How an IP address can reveal your location

A team of researchers from Northwestern University and Microsoft Research recently announced a new method by which a computer’s IP address can be used to pinpoint a user’s location within a half-mile, a geolocation accuracy that is 50 times more accurate than current systems used.

The paper,“Towards Street-Level Client-Independent IP Geolocation” was presented at USENIX Networked Systems Design and Implementation conference at the beginning of April, reported Ars Technica.

Terrorists and foreign governments, in theory, could use the collected geographical information to target physical government locations. Or the situation could be reversed — government officials could use the data to target terrorists and criminals or improve response times for emergencies.

The report comes at the same time as researchers announced that Apple and Google are tracking and storing location information from cell phones. Individuals and government officials are expressing privacy concerns over possible location data usage.

In the report, the researchers state that their new geolocation method can be used to track individuals in real time, returning information within one to two seconds. More important, the technique is client-independent, requiring neither permission nor software from the targeted computer.

The new method uses a three-step process, combining statistical analysis, location data already available on the Internet, and known signal travel times to narrow the location radius of a computer. Unlike previous methods, the new process uses landmarks to improve geolocation accuracy.

In the first step, the researchers ping multiple servers, converting the response time to a geographical distance. Where all server responses overlap is the general area where the computer is located.
 

In the second step, the researchers narrowed the area by mapping nearby IP addresses at known physical locations within the potential radius — sites that host their own websites and post their address online— using a commercial mapping service such as Google Maps. Using a traceroute program, the researchers then determined which routers are potentially connected to both the known locations and the unknown IP. The researchers also used methodologies and analysis to eliminate potential location false positives.

In the third and final step, the researchers used the combined information, together with distance and time data between known locations, to determine possible IP locations relative to the nearby mapped landmarks. They then associated the nearest landmark to the IP address to develop an estimate of the IP address within a half-mile.

How the data could and would be used the future, as well as its accuracy in actual practice, is unknown. The researchers stated in the report that the geographical location data could be used by online retailers, for example, to more specifically target customers.

Comments to the Ars Technica story pointed out several possible shortcomings with the methodology, including:

• Firewalls used today by personal computers typically block pings from unknown sources.
• For law enforcement, it could be much faster and easier to simply obtain a warrant for the actual IP address.
• The process is the most accurate in dense locations – cities – where there are high numbers of landmarks. However, cities also have the highest number of potential IP locations.
• Many companies today are moving their servers offsite, creating fewer local landmarks to use as geographical markers.
• Internet service providers and companies such as Google already have anonymized IP geographic data they can sell.
• Individuals can create random ping delays, distorting estimated distances.
• Technology is available to mask an IP address.