Internet Mapping Glitch Turned a Random Kansas Farm Into a Digital Hell

An anonymous reader writes: Back in 2002, a company called MaxMind had an idea: Gather up as many unique computer or smartphone IP addresses as they can, match them to a map, and sell that data to advertisers. The problem is that MaxMind's tech has made life miserable for a handful of homes across the US -- especially one otherwise unnoteworthy northern Kansas farm. The farm's 82-year-old owner, Joyce Taylor, and her tenants have been subject to numerous FBI visits, IRS collectors, ambulances, threats, and the release of private information online. They've found people rummaging in the farm's barn and one person even left a broken toilet for some reason. People would even post her details online and encourage others to get in on the harassment, she said. The local sheriff even had to put a sign on her driveway, telling trespassers to stay away and contact him first if there are any questions. What's her mistake? MaxMind thought that if its tech couldn't tell where, exactly, in the United States, an IP address was located, it would instead return a default set of coordinates very near the geographic center of the country -- coordinates that happen to coincide with Taylor's front yard. The abuse began in 2011. A quick online search for the farm's address brings up pages of forum posts reporting the "scam farm."

"Glitch"

The glitch is in your brains for geolocating anything deeper than the local ISP's router.

Re:"Glitch"

[ShaunC]

By the time anyone had figured out the information was low quality, the scammers had cashed the checks and their tent was folded up and on the way to the next scheme.

Except MaxMind is still very much in business and still selling the data, I run into their name fairly often. They've agreed to relocate the ZIP code centers of Powtin KS and Ashburn VA within their dataset to be in the middle of local lakes, but that doesn't help the other 40,000+ ZIP codes out there.

What's more troubling to me is that police, the FBI, and the US Marshals are apparently using this data to get search warrants and to raid peoples' homes! Shouldn't they be subpoenaing the ISP?

Re:"Glitch"

What's more troubling to me is that police, the FBI, and the US Marshals are apparently using this data to get search warrants and to raid peoples' homes! Shouldn't they be subpoenaing the ISP?

No, they should be hauled into court for being so amazingly irresponsible. People have an absolutely crazy idea that geo-IP location is completely correct. It is not. I've been using MaxMind data for years and have always borne in mind what they say about their accuracy. Hint: is is *never* near 100%. They can be fairly good at putting you in the right state and even the right city, but you should take the ZIP-code information, let alone latitude and longitude, with a big grain of salt.

When a lookup into their dataset fails to return a city, that means that IT CANNOT LOCATE THE CITY and that the latitude and longitude information are worthless. If you've been using that dataset for any time, you'd know that.

Remember also that there are lots of people using VPN's, cellular networks, satellite carriers, or TOR. MaxMind's service is useful, but is far from infallable.

Here are two results. 1) law-enforcement agencies should *NEVER* use the geo-IP location data to get to a street address or exact GPS coordinates. If they need to know, they can use an AS lookup (also available as a MaxMind database) and then ask the ISP. 2) Geo-IP is not nearly reliable enough to use for collecting sales tax (the whole discussion of the nexus of a sale is a whole 'nother topic).

The fault is not MaxMind's. They advert to their accuracy: "99.8% accurate on a country level, 90% accurate on a state level, 81% accurate on a city level for the US within a 50 kilometer radius". Only eighty-one percent! The law-enforcement people who are raiding people's houses on the basis on this data should face prosecution!

Bullshit

[OverlordQ]

"“Until you reached out to us, we were unaware that there were issues with how we selected these lat/lons,”"

Bullshit.

Magnified stupidity

[FireballX301]

Developers: If we can't resolve the IP lets just give it a default center of the US coordinate, instead of returning a 'could not resolve location'
Project Manager: Sounds good to me!

Later...
A moron sysadmin: I'm getting tons of inbound spam traffic coming from this farmhouse in the middle of Kansas that has curiously rounded coordinates! They must be the culprit, clearly this IP GIS lookup has 5 digits of precision on lat/long!

Lots of stupidity to go around here

Re: Magnified stupidity

They should have located it at some high security base, so that people with too much time on their hands would no longer be a public nuisance

Re:Magnified stupidity

He's the most interesting developer in the world.

Re:Magnified stupidity

[mwvdlee]

We use the MaxMind database. Lat/Long is not the only information stored in their databases. For instance, it also contains a column that indicates whether the record found is considered accurate to the level of, for instance, a city, a state or an entire country. These records centered on the farm are all clearly marked for "country" (which is why they point to the center of the country in the first place). The problem here isn't the database, it's people using a fraction of the database without understanding what the information actually means.

Re:Magnified stupidity

Stay on call, my friends...

Not a "glitch"

This most assuredly was not a "glitch".

It was a deliberate design decision on the part of the mapping company to portray the returned data as more accurate than it was. The reason this Kansas farm became a "digital hell" is because the company decided to use a defined point (which happened to be their front yard) to represent "USA, not otherwise specified". (Reason being that it was close to the center of the continental USA.) Similar types of approaches were taken for other entities. (IP addresses in Georgia that didn't have further county/city information got put at the geographic center of Georgia, etc.)

That's not a "glitch" - that's a bone-headed design decision. A fundamental rule of data processing is that you shouldn't represent invalid values (or values with lowered precision) with valid values -- for this very reason. If you have invalid values and valid values which can both be the same value, if you get that value back, you don't know if it's valid or invalid. Sure, pick some value to represent "Somewhere in the USA, but no further information", but make sure it can't be confused with any valid value. Make sure it's incredibly obvious that the value isn't valid just from looking at it.

If you can't do this (if all values of the variable might be valid), you have to use out-of-band information to specify things. e.g. Having an extra data field to specify the level of precision (country, state, county, city, block, etc.). "38N 97W" is much different from "38N 97W, plus or minus 1500 miles".

Squashed a similar bug for a bank once

[netsavior]

I used to build/maintain software that predicted Flooding risk for potential home loans as part of the pre-funding process.

Long story short, one of the vendors of data we used did a stupid trick like this. If they couldn't find the address, it returned a "zip centroid" (middle of the zip code), And if the entire zipcode had no flooding risk, it would go ahead and "clear" the property. The problem was when it got worse than a Zip code match, it would think it got a zip centroid match in the middle of Kansas (probably this lady's farm actually!)... clearing the property of flood risk.

It was the vendor's mistake and they would have been liable, but it was BS and easy to detect once I ran some statistical analysis on it.

It really screwed with people's lives though... they get a home loan knowing they won't need to pay 2-4 grand a year in flood insurance, then once we audited the vendor data, or their home finally showed up on a map, they would be required to get insurance.