


Belgium


81%


6%


13%


Brazil


73%


20%


6%


Bulgaria


74%


7%


19%


Canada


84%


12%


3%


Chile


84%


13%


2%


China


65%


23%


12%


Colombia


61%


22%


17%


Costa Rica


90%


8%


3%


Croatia


57%


20%


23%


Czech Republic


76%


10%


14%


Denmark


84%


6%


10%


Ecuador


82%


18%


0%


Egypt


72%


8%


20%


Estonia


81%


5%


15%


Finland


55%


7%


38%


France


67%


24%


9%


Germany


76%


17%


7%


Greece


62%


16%


22%


Hong Kong SAR China


98%


0%


2%


Hungary


77%


8%


15%


Iceland


83%


13%


4%


India


61%


26%


13%


Indonesia


74%


15%


11%


Ireland


54%


7%


39%


Israel


69%


7%


24%


Italy


60%


27%


13%


Japan


78%


9%


13%


Latvia


81%


9%


10%


Lithuania


72%


9%


19%


Luxembourg


93%


2%


5%


Malaysia


73%


21%


6%


Malta


91%


0%


9%


Mexico


58%


36%


5%


Netherlands


81%


6%


12%


New Zealand


65%


24%


11%


Norway


83%


9%


9%


Pakistan


76%


19%


4%


Peru


80%


8%


12%


Philippines


55%


31%


14%


Poland


63%


24%


13%


Portugal


72%


9%


19%


Puerto Rico


92%


6%


2%


Qatar


99%


1%


0%


Romania


72%


16%


12%


Russia


86%


10%


4%


Saudi Arabia


70%


18%


13%


Serbia


74%


21%


5%


Singapore


99%


0%


1%


Slovakia


71%


8%


21%


Slovenia


78%


6%


16%


South Africa


72%


20%


8%


South Korea


66%


5%


29%


Spain


75%


14%


11%


Sweden


69%


8%


23%


Switzerland


74%


7%


19%


Taiwan


81%


6%


13%


Thailand


77%


16%


7%


Turkey


71%


17%


12%


Ukraine


74%


7%


19%


United Arab Emirates


93%


3%


3%


United Kingdom


79%


12%


9%


United States


84%


12%


3%


Uruguay


83%


17%


0%


Venezuela


59%


26%


14%


Vietnam


74%


25%


1%


Due to the nature of geolocation technology and other factors beyond our control, we cannot guarantee any specific future accuracy level. Nevertheless, we expect that the GeoIP2 City database will in the future correctly identify locations at the level of accuracy indicated in the table above.


https://www.maxmind.com/en/geoip2-city-database-accuracy
 
Last edited by a moderator:

fm7

Active Member
MaxMind should change the default location of those 600 million unknown IPs from the farmer's field to their own office.  Problem solved. :p

(Irony, I know)


Would be a solution that won't work to a problem that doesn't exist.


MaxMind makes available data not information and, of course, you can't control how applications use data or how people interpret data.


Popular applications of MaxMind data (*):


1) Poor man's CDNs  - usually country code data but some implementations use geographic distance as proxy to network proximity (route miles), a huge mistake when used in Asia, Africa, South America locations.


2) Visitor blocking -- a.k.a. How to Make Enemies and Irritate People


3) Log analyzers


4) Part of fraud screening processes


5) Default language and others (stupid) redirections


6) To decorate BS sites com flags, BS maps and BS location.


None of these applications require precise location and data not being accurate doesn't cause harm to third parties. The problems mentioned in the article were caused by irresponsible use of data and here I quote drmike:


"The law enforcement relationship, people in government jobs should be fired for gross incompetence and violating the rights of citizens."


(*) Maxmind's free GeoLite databases are less accurate.


United States - 50 km ratio:



 




 


Correctly Resolved


Incorrectly Resolved


Unresolved


GeoLite2 City


67%


15%


19%


GeoIP2 City


84%


13%


3%


GeoIP2 Precision City


84%


12%


3%


Basically the paid version corrects for AOL; Google, OpenDNS and others public nameservers;  some anonymous proxies / satellite providers. For the free version, all AOL users show up in the US; Google PDNS in California; etc.
 
Last edited by a moderator:

River

Member
Verified Provider
You'd think that after so long MaxMind would make it return all zeros or some coordinate that doesn't exist. Or even just say it isn't in the database!
 

Hosterbox

New Member
Verified Provider
Wow, that is insane. Imagine the long road this poor family had to go through in order to find out the actual cause of all of these weird events happening around them. 
 

graeme

Active Member
Maxmind should use the coordinates of something interesting, like NORAD or the White House.


Are there parallel cases in other countries?
 
Top
amuck-landowner