RE: GeoIP database issues and the real world consequences

[Nathan Anderson <nathana () fsr com>]

+1; had similar thoughts, even when reading the article.  However, I don't really get especially angry/frustrated with 
the individual idiots who ignorantly used some sort of geolocation service to try to hunt down and exact revenge on 
somebody whom they *thought* they were being victimized by.  I'm not saying what they did was acceptable, but I fully 
expect that kind of behavior from the average joe.

What I do get upset hearing about, though, is law enforcement agencies using that kind of data in order to execute a 
warrant.  There is nothing actionable there, and yet from the sounds of it, some LEAs are getting search warrants or 
conducting raids on houses where they believe they have a solid 1-to-1 mapping of IP address to physical address.  
Which is absolutely inexcusable.

The one area where a company like MaxMind might have some potential blame to shoulder is their marketing.  I know 
next-to-nothing about them and their product, having only heard about them for the first time in the context of this 
story, so I have no idea how they represent their solutions to prospective users.  And maybe it wasn't even them 
exaggerating what is technically possible, but some other front-end service that uses their APIs and their data.  But 
one has to wonder how someone in law enforcement might have gotten the idea that you can plug an IP address into a 
service like this and get back a lat/long that accurately represents to within a few meters where that traffic 
originated.

-- Nathan

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Todd Crane
Sent: Tuesday, April 12, 2016 10:58 PM
To: Jean-Francois Mezei
Cc: nanog () nanog org
Subject: Re: GeoIP database issues and the real world consequences

I like (sarcasm) how everybody here either wants to point fingers at MaxMind or offer up coordinates to random places 
knowing that it will never happen. What ever happened to holding people responsible for being stupid. When did it start 
becoming ((fill in the blank)) coffee shop’s for you burning your tongue on your coffee, etc. I’ve seen/used all sorts 
of geolocation solutions and never once thought to myself that when a map pin was in the middle of a political 
boundary, that the software was telling me anything other than the place was somewhere within the boundary. 
Furthermore, most geolocation services will also show a zoomed-out/in map based on certainty. So if you can see more 
than a few hundred miles in the map that only measures 200x200 pixels, then it probably isn’t that accurate.

As to a solution, why don’t we just register the locations (more or less) with ARIN? Hell, with the amount of money we 
all pay them in annual fees, I can’t imagine it would be too hard for them to maintain. They could offer it as part of 
their public whois service or even just make raw data files public.

Just a though

—Todd