How Cartographers For the US Military Inadvertently Created a House of Horrors in South Africa

Kashmir Hill, reporting at Gizmodo: The visitors started coming in 2013. The first one who came and refused to leave until he was let inside was a private investigator named Roderick. He was looking for an abducted girl, and he was convinced she was in the house. John S. and his mother Ann live in the house, which is in Pretoria, the administrative capital of South Africa and next to Johannesburg. They had not abducted anyone, so they called the police and asked for an officer to come over. Roderick and the officer went through the home room by room, looking into cupboards and under beds for the missing girl. Roderick claimed to have used a "professional" tracking device "that could not be wrong," but the girl wasn't there. This was not an unusual occurrence. John, 39, and Ann, 73, were accustomed to strangers turning up at their door accusing them of crimes; the visitors would usually pull up maps on their smartphones that pointed at John and Ann's backyard as a hotbed of criminal activity.

[...] The outline of this story might sound familiar to you if you've heard about this home in Atlanta, or read about this farm in Kansas, and it is, in fact, similar: John and Ann, too, are victims of bad digital mapping. There is a crucial difference though: This time it happened on a global scale, and the U.S. government played a key role. [...] Technologist Dhruv Mehrotra crawled MaxMind's free database for me and plotted the locations that showed up most frequently. Unfortunately, John and Ann's house must have just missed MaxMind's cut-off for remediation. Theirs was the 104th most popular location in the database, with over a million IP addresses mapped to it.

Continentia..

"Roderick claimed to have used a "professional" tracking device "that could not be wrong," - I am compelled to imagine this said with an extweme whotacism.

Re:Continentia..

[Archtech]

"Roderick claimed to have used a "professional" tracking device "that could not be wrong,"

Isn't it strange how many people nowadays know things like that, with absolute certainty. How could he possibly know that it "could not be wrong"? Because he paid a lot of money for it? Or because some shyster salesman sold him a bill of goods?

Re:Continentia..

"Roderick claimed to have used a "professional" tracking device "that could not be wrong," - I am compelled to imagine this said with an extweme whotacism.

What about Wudolf the Wed-nosed Weindeer?

Will he be weweased?

Re: Continentia..

âoeThe Apple customers seem to be the worst.â

Re:Continentia..

[ceoyoyo]

People have always attributed unreasonable properties to things they don't understand, including technology. My internet provided kindly called me up to tell me that if I didn't pay my bill dire consequences would ensue. I mentioned that I had just checked that day and my account showed a balance of zero. Sir, that can't possibly be true! Okay, check it yourself. Here's the account number. Oh.

And I remember my father having almost identical conversations when I was a kid.

Re:Continentia..

[lactose99]

How could he possibly know that it "could not be wrong"? Because he paid a lot of money for it? Or because some shyster salesman sold him a bill of goods?

This is very often the same thing.

Re:Continentia..

[grep+-v+'.*'+*]

How could he possibly know that it "could not be wrong"?

Because it's been printed with a computer. Here, let me show you my green-bar printout.

People have been that way for decades (plural), it's nothing new.

I suspect some people are too pedantic, but that's also part of some people's stress now-a-days: things are so complicated and interwoven that they want SOME simple, absolute stuff, whether it be locations, facts, or even ideologies.

There's weird noises in an abandoned house after dark? It couldn't be animals or rot or heat expansion, it's got to be GHOSTS or GNOMES, one of the two. And you know that garden gnomes keep going missing, don't you? They're gathering for something.

Don't Blink.

Re:Continentia..

[Archtech]

And you know that garden gnomes keep going missing, don't you? They're gathering for something.

Beautiful!

Re:Continentia..

extweme whotacism.

And what is that in English?

Re:Continentia..

What about Wudolf's fwiend? Biggus Dickus.

Re:Continentia..

He has a wife, you know.

Re:Continentia..

[sjames]

This. The entire '70s was filled with CSRs saying "Well, the COMPUTER says...".

Hilarity ensued in the early '80s as increasing numbers of people replied "Well, MY computer says...".

Re: Continentia..

[nasor]

The REALLY amazing thing is that these same people are usually very comfortable accepting that their computer crashed "for no reason."

Re:Continentia..

How could he possibly know that it "could not be wrong"?

Trump voter mentality. Nothing else to say...

Re: Continentia..

[fustakrakich]

their computer crashed "for no reason."

Well, they do. A computer can't reason

Re: Continentia..

, said the Apple customer.

So what they need to do is sue

Just take the US government to court, and the next time an aircraft carrier stops in Capetown, have it impounded to collect on your line.

I heard China will pay premium over scrap.

Re:So what they need to do is sue

[Opportunist]

Works for the ship and planes, but what about all the human cargo? It's not easy feeding that many refugees.

Re:So what they need to do is sue

[Archtech]

I heard China will pay premium over scrap.

Which is the best use for aircraft carriers nowadays. If sent into battle they would take thousands of decent sailors down with them.

Re:So what they need to do is sue

Of course, I'm sure you're right because you asserted it. I guess it's just a long time coming since no carriers have sunk since WWII despite several major conflicts since, Admiral Derp.

Re: So what they need to do is sue

Admirality law already covers this, they can remove their personal possessions, and their contracts are released so they can get new jobs.

Re:So what they need to do is sue

[The+Grim+Reefer]

Just take the US government to court, and the next time an aircraft carrier stops in Capetown, have it impounded to collect on your line.

Is it possible for an aircraft carrier to dock at a port in Capetown?

Does the entire South African military have enough firepower to take on a US Navy carrier group? It's not like those go anywhere alone. I would guess that the airplanes on a single carrier outmatch the entire SA air force. The carrier group also has at least a missile cruiser, and at two destroyers.

While carriers are ineffective in conflicts against Russia or China, South Africa is the type of military that they are very effective against.

Re:So what they need to do is sue

[Wulf2k]

Maybe I just haven't had my caffeine yet, but have there been any naval battles between equal-ish powers since WW2?

Re:So what they need to do is sue

[The+Grim+Reefer]

I heard China will pay premium over scrap.

Which is the best use for aircraft carriers nowadays. If sent into battle they would take thousands of decent sailors down with them.

Carriers aren't meant for conflicts against countries with a modern military these days. Countries with a military similar to what South Africa has is a different story.

I'd guess that a single carrier group has about as many personnel as the entire South African Navy. A Nimitz class carrier air wing has at least 40 F-18 super hornets. The South Africa airforce has 26 Gripen fighters.

Re:So what they need to do is sue

[PPH]

Is it possible for an aircraft carrier to dock at a port in Capetown?

No. They may have to stop in Cape Town.

Re:So what they need to do is sue

Is it possible for an aircraft carrier to dock at a port in Capetown?

The Theodore Roosevelt stopped there, but I'm not sure if it docked or just stationed offshore.

Re:So what they need to do is sue

[ShanghaiBill]

Maybe I just haven't had my caffeine yet, but have there been any naval battles between equal-ish powers since WW2?

The closest was India vs Pakistan in 1971. 15 naval ships and 18 cargo ships sunk. Decisive Indian victory.

Several Arab-Israeli conflicts involved ships.

The Falklands War could be considered equal-ish if you include attacks on British ships by Argentina's land based aircraft.

Re:So what they need to do is sue

[Talderas]

Maybe I just haven't had my caffeine yet, but have there been any naval battles between equal-ish powers since WW2?

That depends on how you classify "naval battle". If you mean a battle in which warships participated then there's probably a few that you can point out in which naval forces were only employed by one side but air or ground assets on the other did provide a risk to the warships. The Falklands War had one or two of those if I remember correctly. If you want both sides to have naval vessels then nothing comes to mind.

Re:So what they need to do is sue

2 carrier groups could hold off everything the Chinese Ladies Air Force could throw at them, literally, short of a nuclear exchange. THAT is how little you understand the carrier group in reality.

Re:So what they need to do is sue

short of a nuclear exchange.

Which is why nukes will be used. Nuking a carrier group is cheap if you have the nuke. And you are not nuking anybody's territory or cities. So the response must be limited nuking ships back - they don't want to escalate to city nuking. Convenient if you don't have any impressive navy at sea anyway.

Re: So what they need to do is sue

Which in history, has yet to happen.

Re: So what they need to do is sue

Brits 'did' it in a war game, merkins cried foul and demanded the exercise be restarted to give the result they expected to show the doctrine of America carrier power.

Re:So what they need to do is sue

[terrycarlino]

Argentina had an aircraft carrier. It spent the war in port because they were afraid British submarines would sink it.

Aircraft carriers are not really platforms meant for normal intensity warfare between equals. During heavily asymmetrical warfare they're great because they can sit way off shore beyond the defending country's ability to strike and send wave after wave of aircraft against them for days, weeks, months. In really high intensity warfare, like a civilization ending world war a carrier's job is to get all planes off the deck. What happens to the ship (and it's crew) after that is tactically immaterial. But in a war between two more of less equal combatants a carrier is a terrible weapon. Its hugely expensive. The only way to protect it is to have an entire fleet of ships which create a 200 mile exclusion zone around it where any non-friendly ship is diverted or sunk. And the enemy can't have any submarines.

In the real world only the first situation has obtained since the end of WWII. In WWII dozens of carriers on both sides were sunk, usually in battles where fleets were hundreds of miles from each other.

Disable SSID on your routers

[Dan+East]

According to TFA, this was caused by stolen devices being in areas without a cell signal, and falling back on WiFi access point geolocation. Further, the area in question has very few access points, so phones can potentially pick up these residential access points from thousands of feet away. Then they are geolocated to the exact position of the access point.

A solution is to disable SSID on your home router(s) so that these data-grabbing sniffers won't see it and try to geolocate off of it.

Re:Disable SSID on your routers

[Dan+East]

To clarify, I mean to disable "SSID Broadcast" specifically.

Re: Disable SSID on your routers

If there is no cell signal, how are the "lost phones" able to send back their location to the user?

Re: Disable SSID on your routers

[PPH]

If there is no cell signal, how are the "lost phones" able to send back their location to the user?

Not my problem.

Re:Disable SSID on your routers

[Thelasko]

According to TFA, this was caused by stolen devices being in areas without a cell signal, and falling back on WiFi access point geolocation.

You read the wrong article. That's the case for the home in Atlanta.

TFA is actually the result of someone at the NGA deciding this guy's house was the geographical center of Pretoria. As is the case with the farm in Nebraska, any unknown location in Pretoria defaults to the geographical center. They emailed the NGA (who would have thought?) and the issue has been corrected. The default location is now Church Square in the NGA database.

Re:Disable SSID on your routers

[Fallon]

All data traffic on that SSID still has the SSID name attached. Disabling SSID broadcast just means packets with the SSID name in them aren't beaconed constantly & only occur when traffic traverses that network. It's trivial to sniff still & is likely to still get logged by most WiFi sniffers & geolocation systems.

Re:Disable SSID on your routers

[tlhIngan]

According to TFA, this was caused by stolen devices being in areas without a cell signal, and falling back on WiFi access point geolocation. Further, the area in question has very few access points, so phones can potentially pick up these residential access points from thousands of feet away. Then they are geolocated to the exact position of the access point.

A solution is to disable SSID on your home router(s) so that these data-grabbing sniffers won't see it and try to geolocate off of it.

No, this was the result of bad IP geolocation information. Basically the guy's house happened to be where they said "South Africa" was because that's the best area they could get for an IP.

Anyhow, WiFi geolocation (more accurate than GPS, actually) doesn't care about SSID. It only uses MAC addresses that are transmitted in the beacon packets. All any device has to do is switch channels and listen to capture the AP MAC addresses and signal strength. Send that information to Google and you'll get back a pretty good location. Same goes for cell towers - the modem will scan for available cell towers, note their IDs (this includes all cell towers in all bands it can receive, including ones that you don't have service for) and do the same thing.

The problem is the devices last pinged some tracker from an IP and that was last that device was heard of, and that IP had only country level resolution.

(The US database of countries contains latitudes and longitudes that are often returned when you look up a country to get a specific location, and a lot of these IP geolocation companies use it without realizing the radius of uncertainty is "country" and not "city block").

Re:Disable SSID on your routers

[sjames]

Anyhow, WiFi geolocation (more accurate than GPS, actually) doesn't care about SSID.

There was an incident where people in NYC were getting a location in the Netherlands (IIRC). It turned out there was a cruise ship with WiFi in the harbor.

Re:Disable SSID on your routers

[scdeimos]

Disabling SSID broadcast just means packets with the SSID name in them aren't beaconed constantly & only occur when traffic traverses that network.

Even for so-called "Hidden SSIDs" the SSIDs still get broadcast in AYT (Are You There) packets sent by previously connected clients enumerating the contents of their PNLs (Preferred Network Lists) while looking for an access point with better signal strength. You'd be surprised how many stores and shopping centres slurp up the AYT traffic to fingerprint who's visiting their premises at any given time so they can serve up targeted advertising.

Re:Disable SSID on your routers

According to TFA, this was caused by stolen devices being in areas without a cell signal, and falling back on WiFi access point geolocation. Further, the area in question has very few access points, so phones can potentially pick up these residential access points from thousands of feet away. Then they are geolocated to the exact position of the access point.

A solution is to disable SSID on your home router(s) so that these data-grabbing sniffers won't see it and try to geolocate off of it.

Or, you know, just don't use wireless.

could not be wrong

Wow, sounds like a doctor that blindly follows a radiologists opinion of what he saw on a screen full of static from an MRI machine....

Nothing we make, use, or do is 100% infallible.

Medicine is the blind leading the deaf, and whatever this "PI" did is the same error.

So, in sum

[SlaveToTheGrind]

1. Cartographers for a U.S. intelligence agency published coordinates for the center of the populated area of Pretoria, South Africa.
2. An IP location service provided those coordinates, along with an uncertainty radius, for Pretoria IP addresses.
3. Other IP location services threw away the uncertainty radius.
4. South African government officials, bounty hunters, etc. used the IP location services that threw away the uncertainty radius.
5. The U.S. intelligence agency changed the coordinates to the center of the town square after being apprised of the issue.

That seems like fairly thin gruel for Slashdot's "U.S. sux" article du jour.

Re:So, in sum

That seems like fairly thin gruel for Slashdot's "U.S. sux" article du jour.

Where did this last sentence come from?

Everything you listed happened. It's affecting people, and it's newsworthy.
The /. post doesn't say anything about blame; the /. title notes that it was inadvertent.

Are you such a weak snowflake that you are offended by anything which isn't pure "U.S.A." cheerleading?

Re:So, in sum

[cascadingstylesheet]

1. Cartographers for a U.S. intelligence agency published coordinates for the center of the populated area of Pretoria, South Africa. 2. An IP location service provided those coordinates, along with an uncertainty radius, for Pretoria IP addresses. 3. Other IP location services threw away the uncertainty radius. 4. South African government officials, bounty hunters, etc. used the IP location services that threw away the uncertainty radius. 5. The U.S. intelligence agency changed the coordinates to the center of the town square after being apprised of the issue.

That seems like fairly thin gruel for Slashdot's "U.S. sux" article du jour.

But ... but ... how could we feel superior to our fellow men if we couldn't bash the US today?

"Post apartheid South Africa is a house of horrors in general" is not the headline that anyone wants, but it would be the accurate one.

Re:So, in sum

[PPH]

That seems like fairly thin gruel for Slashdot's "U.S. sux" article du jour.

You seem to have ignored the broad distribution of blame for this situation and homed in on what appears to be the apparent centroid of the problem.

Re:So, in sum

[flink]

2 & 3 are why I like grid systems like MGRS. The precision is inherent in the coordinate data, and there is no illusion that the coordinates represent a precise point.

Re:So, in sum

The headline is blatantly false:

How Cartographers For the US Military Inadvertently Created a House of Horrors in South Africa

The Cartographers for the U.S. military did not intentionally nor inadvertently create the problem. The problem was created by the people that threw away data and used data without understanding what they were doing. Those people, as far as I can tell, were not U.S. military.

Now the U.S. National Geospatial Intelligence Agency, once they were aware of ignorant use of the data, did attempt to mitigate the problem created by downstream buffoons.

Seems like @SlateToTheGrind is more offended by blatant misrepresentations. So the answer to your question about being a "weak snowflake" should be evident by your broken question.

Re:So, in sum

Do you have any comments on Slashdot's abuse of headlines?

Re:So, in sum

It wasn't the US who caused the problem, others who willfully mislabeled data did. Yet the title says, "How Cartographers For the US Military Inadvertently Created a House of Horrors in South Africa"

Application of cause for a bad situation. That's blame.

The US == Evil narrative is so tiring. Even your post has that narrative running. Nobody sensible believes it. Yet people and bots like you push it every second of every day to destabilize for your own ego and geopolitical position at the cost of truth.

Re:So, in sum

[amicusNYCL]

That seems like fairly thin gruel for Slashdot's "U.S. sux" article du jour.

You just have to dig a little deeper for the meat.

"It's almost with religious zeal that these people come, thinking their goodies are in my yard," John told me. "The Apple customers seem to be the worst."

ah HA! You thought was "U.S. sux", but is "Apple sux" instead! Bamboozled again.

Clearly this homeowner is just an Android zealot, because those are the only people who ever criticize Apple users. I've learned this fact right here on Slashdot.

Re:So, in sum

[bill_mcgonigle]

Your news summary service is of higher value than the site it's hosted on.

Re:So, in sum

[pz]

Wow, just wow. Not only did you get a whoosh over just one person, but at least four moderators. Well done, sir!

MODS: the post, which is now at +5 insightful, should be +5 FUNNY.

Why? Because he is satirising the parent!

Re:So, in sum

[thegarbz]

Slashdot's "U.S. sux" article du jour.

After reading TFS and your comment I come to the conclusion you are incredibly insecure on behalf of your country.

Disable SSID Broadcast

Problem solved.

I had this same issue because I live in Rural America, and my house is within 100 yards of where most mapping software pins my zip code, and within a mile of the nearest Interstate. To cover my entire property, I have an outdoor AP with an omni antenna on top of my 90 foot ham radio tower, so my Wifi network is visible from that Interstate.

Once I disabled SSID broadcasting, people stopped showing up. I suspect that people were driving by on the Interstate, where there is poor cell coverage because it's rural, on their way to the city. At some point they would lose their phone and do a "find my phone" on their way home (along the same stretch of poorly-covered highway) and it would turn up with a pin in my back yard. Hence, unsolicited trespassers banging on my door drunk at 3 in the morning.

I'm glad I don't have to put up with that anymore. It's just a little inconvenient to set up new wireless clients without SSID broadcasting turned on.

Why has no one sued MaxMind into bankruptcy?

[Archtech]

Seriously, any company that causes so much distress and harm deserves to be put out of business. Unless it has enough money to pay appropriate damages to all of its victims - whether they complain or not - and to fix its utterly insane software decisions.

The CEO actually didn't know what to do about IP addresses that couldn't be located more precisely than "the USA"? I can do that one instantly. Tell the user that the IP address can't be located more precisely than "the USA". I know it rankles to big business, but when all else fails you can always try telling the truth.

Re:Why has no one sued MaxMind into bankruptcy?

[Archtech]

... and the NGA. Although sueing the US government might be difficult and counterproductive.

I like this bit:

'When he looked up the National Geospatial-Intelligence Agency’s website, he discovered it’s both a U.S. intelligence agency and part of the United States Department of Defense and “delivers world-class geospatial intelligence that provides a decisive advantage to policymakers, warfighters, intelligence professionals and first responders"'.

In view of the article and what it reveals, this may be how the Chinese Embassy in Belgrade got bombed. The USAF may have been using their "world-class geospatial intelligence" to hit somewhere completely different, elsewhere in Belgrade or its environs. Not to mention dozens of other world-class clusterfucks since.

Re:Why has no one sued MaxMind into bankruptcy?

[SlaveToTheGrind]

The CEO actually didn't know what to do about IP addresses that couldn't be located more precisely than "the USA"? I can do that one instantly. Tell the user that the IP address can't be located more precisely than "the USA".

If you read the fine article, that's exactly what they did:

But computer systems don’t deal well with abstract concepts like “city,” “state,” and “country,” so MaxMind offers up a specific latitude and longitude for every IP address in its databases (including its free, widely-used, open-source database). Along with the IP address and its coordinates is another entry called the “accuracy radius.”

The accuracy radius does what you might expect. It says how accurate the coordinates are; it indicates the 5-mile, or 100-mile, or 3,000-mile area included with “a point” on a map. Unfortunately, it is ignored by many geo-mapping sites such as IPlocation.net, which gets its data from IPInfo and EurekAPI, two more IP geolocation databases that use MaxMind as a source.

The issue is users / other services ignoring the accuracy radius. The question from the CEO was about the best approach to try to dumb down the system for people who were not using the information as intended/provided.

Re: Why has no one sued MaxMind into bankruptcy?

[c6gunner]

The CEO actually didn't know what to do about IP addresses that couldn't be located more precisely than "the USA"? I can do that one instantly. Tell the user that the IP address can't be located more precisely than "the USA".

That's what they did. "The IP address is located somewhere within this massive circle". It's not their fault that idiots interpreted that as "at the centre of this massive circle".

I agree that changing the coordinates of the centre of the circle to an unpopulated area makes sense given that the world is full of idiots, but not doing it by default isn't malicious and certainly shouldn't be grounds for a lawsuit in any sane legal system.

Re:Why has no one sued MaxMind into bankruptcy?

[gtwrek]

My read is actually the MaxMind CEO is acting fairly reasonably in working towards a solution. His firm had no malintent and worked reasonably in trying to solve both the problems in the US, and now the one in this article.

The first pass attempt at a fix in the US - moving the geographical center of the US to the middle of a lake (which I think is a great idea, BTW) resulted in a further lawsuit from the property owners of the lake. Which was settled. I think this was all a reasonable solution by all parties.

We should encourage this sort of response by companies, not demonize them. As opposed to the often relied on solution by companies when exposed to these sorts of problems - a shoulder shrug perhaps, if the problem is even acknowledged at all.

Put away the pitchforks.

Re: Why has no one sued MaxMind into bankruptcy?

[houghi]

TIL: The US is a circle. If you are unable to give a point, you do not give the average point, you give the whole area.

A point is one dimension, an ares is two.

If you look for a city or a state or a country, you do not point at the middle and say: there is is.

Re:Why has no one sued MaxMind into bankruptcy?

[ichimunki]

Pointing it to the middle of a lake is stupid. While MaxMind may not have any ill intent here, their incompetence is incredible. If the problem is that stolen hardware is being tracked down to the GPS coordinates and the accuracy number associated with those coordinates is being ignored, set the GPS coordinates to somewhere more responsive than the middle of the lake. Perhaps the nearest police, sheriff, FBI office? You know, somewhere that will be able to respond to these concerns with some authority?

Re:Why has no one sued MaxMind into bankruptcy?

MaxMind provides a database with accuracy that precipitously drops as your resolution changes from "in this country" and they advertise such. A typical database entry contains fields that in the US would translate to "Country, State, City, ZIP Code" but may have variant meanings in other locales (Province, territory, region, or whatever convenient designations may exist for the locale). The entry even indicates when it is not sure:

US, N/A, N/A, N/A, N/A, ...

That same entry does contain GPS coordinates that are an estimate of the center of said region. Note that the region is usually not a circle and may align by artificial designations (such as latitude and longitude) or natural ones (coastlines, rivers, or mountain ranges) or both.

Modern internet services make it trivial to show a pin on a map, so many 3rd party services do just that. This even happens when the area should be a large shaded region. In turn, 4th party users fail to understand that the pin is not meant to be an exact location. This is usually quite obvious if they attempt to locate the equipment that they have/control. It also does not take into account tunneling. So a typical corporate network that sends all Internet traffic through a single web proxy and firewall in California will appear to be in California no matter what. Thus a laptop on the corporate VPN in an Internet Café in Chicago and a branch office in Atlanta will both be inaccurately pinned in California.

Re:Why has no one sued MaxMind into bankruptcy?

The issue is users / other services ignoring the accuracy radius. The question from the CEO was about the best approach to try to dumb down the system for people who were not using the information as intended/provided.

The obvious solution is to use separate data fields for each level of accuracy. If you're accurate to the country, give the country code. If you're accurate to the postal code, give the country code and postal code. Leave anything you can't specify blank. Then it's on the idiots downstream when they translate a country code into the geographic center of the country.

Alternately, inject random errors based on the uncertainty radius, updated every time a location is requested. Bonus points for limiting reported locations to police stations, courthouses, prisons, and military bases.

Re:Why has no one sued MaxMind into bankruptcy?

[gtwrek]

Sorry, I think the middle of the lake is a great idea. You can't fix stupid - I'd rather just have stupid railing on about the center of a lake than bothering the police with their ramblings. (Again, preferable if the lake is public accessible)

It could be a learning experience - when one googles around and sees the location of some suspicious activity as the center of a lake - it might lead one to think "hmm is this reasonable..."

Re: Why has no one sued MaxMind into bankruptcy?

Geometry fail. Want to know the way to define where a circle is, within two dimensional space? Locate its centerpoint and give the radius of the circle. But please, keep stretching for a angle that will make you feel right.

Re:Why has no one sued MaxMind into bankruptcy?

[Sique]

Any of those solutions is arbitrary and will create arbitrary problems, and then some wise guy will appear and point to another foolproof method to solve exactly this problem and creating a chain of new problems by the way. You can't store the information about an area into a single point. So any application that returns a single point will fail if that point is not known exactly enough.

Re:Why has no one sued MaxMind into bankruptcy?

[Ichijo]

Along with the IP address and its coordinates is another entry called the âoeaccuracy radius.â

Doesn't the precision of the returned coordinates--the number of significant figures, if you remember your high school science classes--imply the accuracy radius?

Is the database populated with falsely precise coordinates?

Re: Why has no one sued MaxMind into bankruptcy?

[Dragonslicer]

A point is one dimension, an ares is two.

One dimension would be a line, not a point. Ares, being a god, is in an entirely different dimension.

Re:Why has no one sued MaxMind into bankruptcy?

[mejustme]

Is the database populated with falsely precise coordinates?

No. The locations are the center of a circle. The size of the radius -- which is yet another field in the database -- then determines the precision. But some users (some web sites, some apps, etc) look at the center of the circle, place a pin at that location, and then forget to indicate that the radius is hundreds or thousands of km.

Here is an example from the MaxMind database when I look up a Google address, 65.44.217.6:

{ "city" : { "names" : { "en" : "Fresno" } },
      "continent" : { "code" : "NA", "names" : { "en" : "North America" } },
      "country" : { "iso_code" : "US", "names" : { "en" : "United States" } },
      "location" : { "accuracy_radius" : 200,
                                      "latitude" : 36.6055,
                                      "longitude" : -119.752,
                                      "time_zone" : "America/Los_Angeles" },
      "postal" : { "code" : "93725" },
      "subdivisions" : [ { "iso_code" : "CA", "names" : { "en" : "California" } } ]
}

Note the "accuracy_radius" field, which is in km. But if you ignore that field and only look at latitude and longitude, you have a single pin on a map, incorrectly making it look like an IP address maps to a specific house or business, while it should map to a large circle with a 200 km (124 miles) radius.

Re:Why has no one sued MaxMind into bankruptcy?

[mejustme]

Here is an example from the MaxMind database when I look up a Google address, 65.44.217.6:

Took the wrong line from my Apache log file, that IP address is not a Google one but a msn.com bot address.

Re:Why has no one sued MaxMind into bankruptcy?

I agree, the middle of a lake seems like a good idea.

Maybe a better idea is to set the "center of the USA" to the location of MaxMind's headquarters?

Re:Why has no one sued MaxMind into bankruptcy?

You can't fix stupid -

...but you can set the geolocation to the middle of a military base, nuclear plant, presidential palace or anything that is heavily guarded. Armed guards 24/7 who won't respond kindly to 'stupid & persistent'. Or in Africa, geolocate a known field of land mines. Stupid won't last long.

Re:Why has no one sued MaxMind into bankruptcy?

[Ichijo]

But if you ignore [accuracy_radius] and only look at latitude and longitude, you have a single pin on a map

Not a rectangular-ish shape with upper left coordinate (-119,7524999,36.60554999) and lower right coordinate (-119.7515,36.60545)?

Re:Why has no one sued MaxMind into bankruptcy?

So the accuracy radius exceeds the size of the postal code. Right there that should have set lat/lon to "N/A" or whatever their null value is. I mean, you wouldn't return a postal code if the accuracy radius were 3000, right? This is a prime example of idiotic coding. And instead of not providing data that they know provides no additional information, they now have to make sure that every default location on the planet falls on a neutral site. Let me guess, "the system can't handle database records without latitude and longitude." Because it's morons all the way down.

Re:Why has no one sued MaxMind into bankruptcy?

Good luck getting the same lazy websites/services that won't recognize the accuracy radius field to bother to grab a completely separate GPS coordinate field.

Actual summary

[psnyder]

Many mapping systems give specific latitude and longitude coordinates and an accuracy radius for an IP address. When the accuracy radius is inaccurately large (like searching for a city, or a country) the coordinates arrow points in the middle, which can be someone's house. Someone using location services (like "Find My Lost Phone", and even police) often get these coordinates without understanding the accuracy sucks.

This particular case in South Africa happened because of a mapping service created by "National Geospatial-Intelligence Agency", which is part of the US Dept of Defense.

I'm not sure why useful information like this wasn't in the summary, but... I guess it made me read the article, so the jokes on me.

My favorite quote was from a guy that lives in this house. Right after the article says, "a team of police commandos stormed the property, pointing a huge gun through the door at Ann, who was sitting on the couch in her living room eating dinner", a few sentences later he says, "The Apple customers seem to be the worst."

Re:Actual summary

[Provocateur]

You should ride with my uncle, who trusts his GPS 100 percent. (The weakest link is the one entering the data, for example Here is the address, which I recite to him verbatim, and he decides to just punch in the zip code -- "quicker" he says. Two and a half hours later, still on the highway, he does not understand that the GPS picked the center of that zip code, and that neanderthals would have made it to the job interview by the scent of office furniture.

Re:Actual summary

The police probably stood-down when the situation was explained to them. But Apple customers....

Re:Actual summary

[140Mandak262Jamuna]

Are you sure your uncle belongs to the Homo sapien species? Or does he belong to the Boreopithecus americanus stupidia

MaxMind is worrying

[RuiFRibeiro]

MaxMind can be a boon to test geolocation.
Now, believe it pinpoint to exact locations in some cases can be quite far fetched.
I was once tracking someone that was harassing me via skype; managed to get his IP however the location was to...an hairdresser....and on the other side of the street of the ISP that person was using.
I already new the provider from whois data, so MaxMind did not allow me to narrow it more than the city.
As usual, tools can be quite useful, but part of the craft is knowing until which point you are able to trust the data they spew out.

gun control

[reanjr]

Dunno what South Africa gun laws are like, but in America, these people would be greeted with a gun to their face.

Re:gun control

[110010001000]

Sure they would. Gun owners are regularly protecting their "freedoms".

Re:gun control

The pizza delivery guy must love you.

Re:gun control

[Fly+Swatter]

I don't want to know what part of our country you live in, but please just stay there.

Re:gun control

[gtall]

reanjr goes to house to ask directions, he's lost:

reanjr: Can you give me directions to blop.

gun owner: Oh yeah, take that...BLAM...and that....BLAM....

reanjr: (in dying breath) but all I wanted was directions....THUNK.

gun owner: That'll learn ya to ask directions in America!!

Re:gun control

The pizza delivery guy is *invited* to be there and doesn't show up making illogical demands and invading the residence.

Is it difficult for you to understand the specific details of this story to where you pretend that something unrelated is the same?

Re:gun control

[squiggleslash]

Yeah pointing guns at police and bail bondsmen always goes well in the US.

Re:gun control

Please cite any event where this happened. Highlight the specific details and how they compare and contrast with not only this story but also what @jeanjr suggested - which didn't specify shooting anyone.

Re:gun control

[jeff4747]

Please cite any event where this happened.

Ok.

Now, the victim was seeking help after a car accident instead of asking directions, but a pretty similar scenario.

Re:gun control

[jeff4747]

And since some of "these people" were law enforcement, that would quickly result in the death of the homeowner.

Re: gun control

[reanjr]

SoCal.

Re: gun control

[reanjr]

If law enforcement shows up to my door more than once for such specious shit, then I'm going to get a multi-million dollar settlement from the police for harassment.

Re: gun control

[jeff4747]

No, you can't file a lawsuit after they've killed you for drawing a gun on them.

Re: gun control

[reanjr]

Those are different strategies. My point is that if you have an ongoing, recurrent problem with this, then it's not the police, because the police would have been sued already; so anyone coming to the door now gets a gun to the face.

Re: gun control

[jeff4747]

My point is that if you have an ongoing, recurrent problem with this, then it's not the police, because the police would have been sued already

There was an ongoing, recurrent problem with this in the US, on one farm in Nebraska.

No lawsuits.

Easy answer

Because his ego couldn't let him admit that his device (and by extension, he) could be wrong.

Outsource the work but not the responsibility

Many years ago a very smart auditor told me that I could outsource my work, but not my responsibilities.

When you screw up your job, you can not blame your tools. Law enforcement has many tools at their disposal, but ultimately it is their job to verify what their tools are telling them.

Problem should be easy to solve

[davidwr]

The vast majority of IP addresses can be traced to either a relatively small space - a dot on map surrounded by an uncertainty radius - or a fixed "shape" such as a country or ISP service area, perhaps surrounded by its own "radius of uncertainty" around that area if the IP address is mobile.

MaxMind, one of the companies in the story, already takes the first approach.

Adding links to computer-readable map data of political entities and ISP service areas along with a "boundary of uncertainty" and providing these instead of an actual latitude and longitude is a good next step.

For IP addresses that are known to be proxy addresses - think companies that funnel all outbound web searches through their corporate firewall on one hand and consumer VPN, TOR exit nodes, and related services on the other - explicitly flag them as such so people know that any geolocation efforts are unreliable.

Wow are they really that dense?

"professional" tracking device "that could not be wrong,"

Really? Either they are in a state of denial, incredibly naive and believe the status quo and the powers to be (or anything labeled "professional") could never be wrong, or plain stupid. I'm going to say the last two with maybe a hint of the first.

  And it's "useful idiots" like these that ensure that we will be battling fascism now and likely 'till the end of time.

Not really true... in reality.. in real life

If you look at the past 20 years the few times our ships have been attacked they've successfully shrugged off multiple hits that should have sunk them in 1 (first gulf war) and in the case of the yemanese lobbing missiles at our ships we successfully employed countermeasures. I forget the ship and the missiles but they're simulated at something like an 80% chance of hitting the ship. All of our planning assumes that the first one to get off their missiles will be the victor but we've seen from our few real life data points that in actuality for whatever reason us warships still seem to have a massive advantage.

He knew he could be wrong, all along.

[King_TJ]

Just a typical intimidation tactic used by police and detectives, really. They figure if people really were hiding an abducted kid there, they could rattle them a bit by acting 100% confident.

Re:He knew he could be wrong, all along.

^This. Investigators, bill collectors, etc. use "This address/phone number/name was in [something impressive sounding.] It can't be wrong, you're lying! WHERE'S JIMMY?"

Re:He knew he could be wrong, all along.

You are correct, and authority figures more generally.

We had a situation where a property manager attempted to shut down a question from my family, at the AGM (it's a condo situation). The property manager claimed "we weren't owners and therefore had no right to raise questions." When challenged, the property manager doubled down and claimed "we check the title rolls annually" and could not be wrong.

Not only was this property manager wrong, we had been on title for something like 5 years. It certainly wasn't the case that my family just slid in a title change at the last moment, 2 hours before the AGM.

No, it was just a BS move by a property manager, trying to shore up a flimsy argument with a transparent ploy to imply we didn't have any rights. Instead it backfired big time.

Re:He knew he could be wrong, all along.

There is no missing child here. But keep accusing me, and YOU will be a missing person soon enough!

Why did a judge sign off on the warrant?

[bob4u2c]

I'm assuming the only evidence they had was an IP address it was last connected to. With that they were able to secure a warrant to search a house half way around the world. That seems to be the bigger problem. Someone needs to tell them that an IP address does not directly relate to physical address; it also does not directly relate to a single person/computer.

Also how hard would it be to run a query to group common gps coordinates and order them by instances. Then looking at the highest instances first, check if the data was based on a town location. If it was then change that coordinate to the local police station. You would kill two birds with one stone. People would show up at the police station looking for kidnapped people or lost devices. Plus warrants would be issued to local law enforcement to search their own building.

And if that doesn't work, we switch them to the nearest local elected representative.

Re:Why did a judge sign off on the warrant?

[AHuxley]

South Africa would have tried to work with police around the world since such cooperation was an option.
During the South African Border War South Africa always tried to follow police methods to tell the world about the people and Soviet mil supplies its police and mil found.
When the government changed South Africa again knew it had to work with international policing efforts.
For that support South Africa could expect help in finding its own citizens around the world as it had always been helpful and responsive.

Company claims 50Km accuracy half the time

[raymorris]

The company claims that about half the time, it is accurate to within 50 Km.
https://www.maxmind.com/en/geo...

I've seen this before...

This is like that house in the geographical centre of the USA that got all the wrong attention from the authorities!

Here's the first link I found on Google:

https://splinternews.com/how-an-internet-mapping-glitch-turned-a-random-kansas-f-1793856052

I don't get it

[Shotgun]

The article goes to great lengths to say that this went on for years. Why didn't they ask the first guy to show up the simple question, "Why did you think you would find your phone here?" They would say, "Because I used this free IP Adress locating website." Contact the website, and you're off to the races. It might not have gotten resolved until the second or third visit from SWAT, but they'd at least KNOW why it was happening. Having to hire a lawyer and then contact a university professor? Why didn't they just ask the people showing up?

The not-so-shocking twist

That wasn't your ISP.
And now you get to pay for the scammer's internet too, because to a billing department name + account number + phone number = identity.

Re:The not-so-shocking twist

[ceoyoyo]

Oh, the confidence of an anonymous coward.

Yes, it was my ISP. I was pretty sure it was them, but being naturally paranoid and also a pain in the ass I informed them that I could neither give them nor confirm any personal information because they called me and I had no idea if they were who they claimed to be.

Their computer system cannot conceive of a customer who does not have landline telephone service. So for those crazy ones who don't want it, they create an account with a fake (free) landline and internet. Except in my case they created an account where everything was free, and another account where nothing was, but only told me about the first one.

Re: The not-so-shocking twist

Could be true. The ISP I used to have (big government Telco) frequently sent wrong bills. Both more expensive and too cheap. I think they mixed the customer IDs sometimes as the bills looked to be for reasonable packages, just different than what I had.

Read the Entire Gizmodo Article

[DERoss]

The cited Gizmodo article at https://gizmodo.com/how-cartog... clearly indicates that geolocation from IP addresses is not accurate. The article contained a link to a Web page at What Is My IP Address that does geolocation for the IP address of whoever visits that Web page. While What Is My IP Address did get my correct IP address and correctly placed me in California, it also placed me in the wrong county with the wrong ZIP code about 4 miles away from my true location.

I tried three other Web-based geolocation services. GeoIP first placed me in Missiouri; when I reloaded the Web page, it then placed me in New Jersey. Reloading justmyip placed me in Harrisburg, Pennsylvania; Tokyo, Japan; and La Roda, Spain. Both GeoIP and justmyip repeatedly got my IP address wrong. IP2Location placed me in California with the correct IP address but about 7 miles from my true location, in the same county as reported by What Is My IP Address but an even different ZIP code.

My nightmares made manifest

I work in the GIS (Geographic Information Systems, electronic maps basically) field and I can tell you that even if you have someone sitting right across from you and you're spelling out the limitations of the datasets straight to their face too many people let confirmation bias get the better of them. I mostly deal with datasets on the "local" level (never leave my little ~700 square mile area) so "property lines" are one of the big dataset focuses. It's good for its intended purpose but the lines can be accurate down to a few inches (very rare) all the way to a shot in the dark (a little less rare) but most are probably in the "within 5-10' " region for our dataset. You can tell people this repeatedly and they will still try to pick out which side of the polygon line a random shrub is from an aerial photo that has each pixel being about 6-10" in size. If they perceive that the line is in a location advantageous to them they'll exclaim "you've proven what I knew all along and I can now go build a fence/tell off my neighbor". If it's in a location that is disadvantageous to them their response is generally "this stuff is useless/meaningless crap". Either way it should be "that gives me some useful information, if I need to do anything serious or have any issues I'll delve more deeply into getting it confirmed" (a title search and a survey generally). All map data has a finite scale AKA accuracy (both digital and paper based), the larger your dataset coverage is the more likely it is to have significant accuracy issues when viewed close in. To stick with the "property lines" example a survey of a specific parcel is likely to be accurate to within a few inches, a random parcel out of +30k polygons in a local GIS dataset is probably going accurate to around a dozen feet, an entry in a statewide database is probably only going to be accurate on average to within a country block (1 mile square). If you're going to a global dataset, be thankful if it's in the right county/geographical region. Of course in time as the technology improves and more information is fed into the system overall accuracy will improve, but it will take time. In the interim, and likely even after it reaches such a stage, information should always be considered at least somewhat suspect without further verification.

If you want a simplified explanation use this.... If you blindly followed a car GPS instructions to drive your vehicle into a lake you'd rightly be called an idiot. So why should you be thought of any differently if you blindly trust some IP geolocator to show you where a criminal/property/computer is?