Internet Mapping Glitch Turned a Random Kansas Farm Into a Digital Hell

An anonymous reader writes: Back in 2002, a company called MaxMind had an idea: Gather up as many unique computer or smartphone IP addresses as they can, match them to a map, and sell that data to advertisers. The problem is that MaxMind's tech has made life miserable for a handful of homes across the US -- especially one otherwise unnoteworthy northern Kansas farm. The farm's 82-year-old owner, Joyce Taylor, and her tenants have been subject to numerous FBI visits, IRS collectors, ambulances, threats, and the release of private information online. They've found people rummaging in the farm's barn and one person even left a broken toilet for some reason. People would even post her details online and encourage others to get in on the harassment, she said. The local sheriff even had to put a sign on her driveway, telling trespassers to stay away and contact him first if there are any questions. What's her mistake? MaxMind thought that if its tech couldn't tell where, exactly, in the United States, an IP address was located, it would instead return a default set of coordinates very near the geographic center of the country -- coordinates that happen to coincide with Taylor's front yard. The abuse began in 2011. A quick online search for the farm's address brings up pages of forum posts reporting the "scam farm."

"Glitch"

The glitch is in your brains for geolocating anything deeper than the local ISP's router.

Re:"Glitch"

[tripleevenfall]

By the time anyone had figured out the information was low quality, the scammers had cashed the checks and their tent was folded up and on the way to the next scheme.

I'm sorry for what happened to these Kansans, but three cheers for a lesson to businesses that would buy personal information from a trafficker getting a steaming pile worthless info instead.

Re:"Glitch"

[ShaunC]

By the time anyone had figured out the information was low quality, the scammers had cashed the checks and their tent was folded up and on the way to the next scheme.

Except MaxMind is still very much in business and still selling the data, I run into their name fairly often. They've agreed to relocate the ZIP code centers of Powtin KS and Ashburn VA within their dataset to be in the middle of local lakes, but that doesn't help the other 40,000+ ZIP codes out there.

What's more troubling to me is that police, the FBI, and the US Marshals are apparently using this data to get search warrants and to raid peoples' homes! Shouldn't they be subpoenaing the ISP?

Re:"Glitch"

They are, and the ISP are using MaxMind to tell them were the IP address was physically located!

MaxMind has disclaimers on their data sets saying they're only good down to the local city or zip code but people are taking them to be exact location. I've never used their service so I can't say how visible those disclaimers are. I'm not sure which part is more to blame.

I also don't know why all the people affected by this can't sue and get tons of money from everybody.

Re:"Glitch"

What's more troubling to me is that police, the FBI, and the US Marshals are apparently using this data to get search warrants and to raid peoples' homes! Shouldn't they be subpoenaing the ISP?

No, they should be hauled into court for being so amazingly irresponsible. People have an absolutely crazy idea that geo-IP location is completely correct. It is not. I've been using MaxMind data for years and have always borne in mind what they say about their accuracy. Hint: is is *never* near 100%. They can be fairly good at putting you in the right state and even the right city, but you should take the ZIP-code information, let alone latitude and longitude, with a big grain of salt.

When a lookup into their dataset fails to return a city, that means that IT CANNOT LOCATE THE CITY and that the latitude and longitude information are worthless. If you've been using that dataset for any time, you'd know that.

Remember also that there are lots of people using VPN's, cellular networks, satellite carriers, or TOR. MaxMind's service is useful, but is far from infallable.

Here are two results. 1) law-enforcement agencies should *NEVER* use the geo-IP location data to get to a street address or exact GPS coordinates. If they need to know, they can use an AS lookup (also available as a MaxMind database) and then ask the ISP. 2) Geo-IP is not nearly reliable enough to use for collecting sales tax (the whole discussion of the nexus of a sale is a whole 'nother topic).

The fault is not MaxMind's. They advert to their accuracy: "99.8% accurate on a country level, 90% accurate on a state level, 81% accurate on a city level for the US within a 50 kilometer radius". Only eighty-one percent! The law-enforcement people who are raiding people's houses on the basis on this data should face prosecution!

Bullshit

[OverlordQ]

"“Until you reached out to us, we were unaware that there were issues with how we selected these lat/lons,”"

Bullshit.

Re:Bullshit

[AmiMoJo]

You couldn't make this up. Their defence is "we are so dumb we didn't think of this obvious flaw or pick it up in testing, but incompetence at our core business is better than malice right?"

Re:Bullshit

[Cramer]

... or, IDK, listen to the complaints from the hundreds/thousands of customers who have pointed out their ~600million lies.

I've known about this for years. You cannot trust their geo data. It will never return an "I. Don't. F'ing. Know." Every IP you ask about, it WILL give you a location.

Re:Bullshit

[Trailer+Trash]

"“Until you reached out to us, we were unaware that there were issues with how we selected these lat/lons,”"

Bullshit.

To be fair, these are people who are running a database company but don't understand the basic concept of NULL values. And now their "fix" is to change the defaults to a more obvious wrong location.

Sigh.

Re:Bullshit

[networkBoy]

likely now they have to give a location or will break services that assume no token for "not found". Since most of the trouble is caused by criminal complaints... 1600 Pennsylvania ave should work (or even better, whatever the address for congress is).

Realistically they should return 0.0 0.0, a nice point in the ocean.
-nbr

Magnified stupidity

[FireballX301]

Developers: If we can't resolve the IP lets just give it a default center of the US coordinate, instead of returning a 'could not resolve location'
Project Manager: Sounds good to me!

Later...
A moron sysadmin: I'm getting tons of inbound spam traffic coming from this farmhouse in the middle of Kansas that has curiously rounded coordinates! They must be the culprit, clearly this IP GIS lookup has 5 digits of precision on lat/long!

Lots of stupidity to go around here

Re: Magnified stupidity

They should have located it at some high security base, so that people with too much time on their hands would no longer be a public nuisance

Re:Magnified stupidity

[MightyMartian]

He's the kind of developer that turns globals on and writes everything in PHP 3, who puts in a hardcoded root password of "1234" for testing, and then forgets to take it out before the software goes production. He's the kind of developer that captures all exceptions and errors in one big exception method that pukes out "An unexpected error occurred". He's the kind of developer that still writes Flash-based scripts, insisting "They're still cutting edge, man!"

He's the kind of developer that ends up as head of his department, and will be CTO within two years.

Re:Magnified stupidity

[tlhIngan]

Even worse, they claim it's only good to the city/county level, in which case why are you returning exact GPS style coordinates?! People assume when you have exact coordinates, they're, well, exact.

At least report an uncertainty circle in your result at the very minimum. If you're not sure, make it stupidly large, like the country or the earth, or the solar system.

Though what you should do is simple - just return the zip code. You can convert zip codes to the approximate area quite easily, but they don't result in houses. Or just return it as city and state, since that's the resolution you're dealing with.

Really, a huge sigfig problem.

Re:Magnified stupidity

He's the most interesting developer in the world.

Re:Magnified stupidity

[AmiMoJo]

2030, somewhere off the west coast of Africa there's a graveyard. A graveyard for broken drone ships, and the occasional long range drone aircraft. Fragments of wing and the odd tyre float between listing hulls, batteries and fuel long since depleted.

Well, not just "somewhere", GPS coordinates 0,0.

Re:Magnified stupidity

[mwvdlee]

We use the MaxMind database. Lat/Long is not the only information stored in their databases. For instance, it also contains a column that indicates whether the record found is considered accurate to the level of, for instance, a city, a state or an entire country. These records centered on the farm are all clearly marked for "country" (which is why they point to the center of the country in the first place). The problem here isn't the database, it's people using a fraction of the database without understanding what the information actually means.

Re:Magnified stupidity

Stay on call, my friends...

Re:Magnified stupidity

[taustin]

Rounding in a GPS location can move the address by 30+ miles. So, while rounding is done all the time, doing so in this case would be dangerously irresponsible.

Re: Magnified stupidity

[Voyager529]

They should have located it at some high security base, so that people with too much time on their hands would no longer be a public nuisance

Here's the dilemma: Do we send them to Area 51, or Guantanamo Bay?

Re:Magnified stupidity

[MightyMartian]

Exactly. One that periodically shows up on our DFS file servers:

Index : 170203
EntryType : Information
InstanceId : 1073756378
Message : The description for Event ID '1073756378' in Source 'DfsSvc' cannot be found. The local computer
        may not have the necessary registry information or message DLL files to display the message, or
        you may not have permission to access them. The following information is part of the event:'dfs'
Category : (0)
CategoryNumber : 0
ReplacementStrings : {dfs}
Source : DfsSvc
TimeGenerated : 4/11/2016 2:15:31 PM
TimeWritten : 4/11/2016 2:15:31 PM
UserName :

Re:Magnified stupidity

[93+Escort+Wagon]

Well, not just "somewhere", GPS coordinates 0,0.

... zero, destruct, zero.

Re: Magnified stupidity

[Solandri]

They should've done the equivalent of 127.0.0.1 and returned the user's own geographic coordinates. That'd make it fun to watch the people who didn't bother learning exactly how the database worked when it couldn't determine the location. "OMG! Someone help me! The spam is coming from inside my house!"

Re: Magnified stupidity

[magarity]

Here's the dilemma: Do we send them to Area 51, or Guantanamo Bay?

Neither; Fort Meade, Maryland.

Re: Magnified stupidity

Too hard to get to. They should set it to 1060 West Addison Street, Chicago.

Re:This...

[Falos]

>gross negligence
At best. This is an inch of intent away from deliberate misinformation. Malice. That's with benefit of the doubt.

Re:How about

[dianebrat]

I'd be more amused if you'd said Chicago since that's the correct address for Wrigley Field

Not a "glitch"

This most assuredly was not a "glitch".

It was a deliberate design decision on the part of the mapping company to portray the returned data as more accurate than it was. The reason this Kansas farm became a "digital hell" is because the company decided to use a defined point (which happened to be their front yard) to represent "USA, not otherwise specified". (Reason being that it was close to the center of the continental USA.) Similar types of approaches were taken for other entities. (IP addresses in Georgia that didn't have further county/city information got put at the geographic center of Georgia, etc.)

That's not a "glitch" - that's a bone-headed design decision. A fundamental rule of data processing is that you shouldn't represent invalid values (or values with lowered precision) with valid values -- for this very reason. If you have invalid values and valid values which can both be the same value, if you get that value back, you don't know if it's valid or invalid. Sure, pick some value to represent "Somewhere in the USA, but no further information", but make sure it can't be confused with any valid value. Make sure it's incredibly obvious that the value isn't valid just from looking at it.

If you can't do this (if all values of the variable might be valid), you have to use out-of-band information to specify things. e.g. Having an extra data field to specify the level of precision (country, state, county, city, block, etc.). "38N 97W" is much different from "38N 97W, plus or minus 1500 miles".

Re:Not a "glitch"

[gigne]

" e.g. Having an extra data field to specify the level of precision (country, state, county, city, block, etc.). "38N 97W" is much different from "38N 97W, plus or minus 1500 miles".

Their API has a field for that. It's an enum that defines precision.. The datum for US is algorithmical centre of the US. Unfortunate for the farm. Maxmind should probably move it.

What you can't really forgive is application developers that ignore this field in their implementation or otherwise not displaying dp/sf info to the end user

Re:THIS IS WHAT HAPPENS WHEN YOU GIVE MONKEYS MAPS

[K.+S.+Kyosuke]

They're apes, not monkeys. Didn't you have biology in high school?

reverse Ralsky

[inode_buddha]

Reminds me of that time when some slashdotters found Ralsky's physical addy and signed him up for everything imaginable... the post office had to give him his own zipcode among other things.

Northern KS

[rfengr]

An hour from Wichita is not Northern Kansas, rather southern.

Re:Roads with special names

[tomhath]

Back in the dark ages (before the internet) I stopped at a gas station to ask where I would find "Township Line Rd." Attendant's response was far more helpful than anything the internet can give: "Which township?"

Re:How about

[EvilSS]

I'd be more amused if you'd said Chicago since that's the correct address for Wrigley Field

Pretty sure this was just a clever ploy to out Cubs fans :)

Re:That company is out of business now, right?

[Archangel+Michael]

Until they are bankrupt, and their product lives on.

They should be able to go after ANYONE using that database(s).

Re:How about

[Zak3056]

Not just Cubs fans--the joke was in the Blues Brothers, so I've known the address of Wirgley Field since I was a kid, despite never having set foot in the greater Chicago metro outside of O'Hare or Midway.

Default Gone Wrong.

[jklovanc]

It sounds like a story about a digital altimeter on a new ground attack aircraft. The programmer was trying to figure out what to display in case of a malfunction. He asked a pilot what altitude they normally flew at. He stated '2,000 ft" and that is what the programmer displayed. There was a warning on the aircraft that if the altimeter said "2,000ft for more than 5 second to pull up. It was fixed in the next install. Why he didn't just display all 9's no one knows.

In this case 0 degrees lat and 0 degrees lon would have been much better. That is an obvious incorrect location.

Re:"Jenny Jenny..."

[orion205]

People with the phone number 867-5309 has similar problems when that song came out.

That's probably true, but at least it was a little easier to get a new phone number than to change the lat/lon coordinates of your farm...

That really depends...

[Anubis350]

That really depends on how fast you're driving, doesn't it?

Squashed a similar bug for a bank once

[netsavior]

I used to build/maintain software that predicted Flooding risk for potential home loans as part of the pre-funding process.

Long story short, one of the vendors of data we used did a stupid trick like this. If they couldn't find the address, it returned a "zip centroid" (middle of the zip code), And if the entire zipcode had no flooding risk, it would go ahead and "clear" the property. The problem was when it got worse than a Zip code match, it would think it got a zip centroid match in the middle of Kansas (probably this lady's farm actually!)... clearing the property of flood risk.

It was the vendor's mistake and they would have been liable, but it was BS and easy to detect once I ran some statistical analysis on it.

It really screwed with people's lives though... they get a home loan knowing they won't need to pay 2-4 grand a year in flood insurance, then once we audited the vendor data, or their home finally showed up on a map, they would be required to get insurance.

Re:The abuse continues: Shows up on Google Earth/m

[EmeraldBot]

Why hasn't Google blurred or removed this persons' farm from their maps? Oh and by the way the more this story is circulated the more idiots will go and harass this person in Kansas. If anything and anyone has a 'right to be forgotten' on the Internet, it's this poor 85 year old woman in Kansas.

Becase the right to be forgotten was something ruled in the EU, and the US is not a member of the EU. For some reason people keep dredging that up, and while a service may offer to do it for her out of good will, Google has absolutly no other reason to do so. And if I may, many of the people who make the most noise about it aren't affected by it either.

That being said, my sentiments are with yours exactly - why the business didn't check first if they were putting the marker on somebody's property is stupid and irresponsible.