[188662] in North American Network Operators' Group
Re: GeoIP database issues and the real world consequences
daemon@ATHENA.MIT.EDU (Owen DeLong)
Mon Apr 11 17:11:08 2016
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <59B0E3A0-DF5F-4C9E-8068-54A3B0800DFE@blighty.com>
Date: Mon, 11 Apr 2016 14:09:56 -0700
To: Steve Atkins <steve@blighty.com>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> On Apr 11, 2016, at 10:26 , Steve Atkins <steve@blighty.com> wrote:
>=20
>>=20
>> On Apr 11, 2016, at 10:11 AM, Hugo Slabbert <hugo@slabnet.com> wrote:
>>=20
>>=20
>> On Mon 2016-Apr-11 13:02:14 -0400, Ken Chase <math@sizone.org> wrote:
>>=20
>>> TL;DR: GeoIP put unknown IP location mappings to the 'center of the =
country'
>>> but then rounded off the lat long so it points at this farm.
>>>=20
>>> Cant believe law enforcement is using this kind of info to execute =
searches.
>>> Wouldnt that undermine the credibility of any evidence brought up in =
trials
>>> for any geoip locates?
>>>=20
>>> Seems to me locating unknowns somewhere in the middle of a big lake =
or park in
>>> the center of the country might be a better idea.
>>=20
>> ...how about actually marking an unknown as...oh, I dunno: "unknown"? =
Is there no analogue in the GeoIP lookups for a 404?
>=20
> It's not unknown - it's (according to the DB, anyway, which has a =
bunch of flaws) "in the US somewhere".
>=20
> The problem with MaxMind (and other geoip databases I've seen that do =
Lat/Long as well as Country / State / Town) is that the data doesn't =
include uncertainty, so it returns "38.0/-97.0" rather than "somewhere =
in a 3000 mile radius circle centered on 38.0/-97.0".
>=20
> Someone should show them RFC 1876 as an example of better practice.
>=20
> Cheers,
> Steve
So really, what is needed is two additional fields for the lat/lon of =
laterr/lonerr so that, for example, instead of just 38.0/-97.0, you =
would get 38.0=C2=B12/-97.0=C2=B110 or something like that.
This seems reasonable to me.
Owen
