RE: GeoIP database issues and the real world consequences

[frnkblk]

Note that for E911 purposes we are required to use the MSAG 
(http://netorange.com/nena-reference/index.php?title=Master_Street_Address_Guide_(MSAG))
 to verify street addresses.  From what my co-workers at my $DAYJOB tell me, 
there are many new addresses that are not resolvable.  

Despite those shortcomings, E911 calls are responded to and US postal mail is 
delivered, specifically because a human remains involved in interpreting the 
information.  The same needs to be done with GeoIP results.

Frank

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jeremy Austin
Sent: Tuesday, April 12, 2016 8:55 AM
To: John Levine <jo...@iecc.com>
Cc: niels=na...@bakker.net; NANOG list <nanog@nanog.org>
Subject: Re: GeoIP database issues and the real world consequences

On Tue, Apr 12, 2016 at 3:55 AM, John Levine <jo...@iecc.com> wrote:

>
> Please don't guess (like, you know, MaxMind does.)  USPS has its own
> database of all of the deliverable addresses in the country.  They
> have their problems, but give or take data staleness as buildings
> are built or demolished, that's not one of them.


A qualifier.

USPS has a database of *most* of the deliverable addresses in the country.

I'm in an unorganized borough. The USPS actually has no mandate, funding or
lever that I can pull (that I can find) to keep their database up to date.
Easily 30% of the legitimate addresses in my area are not geocodable nor in
the USPS database.

I suspect that there are areas of my state with an even worse percentage of
unavailable data.

UPS and FedEx rely on the USPS database, but will not lift a finger to fix
this gap.

Even as a municipal body there is no available federal mechanism for
updating the database. I've tried multiple times over 15+ years.



So yeah, USPS' database does have its problems.

-- 
Jeremy Austin

(907) 895-2311
(907) 803-5422
jhaus...@gmail.com

Heritage NetWorks
Whitestone Power & Communications
Vertical Broadband, LLC

Schedule a meeting: http://doodle.com/jermudgeon

Re: GeoIP database issues and the real world consequences

[Valdis . Kletnieks]

On Thu, 14 Apr 2016 16:43:00 -0700, Todd Crane said:

> You do realize that this is the exact kind of thing that caused this
> discussion in the first place. I'm well familiar with that case. I was talking
> about my own experiences in the food service industry, but of course you 
> barely
> read a sentence and set on a war path accusing me of not checking my facts

Sorry.  You are *literally* the first person I've seen who's put "hot coffee"
and "responsible for being stupid" in a sentence who was actually familiar with
the case in question, and thought that the case had merit, and was
(apparently) actually talking about the follow-on cases rather than the
original case that made the news.  In addition, you didn't make it very clear
that you weren't talking about the original case.



pgpLMnatXs7qV.pgp
Description: PGP signature

Re: GeoIP database issues and the real world consequences

[Jay Hennigan]

On 4/13/16 6:25 AM, valdis.kletni...@vt.edu wrote:


You *do* realize that the woman in the McDonald's case got *third degree*
burns and required skin grafts, right?  Water at 180F is hot enough to
burn you - we even have a word for it: scalding.  And unlike sipping too-hot
coffee, where you can spit it out quickly, hot water spilled on clothing
continues to burn until the clothing is removed or cooled off - neither of
which is feasible when you're elderly and seated in a car.

And that she originally only sued for the cost of her medical bills, and the
jury increased it with punitive damages when presented evidence that over 700
other people had received burns?

Now go and get informed, and commit this sin no more :)

https://www.caoc.org/?pg=facts - how that lawsuit *actually* played out.


and http://www.stellaawards.com/ lists dozens of other lawsuits spawned 
by that result, as well as commentary on the McDonald's case. Last 
updated 2008 but I'm sure examples are still flooding in to a courtroom 
near you.


--
Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV

Re: GeoIP database issues and the real world consequences

[Todd Crane]

You do realize that this is the exact kind of thing that caused this discussion 
in the first place. I'm well familiar with that case. I was talking about my 
own experiences in the food service industry, but of course you barely read a 
sentence and set on a war path accusing me of not checking my facts, quite like 
somebody googling a geolocation for an ip and harnessing/threatening the other 
side.

As to the case, it had its merits, but since then it has spawned a whole bunch 
of people trying to get rich quick. Now every company has to put these warning 
labels to appease their insurance companies. Now we have people that can't 
think for themselves that NEED labels. It's much like the debate about trying 
to legislate common sense.

Todd Crane

> On Apr 13, 2016, at 6:25 AM, valdis.kletni...@vt.edu wrote:
> 
> On Tue, 12 Apr 2016 22:57:42 -0700, Todd Crane said:
>> .What ever happened to holding people responsible for being
>> stupid. When did it start becoming ((fill in the blank)) coffee shop
>> for you burning your tongue on your coffee
> 
> Whatever happened to holding people responsible for fact checking before they
> post? :)
> 
> You *do* realize that the woman in the McDonald's case got *third degree*
> burns and required skin grafts, right?  Water at 180F is hot enough to
> burn you - we even have a word for it: scalding.  And unlike sipping too-hot
> coffee, where you can spit it out quickly, hot water spilled on clothing
> continues to burn until the clothing is removed or cooled off - neither of
> which is feasible when you're elderly and seated in a car.
> 
> And that she originally only sued for the cost of her medical bills, and the
> jury increased it with punitive damages when presented evidence that over 700
> other people had received burns?
> 
> Now go and get informed, and commit this sin no more :)
> 
> https://www.caoc.org/?pg=facts - how that lawsuit *actually* played out.

Re: GeoIP database issues and the real world consequences

[Ben McGinnes]

On Tue, Apr 12, 2016 at 08:08:29AM +0300, Hank Nussbacher wrote:
> On 12/04/2016 00:41, Ricky Beam wrote:
> > On Mon, 11 Apr 2016 12:55:11 -0400, Chris Boyd
> >  wrote:
> >> Interesting article.
> >>
> >> http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/
> > ...
> >
> > "Until you reached out to us, we were unaware that there were issues..."
> >
> > Bull! I can dig up dozens (if not hundreds) of emails from coworkers
> > and customers who have complained to MaxMind about their asinine
> > we-don't-have-a-frakin-clue results. They've known for years! They're
> > paid for a definitive answer, not an "unknown", which is why the
> > default answer is the same near-the-center-of-the-country lat/lon. He,
> > personally, may have had no idea, but MaxMind The Company did/does.
> >
> 
> Its called class action lawsuit.

Yep.  It's also effectively the inverse of the Streisand Effect since
the news articles (and hopefully law suit) can only help people in
that situation since it's the only way they'd get wide enough coverage
of the issue to warn amateur sleuths that any trail that leads there
is a dead end.

It really says it all when the local sherriff says that his job now
includes defending the house against all other law enforcement, state
and federal.  It's good that they're doing it, but ridiculous that
they have to.


Regards,
Ben




signature.asc
Description: PGP signature

Re: GeoIP database issues and the real world consequences

[Carlos M. Martinez]

Or (90S,0), so they get a bit of fresh air and have some time think
during the voyage :-)

On 4/11/16 2:14 PM, Josh Luthman wrote:
> Or 0,0, send the FBI to Africa on a boating trip.  that would probably be
> easier than "unknown" or "null".
> 
> 
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
> 
> On Mon, Apr 11, 2016 at 1:11 PM, Hugo Slabbert  wrote:
> 
>>
>> On Mon 2016-Apr-11 13:02:14 -0400, Ken Chase  wrote:
>>
>> TL;DR: GeoIP put unknown IP location mappings to the 'center of the
>>> country'
>>> but then rounded off the lat long so it points at this farm.
>>>
>>> Cant believe law enforcement is using this kind of info to execute
>>> searches.
>>> Wouldnt that undermine the credibility of any evidence brought up in
>>> trials
>>> for any geoip locates?
>>>
>>> Seems to me locating unknowns somewhere in the middle of a big lake or
>>> park in
>>> the center of the country might be a better idea.
>>>
>>
>> ...how about actually marking an unknown as...oh, I dunno: "unknown"?  Is
>> there no analogue in the GeoIP lookups for a 404?
>>
>>
>>> /kc
>>>
>>
>> --
>> Hugo Slabbert   | email, xmpp/jabber: h...@slabnet.com
>> pgp key: B178313E   | also on Signal
>>
>>
>>
>>> On Mon, Apr 11, 2016 at 11:55:11AM -0500, Chris Boyd said:
>>>  >
>>>  >Interesting article.
>>>  >
>>>  >http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/
>>>  >
>>>  >An hour???s drive from Wichita, Kansas, in a little town called Potwin,
>>>  >there is a 360-acre piece of land with a very big problem.
>>>  >
>>>  >The plot has been owned by the Vogelman family for more than a hundred
>>>  >years, though the current owner, Joyce Taylor n??e Vogelman, 82, now
>>>  >rents it out. The acreage is quiet and remote: a farm, a pasture, an old
>>>  >orchard, two barns, some hog shacks and a two-story house. It???s the
>>> kind
>>>  >of place you move to if you want to get away from it all. The nearest
>>>  >neighbor is a mile away, and the closest big town has just 13,000
>>>  >people. It is real, rural America; in fact, it???s a two-hour drive from
>>>  >the exact geographical center of the United States.
>>>  >
>>>  >But instead of being a place of respite, the people who live on Joyce
>>>  >Taylor???s land find themselves in a technological horror story.
>>>  >
>>>  >
>>>  >For the last decade, Taylor and her renters have been visited by all
>>>  >kinds of mysterious trouble. They???ve been accused of being identity
>>>  >thieves, spammers, scammers and fraudsters. They???ve gotten visited by
>>>  >FBI agents, federal marshals, IRS collectors, ambulances searching for
>>>  >suicidal veterans, and police officers searching for runaway children.
>>>  >They???ve found people scrounging around in their barn. The renters have
>>>  >been doxxed, their names and addresses posted on the internet by
>>>  >vigilantes. Once, someone left a broken toilet in the driveway as a
>>>  >strange, indefinite threat.
>>>  >
>>>  >--Chris
>>>  >
>>>
>>

Re: GeoIP database issues and the real world consequences

[Jeremy McDermond]

> On Apr 11, 2016, at 10:02 AM, Ken Chase  wrote:
> 
> Cant believe law enforcement is using this kind of info to execute searches.
> Wouldnt that undermine the credibility of any evidence brought up in trials
> for any geoip locates?

What overworked and underpaid public defender is going to know enough to 
challenge the “evidence?”  What judge is going to know enough to call BS on the 
search warrant affidavit?  A good number of the judges in Oregon used to work 
for one of the DA’s offices, you think they question law enforcement affidavits 
very aggressively?

> /kc
--
Jeremy McDermond (NH6Z)
Xenotropic Systems
mcde...@xenotropic.com

Re: GeoIP database issues and the real world consequences

[David Cantrell]

On Wed, Apr 13, 2016 at 03:31:47PM -, John Levine wrote:
> >There are similar problems with phone numbers. Google's libphonenumber,
> >for example, will tell you that +1 855 266 7269 is in the US. It's not,
> >it's Canadian ...
> Actually, it's probably both US and Canadian.  When you call an 8xx
> toll free number, the switch uses a database to route the call to
> whatever carrier handles it, who can then do whatever they want.  The
> provider for that number, Callture, is in Ontario but they can
> terminate the calls anywhere, and send each call to a different lace.

I was careful to pick a number on a Canadian company's website.

> Also, in fairness, the US is about 90% of the NANP, so guessing that
> an 8XX number is in the US is usually correct.

That's another way of saying that it's deliberately wrong 10% of the
time for pan-NANP prefixes. Better to say "I don't know" than to just
guess.

-- 
David Cantrell | Official London Perl Mongers Bad Influence

Re: GeoIP database issues and the real world consequences

[Jean-Francois Mezei]

On 2016-04-13 09:11, valdis.kletni...@vt.edu wrote:
> On Tue, 12 Apr 2016 20:17:03 -0400, Jean-Francois Mezei said:
>> All GeoIP services would be forced to
> 
> How?


Fair point. However, considering more and more outfits block content
based on IP geolocation, once has to wonder if an outfit such as the FTC
could mandate certain standards and disclosure of inaccuracy of IP
geolocation.

Or the other way around (shudded) mandate that outfits such as ARIN
ensure IP blocks are accurately configured/registered to provide
accurate geolocation within state/province for instance.

By documenting that IP blocks only resolve to state/province, this would
set the implicit standard that any IP geolocation service that claims
more precise gelocation is bogus.

And mandating IP blocks be limited to state/province would be a big
enough headache-causing undertaking as large number of ISPs and
organisations span this and want to have abilityto move blocks around to
cope with demand increasing more in one state than the other etc.

So that leaves ARIN mandating and documenting that IP blocks be
accurately registered on a country basis within its territory. This
would allow proper geolocation/blocking for outfits like Netflix but be
documented as being unusable to track an IP down to state, city,
street/home.

When ARIN makes IP block database available for download, it should have
an "agree" button to terms and conditions that would prevent the user of
the data from claiming accuracy greater than "countrty".

Just an idea.

Re: GeoIP database issues and the real world consequences

[John Levine]

>There are similar problems with phone numbers. Google's libphonenumber,
>for example, will tell you that +1 855 266 7269 is in the US. It's not,
>it's Canadian. It appears that for any NANP "area code" that isn't
>assigned to a particular place libphonenumber just says "it's in the US"
>instead of "it's in one of the NANP countries".

Actually, it's probably both US and Canadian.  When you call an 8xx
toll free number, the switch uses a database to route the call to
whatever carrier handles it, who can then do whatever they want.  The
provider for that number, Callture, is in Ontario but they can
terminate the calls anywhere, and send each call to a different lace.

Also, in fairness, the US is about 90% of the NANP, so guessing that
an 8XX number is in the US is usually correct.

R's,
John

Re: GeoIP database issues and the real world consequences

[Valdis . Kletnieks]

On Tue, 12 Apr 2016 22:57:42 -0700, Todd Crane said:
>.What ever happened to holding people responsible for being
> stupid. When did it start becoming ((fill in the blank)) coffee shop
> for you burning your tongue on your coffee

Whatever happened to holding people responsible for fact checking before they
post? :)

You *do* realize that the woman in the McDonald's case got *third degree*
burns and required skin grafts, right?  Water at 180F is hot enough to
burn you - we even have a word for it: scalding.  And unlike sipping too-hot
coffee, where you can spit it out quickly, hot water spilled on clothing
continues to burn until the clothing is removed or cooled off - neither of
which is feasible when you're elderly and seated in a car.

And that she originally only sued for the cost of her medical bills, and the
jury increased it with punitive damages when presented evidence that over 700
other people had received burns?

Now go and get informed, and commit this sin no more :)

https://www.caoc.org/?pg=facts - how that lawsuit *actually* played out.


pgpKGaeJjIYfw.pgp
Description: PGP signature

Re: GeoIP database issues and the real world consequences

[Valdis . Kletnieks]

On Tue, 12 Apr 2016 20:17:03 -0400, Jean-Francois Mezei said:
> All GeoIP services would be forced to

How?


pgpE7Fsimh3CW.pgp
Description: PGP signature

Re: GeoIP database issues and the real world consequences

[Laszlo Hanyecz]

On 2016-04-13 05:57, Todd Crane wrote:

As to a solution, why don’t we just register the locations (more or less) with 
ARIN? Hell, with the amount of money we all pay them in annual fees, I can’t 
imagine it would be too hard for them to maintain. They could offer it as part 
of their public whois service or even just make raw data files public.

Just a though

—Todd




Ultimately these services want to locate users, not routers, servers, 
tablets and such.  If you want to answer the question "where is the 
user?" then you have to ask them - only they know the answer - not their 
ISP, not ARIN, not DNS.  If you really insist on using the IP address, 
then maybe you could connect to it and ask it, like an identd scheme.  
This could be built into a web browser and prompt the user asking 
permission.  As long as we're using a static list of number -> location 
we will just be guessing and hoping they stay near the assumed location 
and we're not too wrong.  This whole practice of trying to map network 
numbers is the problem.


Also note that one of the things that wasn't explicitly mentioned in the 
original article but was hinted at was the use of something similar to 
Skyhook, another static list of address -> location. It sounded like the 
'find my phone' services were leading people to an Atlanta home based on 
having a wireless access point that was recorded as being there.  This 
is similarly wrong, but not the same as geolocating IP addresses.  It 
geolocates wireless AP MAC addresses.  You can really see this break 
down when the wireless AP is on a bus.


-Laszlo

RE: GeoIP database issues and the real world consequences

[Sven-Haegar Koch]

On Wed, 13 Apr 2016, Nathan Anderson wrote:

> What I do get upset hearing about, though, is law enforcement 
> agencies using that kind of data in order to execute a warrant.  There 
> is nothing actionable there, and yet from the sounds of it, some LEAs 
> are getting search warrants or conducting raids on houses where they 
> believe they have a solid 1-to-1 mapping of IP address to physical 
> address.  Which is absolutely inexcusable.

Just watch any more or less recent CSI / crime TV show.

They have "an IP", enter it into some gizmo, and it spits out the 
address, mostly shown on a nice sat image.

That is so "normal" in TV that for Bully Policeman it just has to exist, 
and the reaction to a webform where you can enter an IP and get an 
address will just be "great, now I also have this" - no further 
thinking to be expected.

And finding a Judge signing off nearly any warrant put in front of them 
is also not new.

c'ya
sven-haegar

-- 
Three may keep a secret, if two of them are dead.
- Ben F.

Re: GeoIP database issues and the real world consequences

[David Cantrell]

On Tue, Apr 12, 2016 at 07:14:15PM -0500, Theodore Baschak wrote:
> > On Apr 12, 2016, at 7:10 PM, Jean-Francois Mezei wrote:
> > On 2016-04-11 13:22, Ken Chase wrote:
> >> Well they DO know the IP location is within the USA - 
> > A friend in Australia was with an ISP onwed by a US firm and his IP
> > address often geolocated to the USA.
> Similarly, IPv6 space thats been originated by a Canadian org, in Canada for 
> 4 or 5 years is still shown as in the USA. 

There are similar problems with phone numbers. Google's libphonenumber,
for example, will tell you that +1 855 266 7269 is in the US. It's not,
it's Canadian. It appears that for any NANP "area code" that isn't
assigned to a particular place libphonenumber just says "it's in the US"
instead of "it's in one of the NANP countries".

They appear to have a similar bug with Russia/Kazakhstan.

-- 
David Cantrell

Re: GeoIP database issues and the real world consequences

[Christian de Larrinaga]

Really? - You want RIRs to now perpetuate an application of IPs they are
not designed for?

The activities of MaxMind and similar need to be exposed so people
understand the problem. No matter how Geo IP businesses might back
peddle and say they never intended their services to be considered as
authoritative etc the fact is people including law enforcement and
presumably General Hayden and friends are buying into the fallacy that
IP addresses are fit for the purpose of geo location.

Let's put this another way.

How many LIRs accounting systems use IPs as billing / account
identifiers? No? I wonder why not.


C
 


Todd Crane 
> 13 April 2016 at 06:57
> I like (sarcasm) how everybody here either wants to point fingers at
> MaxMind or offer up coordinates to random places knowing that it will
> never happen. What ever happened to holding people responsible for
> being stupid. When did it start becoming ((fill in the blank)) coffee
> shop’s for you burning your tongue on your coffee, etc. I’ve seen/used
> all sorts of geolocation solutions and never once thought to myself
> that when a map pin was in the middle of a political boundary, that
> the software was telling me anything other than the place was
> somewhere within the boundary. Furthermore, most geolocation services
> will also show a zoomed-out/in map based on certainty. So if you can
> see more than a few hundred miles in the map that only measures
> 200x200 pixels, then it probably isn’t that accurate.
>
> As to a solution, why don’t we just register the locations (more or
> less) with ARIN? Hell, with the amount of money we all pay them in
> annual fees, I can’t imagine it would be too hard for them to
> maintain. They could offer it as part of their public whois service or
> even just make raw data files public.
>
> Just a though
>
> —Todd
>
>
> Jean-Francois Mezei 
> 13 April 2016 at 01:17
> All GeoIP services would be forced to document their default lat/long
> values so that users know that when these values, they know it is a
> generic one for that country. (or supply +181. +91.0 which is an
> invalid value indicating that there is no lat/long, look at country code
> given).

-- 
Christian de Larrinaga  FBCS, CITP,
-
@ FirstHand
-
+44 7989 386778
c...@firsthand.net
-

RE: GeoIP database issues and the real world consequences

[Nathan Anderson]

+1; had similar thoughts, even when reading the article.  However, I don't 
really get especially angry/frustrated with the individual idiots who 
ignorantly used some sort of geolocation service to try to hunt down and exact 
revenge on somebody whom they *thought* they were being victimized by.  I'm not 
saying what they did was acceptable, but I fully expect that kind of behavior 
from the average joe.

What I do get upset hearing about, though, is law enforcement agencies using 
that kind of data in order to execute a warrant.  There is nothing actionable 
there, and yet from the sounds of it, some LEAs are getting search warrants or 
conducting raids on houses where they believe they have a solid 1-to-1 mapping 
of IP address to physical address.  Which is absolutely inexcusable.

The one area where a company like MaxMind might have some potential blame to 
shoulder is their marketing.  I know next-to-nothing about them and their 
product, having only heard about them for the first time in the context of this 
story, so I have no idea how they represent their solutions to prospective 
users.  And maybe it wasn't even them exaggerating what is technically 
possible, but some other front-end service that uses their APIs and their data. 
 But one has to wonder how someone in law enforcement might have gotten the 
idea that you can plug an IP address into a service like this and get back a 
lat/long that accurately represents to within a few meters where that traffic 
originated.

-- Nathan

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Todd Crane
Sent: Tuesday, April 12, 2016 10:58 PM
To: Jean-Francois Mezei
Cc: nanog@nanog.org
Subject: Re: GeoIP database issues and the real world consequences

I like (sarcasm) how everybody here either wants to point fingers at MaxMind or 
offer up coordinates to random places knowing that it will never happen. What 
ever happened to holding people responsible for being stupid. When did it start 
becoming ((fill in the blank)) coffee shop’s for you burning your tongue on 
your coffee, etc. I’ve seen/used all sorts of geolocation solutions and never 
once thought to myself that when a map pin was in the middle of a political 
boundary, that the software was telling me anything other than the place was 
somewhere within the boundary. Furthermore, most geolocation services will also 
show a zoomed-out/in map based on certainty. So if you can see more than a few 
hundred miles in the map that only measures 200x200 pixels, then it probably 
isn’t that accurate.

As to a solution, why don’t we just register the locations (more or less) with 
ARIN? Hell, with the amount of money we all pay them in annual fees, I can’t 
imagine it would be too hard for them to maintain. They could offer it as part 
of their public whois service or even just make raw data files public.

Just a though

—Todd

Re: GeoIP database issues and the real world consequences

[Todd Crane]

I like (sarcasm) how everybody here either wants to point fingers at MaxMind or 
offer up coordinates to random places knowing that it will never happen. What 
ever happened to holding people responsible for being stupid. When did it start 
becoming ((fill in the blank)) coffee shop’s for you burning your tongue on 
your coffee, etc. I’ve seen/used all sorts of geolocation solutions and never 
once thought to myself that when a map pin was in the middle of a political 
boundary, that the software was telling me anything other than the place was 
somewhere within the boundary. Furthermore, most geolocation services will also 
show a zoomed-out/in map based on certainty. So if you can see more than a few 
hundred miles in the map that only measures 200x200 pixels, then it probably 
isn’t that accurate.

As to a solution, why don’t we just register the locations (more or less) with 
ARIN? Hell, with the amount of money we all pay them in annual fees, I can’t 
imagine it would be too hard for them to maintain. They could offer it as part 
of their public whois service or even just make raw data files public.

Just a though

—Todd




signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: GeoIP database issues and the real world consequences

[Jean-Francois Mezei]

All GeoIP services would be forced to  document their default lat/long
values so that users know that when these values, they know it is a
generic one for that country. (or supply +181. +91.0 which is an
invalid value indicating that there is no lat/long, look at country code
given).

Re: GeoIP database issues and the real world consequences

[Theodore Baschak]

> On Apr 12, 2016, at 7:10 PM, Jean-Francois Mezei wrote:
> 
> On 2016-04-11 13:22, Ken Chase wrote:
>> Well they DO know the IP location is within the USA - 
> 
> 
> A friend in Australia was with an ISP onwed by a US firm and his IP
> address often geolocated to the USA.
> 

Similarly, IPv6 space thats been originated by a Canadian org, in Canada for 4 
or 5 years is still shown as in the USA. 

Re: GeoIP database issues and the real world consequences

[Jean-Francois Mezei]

Re: Sending police to middle of a lake..


Puts new meaning to a fishing expedition for police :-)

Re: GeoIP database issues and the real world consequences

[Jean-Francois Mezei]

On 2016-04-11 13:34, Steve Mikulasik wrote:
> Mather says they’re going to change them. They are picking new default 
> locations for the U.S. and Ashburn, Virginia that are in the middle of bodies 
> of water, 

Why not the White House or Wahington Monument ?

Or better yet, some large office complex in Fort Meade MD  :-)

Re: GeoIP database issues and the real world consequences

[Larry Sheldon]

On 4/12/2016 08:31, Leo Bicknell wrote:

In a message written on Mon, Apr 11, 2016 at 03:10:44PM -0400, Sean Donelan 
wrote:

If GeoIP insists on giving a specific lon/lat, instead of an uncertaintity
how about using locations such as the followign as the "default I don't
know where it is"

United States: 38.8899 N, 77.0091 W (U.S. Capital Building)
Missouri: 38.5792 N, 92.1729 W (Missouri State Capital Building)

After the legislators get tired of the police raiding the capital
buildings, they will probably do something to fix it.


Massachusetts: 42.376702 N, 71.239076 W (MaxMind Corporate HQ)

Maybe after seeing what it's like to be on the receiving end of their
own inaccuracy they will be a bit more motivated to fix it.



BINGO!!!
--
sed quis custodiet ipsos custodes? (Juvenal)

Re: GeoIP database issues and the real world consequences

[Jeremy Austin]

On Tue, Apr 12, 2016 at 3:55 AM, John Levine  wrote:

>
> Please don't guess (like, you know, MaxMind does.)  USPS has its own
> database of all of the deliverable addresses in the country.  They
> have their problems, but give or take data staleness as buildings
> are built or demolished, that's not one of them.


A qualifier.

USPS has a database of *most* of the deliverable addresses in the country.

I'm in an unorganized borough. The USPS actually has no mandate, funding or
lever that I can pull (that I can find) to keep their database up to date.
Easily 30% of the legitimate addresses in my area are not geocodable nor in
the USPS database.

I suspect that there are areas of my state with an even worse percentage of
unavailable data.

UPS and FedEx rely on the USPS database, but will not lift a finger to fix
this gap.

Even as a municipal body there is no available federal mechanism for
updating the database. I've tried multiple times over 15+ years.



So yeah, USPS' database does have its problems.

-- 
Jeremy Austin

(907) 895-2311
(907) 803-5422
jhaus...@gmail.com

Heritage NetWorks
Whitestone Power & Communications
Vertical Broadband, LLC

Schedule a meeting: http://doodle.com/jermudgeon

Re: GeoIP database issues and the real world consequences

[Leo Bicknell]

In a message written on Mon, Apr 11, 2016 at 03:10:44PM -0400, Sean Donelan 
wrote:
> If GeoIP insists on giving a specific lon/lat, instead of an uncertaintity 
> how about using locations such as the followign as the "default I don't 
> know where it is"
> 
> United States: 38.8899 N, 77.0091 W (U.S. Capital Building)
> Missouri: 38.5792 N, 92.1729 W (Missouri State Capital Building)
> 
> After the legislators get tired of the police raiding the capital 
> buildings, they will probably do something to fix it.

Massachusetts: 42.376702 N, 71.239076 W (MaxMind Corporate HQ)

Maybe after seeing what it's like to be on the receiving end of their
own inaccuracy they will be a bit more motivated to fix it.

-- 
Leo Bicknell - bickn...@ufp.org
PGP keys at http://www.ufp.org/~bicknell/


pgp7PpJPfkx2n.pgp
Description: PGP signature

Re: GeoIP database issues and the real world consequences

[John Levine]

In article <20160411191347.gc4...@excession.tpb.net> you write:
>* baldur.nordd...@gmail.com (Baldur Norddahl) [Mon 11 Apr 2016, 21:02 CEST]:
>>They should stop giving out coordinates on houses period. Move the
>>coordinate to the nearest street intersection if you need to be that
>>precise (I would prefer nearest town square). Anything more than that
>>should be illegal.
>
>That's going to make USPS's and FedEx's lives a lot harder.

Please don't guess (like, you know, MaxMind does.)  USPS has its own
database of all of the deliverable addresses in the country.  They
have their problems, but give or take data staleness as buildings
are built or demolished, that's not one of them.

R's,
John

Re: GeoIP database issues and the real world consequences

[Wayne Bouchard]

On Mon, Apr 11, 2016 at 06:15:08PM -, John Levine wrote:
> 
> >The problem with MaxMind (and other geoip databases I've seen that do 
> >Lat/Long as well as Country / State / Town) is that the
> >data doesn't include uncertainty, so it returns "38.0/-97.0" rather than 
> >"somewhere in a 3000 mile radius circle centered on
> >38.0/-97.0".
> >
> >Someone should show them RFC 1876 as an example of better practice.
> 
> Oh, heck, you know better than that.  You can put in all the flags and
> warnings you want, but if it returns an address, nitwits will show up
> at the address with guns.
> 
> Bodies of water probably are the least bad alternative.  I wonder if
> they're going to hydrolocate all of the unknown addresses, or only the
> ones where they get publically shamed.

I personal favor setting the generic location as a certain set of
roundish holes in the ground up in the northern plains. Let the
government raid itself for once.

---
Wayne Bouchard
w...@typo.org
Network Dude
http://www.typo.org/~web/

Re: GeoIP database issues and the real world consequences

[Hank Nussbacher]

On 12/04/2016 00:41, Ricky Beam wrote:
> On Mon, 11 Apr 2016 12:55:11 -0400, Chris Boyd
>  wrote:
>> Interesting article.
>>
>> http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/
> ...
>
> "Until you reached out to us, we were unaware that there were issues..."
>
> Bull! I can dig up dozens (if not hundreds) of emails from coworkers
> and customers who have complained to MaxMind about their asinine
> we-don't-have-a-frakin-clue results. They've known for years! They're
> paid for a definitive answer, not an "unknown", which is why the
> default answer is the same near-the-center-of-the-country lat/lon. He,
> personally, may have had no idea, but MaxMind The Company did/does.
>

Its called class action lawsuit.

-Hank

Re: GeoIP database issues and the real world consequences

[Joel Maslak]

On Mon, Apr 11, 2016 at 3:09 PM, Owen DeLong  wrote:


> So really, what is needed is two additional fields for the lat/lon of
> laterr/lonerr so that, for example, instead of just 38.0/-97.0, you would
> get 38.0±2/-97.0±10 or something like that.
>

It does seem needed to the geo location companies too, at least several of
them provide this - and it's been this way for a long time.

I didn't remember if Maxmind does or not, so I just checked.  From some of
their documentation, the field "accuracy_radius" is returned which is "The
radius in kilometers around the specified location where the IP address is
likely to be." See
http://dev.maxmind.com/geoip/geoip2/web-services/#location .  I don't think
it's in their free stuff (you get what you pay for, it seems).

It doesn't show up on their web interface to "try" the service nor does it
give a warning that these things can be wrong, but IMHO probably wouldn't
be a bad idea to say "Don't go show up at this address - it might not be
right!"

Re: GeoIP database issues and the real world consequences

[Stephen Frost]

Owne,

* Owen DeLong (o...@delong.com) wrote:
> However, my home address has been published in multiple whois databases since 
> I moved here in 1993.
> 
> Not once has a nitwit with a gun shown up on my doorstep as a result. (I have 
> had visits from nitwits with guns,
> but they were the results of various local oddities unrelated to the 
> internet).

I'm glad to hear you've not had the joy of such an experience.

I nearly had one, but I managed to convince the nitwit to not to show
up, but it took a few hours on the phone.

He had seen my email address fly across while Linux was booting (thanks
to a Netfilter module I had written which had been included) on some
device he had he wasn't technical, so it wasn't easy for me to work out
what he was talking about, except that it was very clearly something he
was trying to "fix" to get his internet working again.

From that, he looked up my domain via whois and got my phone number and
address and called me and accused me of being with various three-letter
government organizations, said he had found proof that he was being
spied on and a litany of similar concerns.

Ultimately, I got him to believe (or at least, it seemed so) that I was
just some technical guy that wrote some code for a company that built
the device and got off the phone with him hours later.

On the plus side of this particular story, a few Airbus planes were
built with a version of Linux which displayed the boot messages during
startup on the in-seat displays and my name and email have shown up for
the reason on those devices, leading to emails from a few strangers
around the world with pictures of the boot process showing my email.

I'm not quite sure that the up-side out-weighs the down in this
particular story, but there it is.

Thanks!

Stephen


signature.asc
Description: Digital signature

Re: GeoIP database issues and the real world consequences

[Larry Sheldon]

On 4/11/2016 11:55, Chris Boyd wrote:


Interesting article.

http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/

An hour’s drive from Wichita, Kansas, in a little town called Potwin,
there is a 360-acre piece of land with a very big problem.

The plot has been owned by the Vogelman family for more than a hundred
years, though the current owner, Joyce Taylor née Vogelman, 82, now
rents it out. The acreage is quiet and remote: a farm, a pasture, an old
orchard, two barns, some hog shacks and a two-story house. It’s the kind
of place you move to if you want to get away from it all. The nearest
neighbor is a mile away, and the closest big town has just 13,000
people. It is real, rural America; in fact, it’s a two-hour drive from
the exact geographical center of the United States.

But instead of being a place of respite, the people who live on Joyce
Taylor’s land find themselves in a technological horror story.


And not even slightly funny.

What happened to Truth.  If you do not know, say "I don't know."

Or be silent.





For the last decade, Taylor and her renters have been visited by all
kinds of mysterious trouble. They’ve been accused of being identity
thieves, spammers, scammers and fraudsters. They’ve gotten visited by
FBI agents, federal marshals, IRS collectors, ambulances searching for
suicidal veterans, and police officers searching for runaway children.
They’ve found people scrounging around in their barn. The renters have
been doxxed, their names and addresses posted on the internet by
vigilantes. Once, someone left a broken toilet in the driveway as a
strange, indefinite threat.

--Chris





--
sed quis custodiet ipsos custodes? (Juvenal)

Re: GeoIP database issues and the real world consequences

[Owen DeLong]

> On Apr 11, 2016, at 15:23 , Niels Bakker 

Re: GeoIP database issues and the real world consequences

[Niels Bakker]

Oh, heck, you know better than that.  You can put in all the flags 
and warnings you want, but if it returns an address, nitwits will 
show up at the address with guns.


* o...@delong.com (Owen DeLong) [Tue 12 Apr 2016, 00:02 CEST]:

I hear this argument about various things over and over and over again.

However, my home address has been published in multiple whois 
databases since I moved here in 1993.


Not once has a nitwit with a gun shown up on my doorstep as a result.


I think you miss the point.  Your geocoordinates were not mistakenly 
associated with nigh infinite amounts of internet abuse.  This thread 
has (mostly) been about wrong information being published, not 
information being published at all.



-- Niels.

Re: GeoIP database issues and the real world consequences

[Owen DeLong]

> On Apr 11, 2016, at 12:01 , Baldur Norddahl  wrote:
> 
> On 11 April 2016 at 20:15, John Levine  wrote:
> 
>> Oh, heck, you know better than that.  You can put in all the flags and
>> warnings you want, but if it returns an address, nitwits will show up
>> at the address with guns.
>> 
>> Bodies of water probably are the least bad alternative.  I wonder if
>> they're going to hydrolocate all of the unknown addresses, or only the
>> ones where they get publically shamed.
>> 
> 
> They should stop giving out coordinates on houses period. Move the
> coordinate to the nearest street intersection if you need to be that
> precise (I would prefer nearest town square). Anything more than that
> should be illegal.
> 
> Regards,
> 
> Baldur

The thing I find particularly amusing having just looked up my own IP addresses 
is the following:

1.  My addresses are tied to my actual address in whois.
2.  That is not the address linked to in any of the GeoIP databases I know 
how to check.
3.  The address is only a few blocks away, but where an ambiguity is 
provided, it is sufficient to cover
most of the city of San Jose, including my house of course.

Needless to say, it’s not confidence inspiring. I might look to see whose house 
it does send me to later
if I feel inclined, just for amusement.

Owen

Re: GeoIP database issues and the real world consequences

[Owen DeLong]

> On Apr 11, 2016, at 11:15 , John Levine  wrote:
> 
> 
>> The problem with MaxMind (and other geoip databases I've seen that do 
>> Lat/Long as well as Country / State / Town) is that the
>> data doesn't include uncertainty, so it returns "38.0/-97.0" rather than 
>> "somewhere in a 3000 mile radius circle centered on
>> 38.0/-97.0".
>> 
>> Someone should show them RFC 1876 as an example of better practice.
> 
> Oh, heck, you know better than that.  You can put in all the flags and
> warnings you want, but if it returns an address, nitwits will show up
> at the address with guns.

I hear this argument about various things over and over and over again.

However, my home address has been published in multiple whois databases since I 
moved here in 1993.

Not once has a nitwit with a gun shown up on my doorstep as a result. (I have 
had visits from nitwits with guns,
but they were the results of various local oddities unrelated to the internet).

Examples:

1.  A neighbor managed to get the SJPD (most common example of 
nitwits with guns in this area) to darken
my doorstep because he spotted (and complained about) a dog in 
my yard being out of control and not
on a leash or supervised. (Not sure why they thought it was my 
dog, as I have never owned a dog at this
address).

2.  I opened my front door to be greeted by a nitwit with a gun 
(again, SJPD) telling me to go back inside
while they completed an arrest nearby.

So, apparently there still aren’t enough nitwits with guns operating enough 
typewriters to fulfill this bit of conventional
wisdom as yet.

Owen

Re: GeoIP database issues and the real world consequences

[Ricky Beam]

On Mon, 11 Apr 2016 12:55:11 -0400, Chris Boyd   
wrote:

Interesting article.

http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/

...

"Until you reached out to us, we were unaware that there were issues..."

Bull! I can dig up dozens (if not hundreds) of emails from coworkers and  
customers who have complained to MaxMind about their asinine  
we-don't-have-a-frakin-clue results. They've known for years! They're paid  
for a definitive answer, not an "unknown", which is why the default answer  
is the same near-the-center-of-the-country lat/lon. He, personally, may  
have had no idea, but MaxMind The Company did/does.

Re: GeoIP database issues and the real world consequences

[Owen DeLong]

> On Apr 11, 2016, at 10:26 , Steve Atkins  wrote:
> 
>> 
>> On Apr 11, 2016, at 10:11 AM, Hugo Slabbert  wrote:
>> 
>> 
>> On Mon 2016-Apr-11 13:02:14 -0400, Ken Chase  wrote:
>> 
>>> TL;DR: GeoIP put unknown IP location mappings to the 'center of the country'
>>> but then rounded off the lat long so it points at this farm.
>>> 
>>> Cant believe law enforcement is using this kind of info to execute searches.
>>> Wouldnt that undermine the credibility of any evidence brought up in trials
>>> for any geoip locates?
>>> 
>>> Seems to me locating unknowns somewhere in the middle of a big lake or park 
>>> in
>>> the center of the country might be a better idea.
>> 
>> ...how about actually marking an unknown as...oh, I dunno: "unknown"?  Is 
>> there no analogue in the GeoIP lookups for a 404?
> 
> It's not unknown - it's (according to the DB, anyway, which has a bunch of 
> flaws) "in the US somewhere".
> 
> The problem with MaxMind (and other geoip databases I've seen that do 
> Lat/Long as well as Country / State / Town) is that the data doesn't include 
> uncertainty, so it returns "38.0/-97.0" rather than "somewhere in a 3000 mile 
> radius circle centered on 38.0/-97.0".
> 
> Someone should show them RFC 1876 as an example of better practice.
> 
> Cheers,
>  Steve

So really, what is needed is two additional fields for the lat/lon of 
laterr/lonerr so that, for example, instead of just 38.0/-97.0, you would get 
38.0±2/-97.0±10 or something like that.

This seems reasonable to me.

Owen

Re: GeoIP database issues and the real world consequences

[Valdis . Kletnieks]

On Mon, 11 Apr 2016 21:13:48 +0200, Niels Bakker said:
> * baldur.nordd...@gmail.com (Baldur Norddahl) [Mon 11 Apr 2016, 21:02 CEST]:
> >They should stop giving out coordinates on houses period. Move the
> >coordinate to the nearest street intersection if you need to be that
> >precise (I would prefer nearest town square). Anything more than that
> >should be illegal.
>
> That's going to make USPS's and FedEx's lives a lot harder.

Are they in the habit of delivering to a location identified by an IP
address?  I've never managed to get either one to deliver to anything
other than a street address (and in fact, we recently had to assign street
addresses to all the buildings on campus because too many GPS-based programs
only work on street addresses, not building names).


pgpOAJe01I3GQ.pgp
Description: PGP signature

Re: GeoIP database issues and the real world consequences

[Niels Bakker]

* baldur.nordd...@gmail.com (Baldur Norddahl) [Mon 11 Apr 2016, 21:02 CEST]:

They should stop giving out coordinates on houses period. Move the
coordinate to the nearest street intersection if you need to be that
precise (I would prefer nearest town square). Anything more than that
should be illegal.


That's going to make USPS's and FedEx's lives a lot harder.


-- Niels.

Re: GeoIP database issues and the real world consequences

[Sean Donelan]

On Mon, 11 Apr 2016, Laszlo Hanyecz wrote:
I imagine some consumers of the data will 'correct' the position to fall on 
the nearest road in front of the nearest house.


If GeoIP insists on giving a specific lon/lat, instead of an uncertaintity 
how about using locations such as the followign as the "default I don't 
know where it is"


United States: 38.8899 N, 77.0091 W (U.S. Capital Building)
Missouri: 38.5792 N, 92.1729 W (Missouri State Capital Building)

After the legislators get tired of the police raiding the capital 
buildings, they will probably do something to fix it.

Re: GeoIP database issues and the real world consequences

[Baldur Norddahl]

On 11 April 2016 at 20:15, John Levine  wrote:

> Oh, heck, you know better than that.  You can put in all the flags and
> warnings you want, but if it returns an address, nitwits will show up
> at the address with guns.
>
> Bodies of water probably are the least bad alternative.  I wonder if
> they're going to hydrolocate all of the unknown addresses, or only the
> ones where they get publically shamed.
>

They should stop giving out coordinates on houses period. Move the
coordinate to the nearest street intersection if you need to be that
precise (I would prefer nearest town square). Anything more than that
should be illegal.

Regards,

Baldur

Re: GeoIP database issues and the real world consequences

[Laszlo Hanyecz]

On 2016-04-11 18:15, John Levine wrote:



Bodies of water probably are the least bad alternative.  I wonder if
they're going to hydrolocate all of the unknown addresses, or only the
ones where they get publically shamed.

R's,
John


I imagine some consumers of the data will 'correct' the position to fall 
on the nearest road in front of the nearest house.


-Laszlo

Re: GeoIP database issues and the real world consequences

[Laszlo Hanyecz]

Why not use the locations of their own homes?  They're indirectly 
sending mobs to randomly chosen locations.  There's enough middle men 
involved so they can all say they're doing nothing wrong, but wrong is 
being done.


-Laszlo


On 2016-04-11 17:34, Steve Mikulasik wrote:

Just so everyone is clear, Maxmind is changing their default locations.

" Now that I’ve made MaxMind aware of the consequences of the default locations it’s 
chosen, Mather says they’re going to change them. They are picking new default locations 
for the U.S. and Ashburn, Virginia that are in the middle of bodies of water, rather than 
people’s homes."

Re: GeoIP database issues and the real world consequences

[John Levine]

>The problem with MaxMind (and other geoip databases I've seen that do Lat/Long 
>as well as Country / State / Town) is that the
>data doesn't include uncertainty, so it returns "38.0/-97.0" rather than 
>"somewhere in a 3000 mile radius circle centered on
>38.0/-97.0".
>
>Someone should show them RFC 1876 as an example of better practice.

Oh, heck, you know better than that.  You can put in all the flags and
warnings you want, but if it returns an address, nitwits will show up
at the address with guns.

Bodies of water probably are the least bad alternative.  I wonder if
they're going to hydrolocate all of the unknown addresses, or only the
ones where they get publically shamed.

R's,
John

Re: GeoIP database issues and the real world consequences

[John Levine]

In article <90136824.12309.1460396310889.JavaMail.mhammett@ThunderFuck> you 
write:
>So they launch exhaustive and expensive searches of lakes instead? :-) 

I'm starting a new chain of kiosks that rent wet suits and snorkels.

R's,
John

RE: GeoIP database issues and the real world consequences

[Steve Mikulasik]

I imagine it might look something like this http://i.imgur.com/HlpOXP0.jpg



-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Mike Hammett
Sent: Monday, April 11, 2016 11:39 AM
Cc: nanog@nanog.org
Subject: Re: GeoIP database issues and the real world consequences

So they launch exhaustive and expensive searches of lakes instead? :-) 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 



Midwest Internet Exchange 
http://www.midwest-ix.com 


- Original Message -

From: "Steve Mikulasik" <steve.mikula...@civeo.com> 
To: nanog@nanog.org 
Sent: Monday, April 11, 2016 12:34:35 PM 
Subject: RE: GeoIP database issues and the real world consequences 

Just so everyone is clear, Maxmind is changing their default locations. 

" Now that I’ve made MaxMind aware of the consequences of the default locations 
it’s chosen, Mather says they’re going to change them. They are picking new 
default locations for the U.S. and Ashburn, Virginia that are in the middle of 
bodies of water, rather than people’s homes." 

Re: GeoIP database issues and the real world consequences

[Jared Mauch]

> On Apr 11, 2016, at 1:34 PM, Steve Mikulasik  
> wrote:
> 
> Just so everyone is clear, Maxmind is changing their default locations.
> 
> " Now that I’ve made MaxMind aware of the consequences of the default 
> locations it’s chosen, Mather says they’re going to change them. They are 
> picking new default locations for the U.S. and Ashburn, Virginia that are in 
> the middle of bodies of water, rather than people’s homes."

The middle of lake superior and hudson bay would be good choices for the US and 
Canada.

Quick, run a commercial diving team with on-call at the nearest ports.

- Jared

Re: GeoIP database issues and the real world consequences

[Mike Hammett]

So they launch exhaustive and expensive searches of lakes instead? :-) 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 



Midwest Internet Exchange 
http://www.midwest-ix.com 


- Original Message -

From: "Steve Mikulasik" <steve.mikula...@civeo.com> 
To: nanog@nanog.org 
Sent: Monday, April 11, 2016 12:34:35 PM 
Subject: RE: GeoIP database issues and the real world consequences 

Just so everyone is clear, Maxmind is changing their default locations. 

" Now that I’ve made MaxMind aware of the consequences of the default locations 
it’s chosen, Mather says they’re going to change them. They are picking new 
default locations for the U.S. and Ashburn, Virginia that are in the middle of 
bodies of water, rather than people’s homes." 

RE: GeoIP database issues and the real world consequences

[Steve Mikulasik]

Just so everyone is clear, Maxmind is changing their default locations.

" Now that I’ve made MaxMind aware of the consequences of the default locations 
it’s chosen, Mather says they’re going to change them. They are picking new 
default locations for the U.S. and Ashburn, Virginia that are in the middle of 
bodies of water, rather than people’s homes."

Re: GeoIP database issues and the real world consequences

[Steve Atkins]

> On Apr 11, 2016, at 10:11 AM, Hugo Slabbert  wrote:
> 
> 
> On Mon 2016-Apr-11 13:02:14 -0400, Ken Chase  wrote:
> 
>> TL;DR: GeoIP put unknown IP location mappings to the 'center of the country'
>> but then rounded off the lat long so it points at this farm.
>> 
>> Cant believe law enforcement is using this kind of info to execute searches.
>> Wouldnt that undermine the credibility of any evidence brought up in trials
>> for any geoip locates?
>> 
>> Seems to me locating unknowns somewhere in the middle of a big lake or park 
>> in
>> the center of the country might be a better idea.
> 
> ...how about actually marking an unknown as...oh, I dunno: "unknown"?  Is 
> there no analogue in the GeoIP lookups for a 404?

It's not unknown - it's (according to the DB, anyway, which has a bunch of 
flaws) "in the US somewhere".

The problem with MaxMind (and other geoip databases I've seen that do Lat/Long 
as well as Country / State / Town) is that the data doesn't include 
uncertainty, so it returns "38.0/-97.0" rather than "somewhere in a 3000 mile 
radius circle centered on 38.0/-97.0".

Someone should show them RFC 1876 as an example of better practice.

Cheers,
  Steve

Re: GeoIP database issues and the real world consequences

[Ken Chase]

Well they DO know the IP location is within the USA - many apps use the GeoIP
API and require a lat/long returned, and some need one that lands within a
country border (thus my suggestion of middle of a remote wilderness park - let
the cops search some desolate remote desert in nevada amirite?)

MaxMind might not want the quality hit for a 0,0 answer (as funny as that would 
be).

(my 'middle of a lake in the middle of the country' retains some of that 
mischievous
win however.)

/kc


On Mon, Apr 11, 2016 at 01:14:37PM -0400, Josh Luthman said:
  >Or 0,0, send the FBI to Africa on a boating trip.  that would probably be
  >easier than "unknown" or "null".
  >
  >
  >Josh Luthman
  >Office: 937-552-2340
  >Direct: 937-552-2343
  >1100 Wayne St
  >Suite 1337
  >Troy, OH 45373
  >
  >On Mon, Apr 11, 2016 at 1:11 PM, Hugo Slabbert  wrote:
  >
  >>
  >> On Mon 2016-Apr-11 13:02:14 -0400, Ken Chase  wrote:
  >>
  >> TL;DR: GeoIP put unknown IP location mappings to the 'center of the
  >>> country'
  >>> but then rounded off the lat long so it points at this farm.
  >>>
  >>> Cant believe law enforcement is using this kind of info to execute
  >>> searches.
  >>> Wouldnt that undermine the credibility of any evidence brought up in
  >>> trials
  >>> for any geoip locates?
  >>>
  >>> Seems to me locating unknowns somewhere in the middle of a big lake or
  >>> park in
  >>> the center of the country might be a better idea.
  >>>
  >>
  >> ...how about actually marking an unknown as...oh, I dunno: "unknown"?  Is
  >> there no analogue in the GeoIP lookups for a 404?
  >>
  >>
  >>> /kc
  >>>
  >>
  >> --
  >> Hugo Slabbert   | email, xmpp/jabber: h...@slabnet.com
  >> pgp key: B178313E   | also on Signal
  >>
  >>
  >>
  >>> On Mon, Apr 11, 2016 at 11:55:11AM -0500, Chris Boyd said:
  >>>  >
  >>>  >Interesting article.
  >>>  >
  >>>  >http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/
  >>>  >
  >>>  >An hour???s drive from Wichita, Kansas, in a little town called Potwin,
  >>>  >there is a 360-acre piece of land with a very big problem.
  >>>  >
  >>>  >The plot has been owned by the Vogelman family for more than a hundred
  >>>  >years, though the current owner, Joyce Taylor n??e Vogelman, 82, now
  >>>  >rents it out. The acreage is quiet and remote: a farm, a pasture, an old
  >>>  >orchard, two barns, some hog shacks and a two-story house. It???s the
  >>> kind
  >>>  >of place you move to if you want to get away from it all. The nearest
  >>>  >neighbor is a mile away, and the closest big town has just 13,000
  >>>  >people. It is real, rural America; in fact, it???s a two-hour drive from
  >>>  >the exact geographical center of the United States.
  >>>  >
  >>>  >But instead of being a place of respite, the people who live on Joyce
  >>>  >Taylor???s land find themselves in a technological horror story.
  >>>  >
  >>>  >
  >>>  >For the last decade, Taylor and her renters have been visited by all
  >>>  >kinds of mysterious trouble. They???ve been accused of being identity
  >>>  >thieves, spammers, scammers and fraudsters. They???ve gotten visited by
  >>>  >FBI agents, federal marshals, IRS collectors, ambulances searching for
  >>>  >suicidal veterans, and police officers searching for runaway children.
  >>>  >They???ve found people scrounging around in their barn. The renters have
  >>>  >been doxxed, their names and addresses posted on the internet by
  >>>  >vigilantes. Once, someone left a broken toilet in the driveway as a
  >>>  >strange, indefinite threat.
  >>>  >
  >>>  >--Chris
  >>>  >
  >>>
  >>

Re: GeoIP database issues and the real world consequences

[Blair Trosper]

Has happened in Atlanta, too, due to (what I think) was a lookup on the
ASN's whois, which wasn't specific:
http://fusion.net/story/214995/find-my-phone-apps-lead-to-wrong-home/

On Mon, Apr 11, 2016 at 9:55 AM, Chris Boyd  wrote:

>
> Interesting article.
>
> http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/
>
> An hour’s drive from Wichita, Kansas, in a little town called Potwin,
> there is a 360-acre piece of land with a very big problem.
>
> The plot has been owned by the Vogelman family for more than a hundred
> years, though the current owner, Joyce Taylor née Vogelman, 82, now
> rents it out. The acreage is quiet and remote: a farm, a pasture, an old
> orchard, two barns, some hog shacks and a two-story house. It’s the kind
> of place you move to if you want to get away from it all. The nearest
> neighbor is a mile away, and the closest big town has just 13,000
> people. It is real, rural America; in fact, it’s a two-hour drive from
> the exact geographical center of the United States.
>
> But instead of being a place of respite, the people who live on Joyce
> Taylor’s land find themselves in a technological horror story.
>
>
> For the last decade, Taylor and her renters have been visited by all
> kinds of mysterious trouble. They’ve been accused of being identity
> thieves, spammers, scammers and fraudsters. They’ve gotten visited by
> FBI agents, federal marshals, IRS collectors, ambulances searching for
> suicidal veterans, and police officers searching for runaway children.
> They’ve found people scrounging around in their barn. The renters have
> been doxxed, their names and addresses posted on the internet by
> vigilantes. Once, someone left a broken toilet in the driveway as a
> strange, indefinite threat.
>
> --Chris
>

Re: GeoIP database issues and the real world consequences

[Josh Luthman]

Or 0,0, send the FBI to Africa on a boating trip.  that would probably be
easier than "unknown" or "null".


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Mon, Apr 11, 2016 at 1:11 PM, Hugo Slabbert  wrote:

>
> On Mon 2016-Apr-11 13:02:14 -0400, Ken Chase  wrote:
>
> TL;DR: GeoIP put unknown IP location mappings to the 'center of the
>> country'
>> but then rounded off the lat long so it points at this farm.
>>
>> Cant believe law enforcement is using this kind of info to execute
>> searches.
>> Wouldnt that undermine the credibility of any evidence brought up in
>> trials
>> for any geoip locates?
>>
>> Seems to me locating unknowns somewhere in the middle of a big lake or
>> park in
>> the center of the country might be a better idea.
>>
>
> ...how about actually marking an unknown as...oh, I dunno: "unknown"?  Is
> there no analogue in the GeoIP lookups for a 404?
>
>
>> /kc
>>
>
> --
> Hugo Slabbert   | email, xmpp/jabber: h...@slabnet.com
> pgp key: B178313E   | also on Signal
>
>
>
>> On Mon, Apr 11, 2016 at 11:55:11AM -0500, Chris Boyd said:
>>  >
>>  >Interesting article.
>>  >
>>  >http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/
>>  >
>>  >An hour???s drive from Wichita, Kansas, in a little town called Potwin,
>>  >there is a 360-acre piece of land with a very big problem.
>>  >
>>  >The plot has been owned by the Vogelman family for more than a hundred
>>  >years, though the current owner, Joyce Taylor n??e Vogelman, 82, now
>>  >rents it out. The acreage is quiet and remote: a farm, a pasture, an old
>>  >orchard, two barns, some hog shacks and a two-story house. It???s the
>> kind
>>  >of place you move to if you want to get away from it all. The nearest
>>  >neighbor is a mile away, and the closest big town has just 13,000
>>  >people. It is real, rural America; in fact, it???s a two-hour drive from
>>  >the exact geographical center of the United States.
>>  >
>>  >But instead of being a place of respite, the people who live on Joyce
>>  >Taylor???s land find themselves in a technological horror story.
>>  >
>>  >
>>  >For the last decade, Taylor and her renters have been visited by all
>>  >kinds of mysterious trouble. They???ve been accused of being identity
>>  >thieves, spammers, scammers and fraudsters. They???ve gotten visited by
>>  >FBI agents, federal marshals, IRS collectors, ambulances searching for
>>  >suicidal veterans, and police officers searching for runaway children.
>>  >They???ve found people scrounging around in their barn. The renters have
>>  >been doxxed, their names and addresses posted on the internet by
>>  >vigilantes. Once, someone left a broken toilet in the driveway as a
>>  >strange, indefinite threat.
>>  >
>>  >--Chris
>>  >
>>
>

Re: GeoIP database issues and the real world consequences

[Hugo Slabbert]

On Mon 2016-Apr-11 13:02:14 -0400, Ken Chase  wrote:


TL;DR: GeoIP put unknown IP location mappings to the 'center of the country'
but then rounded off the lat long so it points at this farm.

Cant believe law enforcement is using this kind of info to execute searches.
Wouldnt that undermine the credibility of any evidence brought up in trials
for any geoip locates?

Seems to me locating unknowns somewhere in the middle of a big lake or park in
the center of the country might be a better idea.


...how about actually marking an unknown as...oh, I dunno: "unknown"?  Is 
there no analogue in the GeoIP lookups for a 404?




/kc


--
Hugo Slabbert   | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E   | also on Signal



On Mon, Apr 11, 2016 at 11:55:11AM -0500, Chris Boyd said:
 >
 >Interesting article.
 >
 >http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/
 >
 >An hour???s drive from Wichita, Kansas, in a little town called Potwin,
 >there is a 360-acre piece of land with a very big problem.
 >
 >The plot has been owned by the Vogelman family for more than a hundred
 >years, though the current owner, Joyce Taylor n??e Vogelman, 82, now
 >rents it out. The acreage is quiet and remote: a farm, a pasture, an old
 >orchard, two barns, some hog shacks and a two-story house. It???s the kind
 >of place you move to if you want to get away from it all. The nearest
 >neighbor is a mile away, and the closest big town has just 13,000
 >people. It is real, rural America; in fact, it???s a two-hour drive from
 >the exact geographical center of the United States.
 >
 >But instead of being a place of respite, the people who live on Joyce
 >Taylor???s land find themselves in a technological horror story.
 >
 >
 >For the last decade, Taylor and her renters have been visited by all
 >kinds of mysterious trouble. They???ve been accused of being identity
 >thieves, spammers, scammers and fraudsters. They???ve gotten visited by
 >FBI agents, federal marshals, IRS collectors, ambulances searching for
 >suicidal veterans, and police officers searching for runaway children.
 >They???ve found people scrounging around in their barn. The renters have
 >been doxxed, their names and addresses posted on the internet by
 >vigilantes. Once, someone left a broken toilet in the driveway as a
 >strange, indefinite threat.
 >
 >--Chris
 >


signature.asc
Description: Digital signature

Re: GeoIP database issues and the real world consequences

[Ken Chase]

TL;DR: GeoIP put unknown IP location mappings to the 'center of the country'
but then rounded off the lat long so it points at this farm.

Cant believe law enforcement is using this kind of info to execute searches.
Wouldnt that undermine the credibility of any evidence brought up in trials
for any geoip locates?

Seems to me locating unknowns somewhere in the middle of a big lake or park in
the center of the country might be a better idea.

/kc

On Mon, Apr 11, 2016 at 11:55:11AM -0500, Chris Boyd said:
  >
  >Interesting article.
  >
  >http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/
  >
  >An hour???s drive from Wichita, Kansas, in a little town called Potwin,
  >there is a 360-acre piece of land with a very big problem.
  >
  >The plot has been owned by the Vogelman family for more than a hundred
  >years, though the current owner, Joyce Taylor n??e Vogelman, 82, now
  >rents it out. The acreage is quiet and remote: a farm, a pasture, an old
  >orchard, two barns, some hog shacks and a two-story house. It???s the kind
  >of place you move to if you want to get away from it all. The nearest
  >neighbor is a mile away, and the closest big town has just 13,000
  >people. It is real, rural America; in fact, it???s a two-hour drive from
  >the exact geographical center of the United States.
  >
  >But instead of being a place of respite, the people who live on Joyce
  >Taylor???s land find themselves in a technological horror story.
  >
  >
  >For the last decade, Taylor and her renters have been visited by all
  >kinds of mysterious trouble. They???ve been accused of being identity
  >thieves, spammers, scammers and fraudsters. They???ve gotten visited by
  >FBI agents, federal marshals, IRS collectors, ambulances searching for
  >suicidal veterans, and police officers searching for runaway children.
  >They???ve found people scrounging around in their barn. The renters have
  >been doxxed, their names and addresses posted on the internet by
  >vigilantes. Once, someone left a broken toilet in the driveway as a
  >strange, indefinite threat.
  >
  >--Chris
  >