Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
The Internet Technology

Internet Mapping Glitch Turned a Random Kansas Farm Into a Digital Hell (fusion.net) 195

An anonymous reader writes: Back in 2002, a company called MaxMind had an idea: Gather up as many unique computer or smartphone IP addresses as they can, match them to a map, and sell that data to advertisers. The problem is that MaxMind's tech has made life miserable for a handful of homes across the US -- especially one otherwise unnoteworthy northern Kansas farm. The farm's 82-year-old owner, Joyce Taylor, and her tenants have been subject to numerous FBI visits, IRS collectors, ambulances, threats, and the release of private information online. They've found people rummaging in the farm's barn and one person even left a broken toilet for some reason. People would even post her details online and encourage others to get in on the harassment, she said. The local sheriff even had to put a sign on her driveway, telling trespassers to stay away and contact him first if there are any questions. What's her mistake? MaxMind thought that if its tech couldn't tell where, exactly, in the United States, an IP address was located, it would instead return a default set of coordinates very near the geographic center of the country -- coordinates that happen to coincide with Taylor's front yard. The abuse began in 2011. A quick online search for the farm's address brings up pages of forum posts reporting the "scam farm."
This discussion has been archived. No new comments can be posted.

Internet Mapping Glitch Turned a Random Kansas Farm Into a Digital Hell

Comments Filter:
  • "Glitch" (Score:5, Insightful)

    by Anonymous Coward on Monday April 11, 2016 @03:32PM (#51887047)

    The glitch is in your brains for geolocating anything deeper than the local ISP's router.

    • By the time anyone had figured out the information was low quality, the scammers had cashed the checks and their tent was folded up and on the way to the next scheme.

      I'm sorry for what happened to these Kansans, but three cheers for a lesson to businesses that would buy personal information from a trafficker getting a steaming pile worthless info instead.

      • Re:"Glitch" (Score:5, Interesting)

        by ShaunC ( 203807 ) on Monday April 11, 2016 @05:26PM (#51887673)

        By the time anyone had figured out the information was low quality, the scammers had cashed the checks and their tent was folded up and on the way to the next scheme.

        Except MaxMind is still very much in business and still selling the data, I run into their name fairly often. They've agreed to relocate the ZIP code centers of Powtin KS and Ashburn VA within their dataset to be in the middle of local lakes, but that doesn't help the other 40,000+ ZIP codes out there.

        What's more troubling to me is that police, the FBI, and the US Marshals are apparently using this data to get search warrants and to raid peoples' homes! Shouldn't they be subpoenaing the ISP?

        • Re: (Score:3, Interesting)

          by Anonymous Coward

          They are, and the ISP are using MaxMind to tell them were the IP address was physically located!

          MaxMind has disclaimers on their data sets saying they're only good down to the local city or zip code but people are taking them to be exact location. I've never used their service so I can't say how visible those disclaimers are. I'm not sure which part is more to blame.

          I also don't know why all the people affected by this can't sue and get tons of money from everybody.

        • Re:"Glitch" (Score:5, Insightful)

          by Anonymous Coward on Monday April 11, 2016 @10:24PM (#51889167)

          What's more troubling to me is that police, the FBI, and the US Marshals are apparently using this data to get search warrants and to raid peoples' homes! Shouldn't they be subpoenaing the ISP?

          No, they should be hauled into court for being so amazingly irresponsible. People have an absolutely crazy idea that geo-IP location is completely correct. It is not. I've been using MaxMind data for years and have always borne in mind what they say about their accuracy. Hint: is is *never* near 100%. They can be fairly good at putting you in the right state and even the right city, but you should take the ZIP-code information, let alone latitude and longitude, with a big grain of salt.

          When a lookup into their dataset fails to return a city, that means that IT CANNOT LOCATE THE CITY and that the latitude and longitude information are worthless. If you've been using that dataset for any time, you'd know that.

          Remember also that there are lots of people using VPN's, cellular networks, satellite carriers, or TOR. MaxMind's service is useful, but is far from infallable.

          Here are two results. 1) law-enforcement agencies should *NEVER* use the geo-IP location data to get to a street address or exact GPS coordinates. If they need to know, they can use an AS lookup (also available as a MaxMind database) and then ask the ISP. 2) Geo-IP is not nearly reliable enough to use for collecting sales tax (the whole discussion of the nexus of a sale is a whole 'nother topic).

          The fault is not MaxMind's. They advert to their accuracy: "99.8% accurate on a country level, 90% accurate on a state level, 81% accurate on a city level for the US within a 50 kilometer radius". Only eighty-one percent! The law-enforcement people who are raiding people's houses on the basis on this data should face prosecution!

        • They've agreed to relocate the ZIP code centers of Powtin KS and Ashburn VA within their dataset to be in the middle of local lakes,

          Tonight in the news- entire SWAT team drowns!

  • Bullshit (Score:5, Informative)

    by OverlordQ ( 264228 ) on Monday April 11, 2016 @03:42PM (#51887107) Journal

    "“Until you reached out to us, we were unaware that there were issues with how we selected these lat/lons,”"

    Bullshit.

    • Re:Bullshit (Score:5, Insightful)

      by AmiMoJo ( 196126 ) on Monday April 11, 2016 @04:27PM (#51887375) Homepage Journal

      You couldn't make this up. Their defence is "we are so dumb we didn't think of this obvious flaw or pick it up in testing, but incompetence at our core business is better than malice right?"

      • by Cramer ( 69040 )

        ... or, IDK, listen to the complaints from the hundreds/thousands of customers who have pointed out their ~600million lies.

        I've known about this for years. You cannot trust their geo data. It will never return an "I. Don't. F'ing. Know." Every IP you ask about, it WILL give you a location.

    • Re:Bullshit (Score:4, Interesting)

      by Trailer Trash ( 60756 ) on Monday April 11, 2016 @04:51PM (#51887509) Homepage

      "“Until you reached out to us, we were unaware that there were issues with how we selected these lat/lons,”"

      Bullshit.

      To be fair, these are people who are running a database company but don't understand the basic concept of NULL values. And now their "fix" is to change the defaults to a more obvious wrong location.

      Sigh.

      • likely now they have to give a location or will break services that assume no token for "not found". Since most of the trouble is caused by criminal complaints... 1600 Pennsylvania ave should work (or even better, whatever the address for congress is).

        Realistically they should return 0.0 0.0, a nice point in the ocean.
        -nbr

        • What's wrong with NaN? Having a value in the range of valid data is not the right way to indicate 'value not found'.

          • The problem is that NaN obfuscates part of the real answer. i.e. they know the location is somewhere in the USA, they just don't know exactly where. This isn't "value not found" it's "value narrowed down, but can't pin point it exactly on a map".

            How do you best represent that with GPS data if the GPS data can't incorporate an accuracy field?

            • by DarkOx ( 621550 )

              Well one solution would be to create a table of values outside the allowed range but that will still fit inside the data type used for storage.

              181W - 91N == Somewhere in the Continental US
              182W - 91N == Somewhere in mainland Canada
              183W - 91N == Somewhere in Alaska ...

            • by arth1 ( 260657 )

              How do you best represent that with GPS data if the GPS data can't incorporate an accuracy field?

              Return two results.
              R1: lat+inaccuracy, lat+inaccuracy
              R2: lat-inaccuracy, lat-inaccuracy
              If displayed as a shaded area, that could show a rectangular (depending on your projection method) result that includes all of Kansas.

              That would be helpful on a smaller scale too - if you know the IP is in a neighborhood, the result would indicate that instead of pointing to a particular house which it almost certainly isn't.

            • It's not GPS thing, It's your IP address you got via a DHCP server at the ISP's datacenter is usually kinda-sorta assigned somewhere arround, when their is no full moon +- 100Km of this coordinates to 5 decimal places thing. I'm impressed they get the city right more than 50% of the time.

              • No this is a GPS thing. The database in question gives a GPS location to the IP address with an error scale. This error scale could be a city, a state or a country. But if the client only reads the actual GPS coordinates what are you to do?

        • Comment removed based on user account deletion
      • Comment removed based on user account deletion
      • But its not wrong location. Its the coords for the country.

      • Oh they understand the concept of NULL values, but the value isn't NULL. They know part of the location but at a low resolution. My guess is their database, or more specifically the front end of many thousands of products don't take into account of "nearly NULL" as a suitable location.

        Now I'm keen to know how you propose to reply to a query for a location when you know it's somewhere in Canada but you don't know the exact location of the router, but the client only accepts a latitude and longitude field.

        Ded

        • Oh they understand the concept of NULL values, but the value isn't NULL. They know part of the location but at a low resolution.

          ARIN can get you to the country level. The data here is NULL because they don't know where it is. The closest they can get is "USA", but, again, I can get that information elsewhere. For this particular dataset the appropriate value is NULL.

      • Comment removed based on user account deletion
  • by FireballX301 ( 766274 ) on Monday April 11, 2016 @03:42PM (#51887115) Journal
    Developers: If we can't resolve the IP lets just give it a default center of the US coordinate, instead of returning a 'could not resolve location'
    Project Manager: Sounds good to me!

    Later...
    A moron sysadmin: I'm getting tons of inbound spam traffic coming from this farmhouse in the middle of Kansas that has curiously rounded coordinates! They must be the culprit, clearly this IP GIS lookup has 5 digits of precision on lat/long!

    Lots of stupidity to go around here
    • by Anonymous Coward on Monday April 11, 2016 @03:58PM (#51887199)

      They should have located it at some high security base, so that people with too much time on their hands would no longer be a public nuisance

    • by tlhIngan ( 30335 ) <slashdot&worf,net> on Monday April 11, 2016 @04:02PM (#51887221)

      Even worse, they claim it's only good to the city/county level, in which case why are you returning exact GPS style coordinates?! People assume when you have exact coordinates, they're, well, exact.

      At least report an uncertainty circle in your result at the very minimum. If you're not sure, make it stupidly large, like the country or the earth, or the solar system.

      Though what you should do is simple - just return the zip code. You can convert zip codes to the approximate area quite easily, but they don't result in houses. Or just return it as city and state, since that's the resolution you're dealing with.

      Really, a huge sigfig problem.

    • by AmiMoJo ( 196126 ) on Monday April 11, 2016 @04:10PM (#51887261) Homepage Journal

      2030, somewhere off the west coast of Africa there's a graveyard. A graveyard for broken drone ships, and the occasional long range drone aircraft. Fragments of wing and the odd tyre float between listing hulls, batteries and fuel long since depleted.

      Well, not just "somewhere", GPS coordinates 0,0.

    • by mwvdlee ( 775178 ) on Monday April 11, 2016 @04:10PM (#51887263) Homepage

      We use the MaxMind database. Lat/Long is not the only information stored in their databases. For instance, it also contains a column that indicates whether the record found is considered accurate to the level of, for instance, a city, a state or an entire country. These records centered on the farm are all clearly marked for "country" (which is why they point to the center of the country in the first place). The problem here isn't the database, it's people using a fraction of the database without understanding what the information actually means.

      • by mccrew ( 62494 )

        The problem here isn't the database, it's people using a fraction of the database without understanding what the information actually means.

        Oh, c'mon, that's just a blame-the-victim cop-out. Sure they can attempt to deflect blame by claiming that the masses, who are at least two degrees removed from the vendor, are supposed to somehow just know that the exact-seeming location really isn't. I'll bet you'd be singing a different tune if the GPS were centered on your driveway.

      • The problem here isn't the database, it's people using a fraction of the database without understanding what the information actually means.

        Well, that explains the aforementioned repeat visits from the FBI, anyway...

    • More like:

      Developers: Hey, what should we do if we can't resolve an IP? We're thinking throw back a detailed error message of the reason.
      Project Manager: No, we want to give as much information as we can, then we can claim to resolve any IP, which adds value for our customers. Just return the coordinates of the center of the country the IP is issued to.
      Developers: That's a terrible...
      Project Manager: Just do it.
      Developers: Fine.

      • by mspohr ( 589790 )

        Reminds me of a medical software application I know of where if they didn't know the birthday, they would just enter January 1. Stupid. Stupid. Stupid. Garbage data.

      • by epine ( 68316 )

        It's clear from your dialog that the PM in question lives at the center of whatever country in which he/she currently resides. How could a smart developer have missed this?

        Project Manager: Just do it.
        Developer #1: Fine. I seem to recall you sent everyone xmas cards last year.
        Project Manager: I probably did. You'd be amazed at how much harder people will work for small tokens of personal significance rather than bankable remuneration.
        Developer #2: You haven't moved lately have you?
        Project Manager: No. Why

    • Like others have said, they should have made the "default location" the company's own headquarters.
      However, I suspect they get paid for providing locations, so a "default location" is fraud.
      If they don't have a location for an IP, they should just say "location unknown".

      • But they do have a location, they have the country. They provide that data, and they provide the lat/long for the country. Obviously a country is not a single point, and a lat/long is a single point, so maybe that's not the best representation of a country but the position is in fact inside the country. It's not fraud, it's end users not understanding the data that they're using.

  • How about just directing everyone to "1060 West Addison" in New York City?

    • I'd be more amused if you'd said Chicago since that's the correct address for Wrigley Field

      • by EvilSS ( 557649 )

        I'd be more amused if you'd said Chicago since that's the correct address for Wrigley Field

        Pretty sure this was just a clever ploy to out Cubs fans :)

        • by Zak3056 ( 69287 )

          Not just Cubs fans--the joke was in the Blues Brothers, so I've known the address of Wirgley Field since I was a kid, despite never having set foot in the greater Chicago metro outside of O'Hare or Midway.

      • I'd be more amused if you'd said Chicago since that's the correct address for Wrigley Field

        Yeah, chalk this one up to a brain cramp; I've no idea why I put NYC.

    • How about just directing everyone to "1060 West Addison" in New York City?

      I'd have thought the obvious default coordinates should be the official residence of the head of state.

  • Not a "glitch" (Score:5, Insightful)

    by Anonymous Coward on Monday April 11, 2016 @03:56PM (#51887183)

    This most assuredly was not a "glitch".

    It was a deliberate design decision on the part of the mapping company to portray the returned data as more accurate than it was. The reason this Kansas farm became a "digital hell" is because the company decided to use a defined point (which happened to be their front yard) to represent "USA, not otherwise specified". (Reason being that it was close to the center of the continental USA.) Similar types of approaches were taken for other entities. (IP addresses in Georgia that didn't have further county/city information got put at the geographic center of Georgia, etc.)

    That's not a "glitch" - that's a bone-headed design decision. A fundamental rule of data processing is that you shouldn't represent invalid values (or values with lowered precision) with valid values -- for this very reason. If you have invalid values and valid values which can both be the same value, if you get that value back, you don't know if it's valid or invalid. Sure, pick some value to represent "Somewhere in the USA, but no further information", but make sure it can't be confused with any valid value. Make sure it's incredibly obvious that the value isn't valid just from looking at it.

    If you can't do this (if all values of the variable might be valid), you have to use out-of-band information to specify things. e.g. Having an extra data field to specify the level of precision (country, state, county, city, block, etc.). "38N 97W" is much different from "38N 97W, plus or minus 1500 miles".

    • by gigne ( 990887 )

      " e.g. Having an extra data field to specify the level of precision (country, state, county, city, block, etc.). "38N 97W" is much different from "38N 97W, plus or minus 1500 miles".

      Their API has a field for that. It's an enum that defines precision.. The datum for US is algorithmical centre of the US. Unfortunate for the farm. Maxmind should probably move it.

      What you can't really forgive is application developers that ignore this field in their implementation or otherwise not displaying dp/sf info to the

  • Reminds me of that time when some slashdotters found Ralsky's physical addy and signed him up for everything imaginable... the post office had to give him his own zipcode among other things.

  • by rfengr ( 910026 ) on Monday April 11, 2016 @04:06PM (#51887241)
    An hour from Wichita is not Northern Kansas, rather southern.
  • by jklovanc ( 1603149 ) on Monday April 11, 2016 @04:13PM (#51887281)

    It sounds like a story about a digital altimeter on a new ground attack aircraft. The programmer was trying to figure out what to display in case of a malfunction. He asked a pilot what altitude they normally flew at. He stated '2,000 ft" and that is what the programmer displayed. There was a warning on the aircraft that if the altimeter said "2,000ft for more than 5 second to pull up. It was fixed in the next install. Why he didn't just display all 9's no one knows.

    In this case 0 degrees lat and 0 degrees lon would have been much better. That is an obvious incorrect location.

  • At first, I thought that said "Internet Fapping Glitch Turned a Random Kansas Farm Into a Digital Hell".

    That would have been a different kind of story.

  • Is there a coordinate system with a value that represents, say, the radius of accuracy of the point coordinates?

    It seems like that would be useful for an application like this or anything else where you want to report a center but should also report the potential error value.

  • People with the phone number 867-5309 has similar problems when that song came out.

    • Re: (Score:3, Informative)

      by orion205 ( 1130561 )

      People with the phone number 867-5309 has similar problems when that song came out.

      That's probably true, but at least it was a little easier to get a new phone number than to change the lat/lon coordinates of your farm...

      • by Zak3056 ( 69287 )

        The amusing part is that 867-5309 is an oft-requested vanity number. The even more amusing part is that the people requesting it often change it soon after.

  • Why hasn't Google blurred or removed this persons' farm from their maps? Oh and by the way the more this story is circulated the more idiots will go and harass this person in Kansas. If anything and anyone has a 'right to be forgotten' on the Internet, it's this poor 85 year old woman in Kansas.
    • by dgatwood ( 11270 )

      Why hasn't Google blurred or removed this persons' farm from their maps? Oh and by the way the more this story is circulated the more idiots will go and harass this person in Kansas. If anything and anyone has a 'right to be forgotten' on the Internet, it's this poor 85 year old woman in Kansas.

      It would probably be sufficient to have map text that says "Exact center of the United States". That would raise enough eyebrows every time anybody sees it to make most people realize that their data is probably wro

      • but it's not the exact center b/c the mapping company rounded.
        Text should read:
        This is the default location for all IP lookups and is... not the location you are looking for.

    • Why hasn't Google blurred or removed this persons' farm from their maps?

      Everybody is trying to get there! Why would they remove it? it's like removing a landmark because too many people are trying to get there!

    • Why hasn't Google blurred or removed this persons' farm from their maps? Oh and by the way the more this story is circulated the more idiots will go and harass this person in Kansas. If anything and anyone has a 'right to be forgotten' on the Internet, it's this poor 85 year old woman in Kansas.

      Becase the right to be forgotten was something ruled in the EU, and the US is not a member of the EU. For some reason people keep dredging that up, and while a service may offer to do it for her out of good will, Google has absolutly no other reason to do so. And if I may, many of the people who make the most noise about it aren't affected by it either.

      That being said, my sentiments are with yours exactly - why the business didn't check first if they were putting the marker on somebody's property is stup

    • If anything and anyone has a 'right to be forgotten' on the Internet, it's this poor 85 year old woman in Kansas.

      Seriously! The poor woman has gained 3 years just since I read the article!

  • by netsavior ( 627338 ) on Monday April 11, 2016 @04:37PM (#51887443)
    I used to build/maintain software that predicted Flooding risk for potential home loans as part of the pre-funding process.

    Long story short, one of the vendors of data we used did a stupid trick like this. If they couldn't find the address, it returned a "zip centroid" (middle of the zip code), And if the entire zipcode had no flooding risk, it would go ahead and "clear" the property. The problem was when it got worse than a Zip code match, it would think it got a zip centroid match in the middle of Kansas (probably this lady's farm actually!)... clearing the property of flood risk.

    It was the vendor's mistake and they would have been liable, but it was BS and easy to detect once I ran some statistical analysis on it.

    It really screwed with people's lives though... they get a home loan knowing they won't need to pay 2-4 grand a year in flood insurance, then once we audited the vendor data, or their home finally showed up on a map, they would be required to get insurance.
  • Now that I've made MaxMind aware of the consequences of the default locations it's chosen, Mather says they're going to change them. They are picking new default locations for the U.S. and Ashburn, Virginia that are in the middle of bodies of water, rather than people's homes.

  • Potwin is only about 20 miles outside of Wichita which is in Southeast Kansas.

    I guess we're supposed to be content there wasn't also yet another fucking Wizard of Oz reference.
  • If you aren't doing anything wrong, you have nothing to worry about...
  • Could a class-action suit be opened? I'm pretty sure everybody that was harassed/doxxed, and the property owners themselves deserve some sort of justice for the bullshit they endured.

"There... I've run rings 'round you logically" -- Monty Python's Flying Circus

Working...