(Mis)using IP addresses as geographical locators

Using internet data for purposes it was not designed for has caused tremendous physical and emotional damage. Here, we see that using IP Addresses for finding a specific geographic location is only as good as the database used. 

But when people think the database provides more detail than the creators explicitly say, well, we get this.

An hour’s drive from Wichita, Kansas, in a little town called Potwin, there is a 360-acre piece of land with a very big problem.

The plot has been owned by the Vogelman family for more than a hundred years, though the current owner, Joyce Taylor née Vogelman, 82, now rents it out. The acreage is quiet and remote: a farm, a pasture, an old orchard, two barns, some hog shacks and a two-story house. It’s the kind of place you move to if you want to get away from it all. The nearest neighbor is a mile away, and the closest big town has just 13,000 people. It is real, rural America; in fact, it’s a two-hour drive from the exact geographical center of the United States.

But instead of being a place of respite, the people who live on Joyce Taylor’s land find themselves in a technological horror story.


The creators of the database explicitly say that it should only be used for the city/town level, because they had to make some arbitrary choices. Sometimes they cannot get greater detail for some IP Addresses. Like they could identify the states or country but no further. 

So they arbitrarily chose the geographic center of the country or state if nothing more detailed could be determined  They did not intend their database to be used for finding houses.

And they did not realize there might be houses located at their default locations.

But their database is used by a wide variety of other vendors – over 5000 of them – many who apparently forgot to mention this lack of precision. They often said their app would assign a geographic location to any IP address.

And it did. Most of the time.

But, when it failed, it used the default value, which in this case just happened to be close to someone’s home. Meaning that one house came up as the geographic location for millions of IP addresses.

Over 600 million IP addresses were mapped to this one home by some of the software using the database.

So police showed up. And the FBI. People trespassed on the farm, rooting through the barns for stuff. The people on the property were doxxed on Facebook and other social media as terrible people.

All because a database was misused, assuming more precision than was really present.

The company that makes the database has been made aware of this problem. There is an easy fix – they are assigning the defaults to bodies of water where no one can live.

And updating their database. That should help things a lot. I just hope they chose their bodies of water well.

Image: Michael Dorausch