Internet Mapping Glitch Turned a Random Kansas Farm Into a Digital Hell (fusion.net) 195
An anonymous reader writes: Back in 2002, a company called MaxMind had an idea: Gather up as many unique computer or smartphone IP addresses as they can, match them to a map, and sell that data to advertisers. The problem is that MaxMind's tech has made life miserable for a handful of homes across the US -- especially one otherwise unnoteworthy northern Kansas farm. The farm's 82-year-old owner, Joyce Taylor, and her tenants have been subject to numerous FBI visits, IRS collectors, ambulances, threats, and the release of private information online. They've found people rummaging in the farm's barn and one person even left a broken toilet for some reason. People would even post her details online and encourage others to get in on the harassment, she said. The local sheriff even had to put a sign on her driveway, telling trespassers to stay away and contact him first if there are any questions. What's her mistake? MaxMind thought that if its tech couldn't tell where, exactly, in the United States, an IP address was located, it would instead return a default set of coordinates very near the geographic center of the country -- coordinates that happen to coincide with Taylor's front yard. The abuse began in 2011. A quick online search for the farm's address brings up pages of forum posts reporting the "scam farm."
"Glitch" (Score:5, Insightful)
The glitch is in your brains for geolocating anything deeper than the local ISP's router.
Re: (Score:3)
By the time anyone had figured out the information was low quality, the scammers had cashed the checks and their tent was folded up and on the way to the next scheme.
I'm sorry for what happened to these Kansans, but three cheers for a lesson to businesses that would buy personal information from a trafficker getting a steaming pile worthless info instead.
Re:"Glitch" (Score:5, Interesting)
By the time anyone had figured out the information was low quality, the scammers had cashed the checks and their tent was folded up and on the way to the next scheme.
Except MaxMind is still very much in business and still selling the data, I run into their name fairly often. They've agreed to relocate the ZIP code centers of Powtin KS and Ashburn VA within their dataset to be in the middle of local lakes, but that doesn't help the other 40,000+ ZIP codes out there.
What's more troubling to me is that police, the FBI, and the US Marshals are apparently using this data to get search warrants and to raid peoples' homes! Shouldn't they be subpoenaing the ISP?
Re: (Score:3, Interesting)
They are, and the ISP are using MaxMind to tell them were the IP address was physically located!
MaxMind has disclaimers on their data sets saying they're only good down to the local city or zip code but people are taking them to be exact location. I've never used their service so I can't say how visible those disclaimers are. I'm not sure which part is more to blame.
I also don't know why all the people affected by this can't sue and get tons of money from everybody.
Re:"Glitch" (Score:5, Insightful)
What's more troubling to me is that police, the FBI, and the US Marshals are apparently using this data to get search warrants and to raid peoples' homes! Shouldn't they be subpoenaing the ISP?
No, they should be hauled into court for being so amazingly irresponsible. People have an absolutely crazy idea that geo-IP location is completely correct. It is not. I've been using MaxMind data for years and have always borne in mind what they say about their accuracy. Hint: is is *never* near 100%. They can be fairly good at putting you in the right state and even the right city, but you should take the ZIP-code information, let alone latitude and longitude, with a big grain of salt.
When a lookup into their dataset fails to return a city, that means that IT CANNOT LOCATE THE CITY and that the latitude and longitude information are worthless. If you've been using that dataset for any time, you'd know that.
Remember also that there are lots of people using VPN's, cellular networks, satellite carriers, or TOR. MaxMind's service is useful, but is far from infallable.
Here are two results. 1) law-enforcement agencies should *NEVER* use the geo-IP location data to get to a street address or exact GPS coordinates. If they need to know, they can use an AS lookup (also available as a MaxMind database) and then ask the ISP. 2) Geo-IP is not nearly reliable enough to use for collecting sales tax (the whole discussion of the nexus of a sale is a whole 'nother topic).
The fault is not MaxMind's. They advert to their accuracy: "99.8% accurate on a country level, 90% accurate on a state level, 81% accurate on a city level for the US within a 50 kilometer radius". Only eighty-one percent! The law-enforcement people who are raiding people's houses on the basis on this data should face prosecution!
Re: (Score:2)
They've agreed to relocate the ZIP code centers of Powtin KS and Ashburn VA within their dataset to be in the middle of local lakes,
Tonight in the news- entire SWAT team drowns!
Re: (Score:2)
This is probably not a bad idea. If they are only accurate to the nearest 50km anyways then map each zipcode to the nearest post office because even if they only return 2 decimal places some people will still assume that it's an exact match.
Bullshit (Score:5, Informative)
"“Until you reached out to us, we were unaware that there were issues with how we selected these lat/lons,”"
Bullshit.
Re:Bullshit (Score:5, Insightful)
You couldn't make this up. Their defence is "we are so dumb we didn't think of this obvious flaw or pick it up in testing, but incompetence at our core business is better than malice right?"
Re: (Score:2)
... or, IDK, listen to the complaints from the hundreds/thousands of customers who have pointed out their ~600million lies.
I've known about this for years. You cannot trust their geo data. It will never return an "I. Don't. F'ing. Know." Every IP you ask about, it WILL give you a location.
Re:Bullshit (Score:4, Interesting)
"“Until you reached out to us, we were unaware that there were issues with how we selected these lat/lons,”"
Bullshit.
To be fair, these are people who are running a database company but don't understand the basic concept of NULL values. And now their "fix" is to change the defaults to a more obvious wrong location.
Sigh.
Re: (Score:3)
likely now they have to give a location or will break services that assume no token for "not found". Since most of the trouble is caused by criminal complaints... 1600 Pennsylvania ave should work (or even better, whatever the address for congress is).
Realistically they should return 0.0 0.0, a nice point in the ocean.
-nbr
Re: (Score:2)
What's wrong with NaN? Having a value in the range of valid data is not the right way to indicate 'value not found'.
Re: (Score:2)
The problem is that NaN obfuscates part of the real answer. i.e. they know the location is somewhere in the USA, they just don't know exactly where. This isn't "value not found" it's "value narrowed down, but can't pin point it exactly on a map".
How do you best represent that with GPS data if the GPS data can't incorporate an accuracy field?
Re: (Score:2)
Well one solution would be to create a table of values outside the allowed range but that will still fit inside the data type used for storage.
181W - 91N == Somewhere in the Continental US ...
182W - 91N == Somewhere in mainland Canada
183W - 91N == Somewhere in Alaska
Re: (Score:2)
How do you best represent that with GPS data if the GPS data can't incorporate an accuracy field?
Return two results.
R1: lat+inaccuracy, lat+inaccuracy
R2: lat-inaccuracy, lat-inaccuracy
If displayed as a shaded area, that could show a rectangular (depending on your projection method) result that includes all of Kansas.
That would be helpful on a smaller scale too - if you know the IP is in a neighborhood, the result would indicate that instead of pointing to a particular house which it almost certainly isn't.
Re: (Score:2)
It's not GPS thing, It's your IP address you got via a DHCP server at the ISP's datacenter is usually kinda-sorta assigned somewhere arround, when their is no full moon +- 100Km of this coordinates to 5 decimal places thing. I'm impressed they get the city right more than 50% of the time.
Re: (Score:2)
No this is a GPS thing. The database in question gives a GPS location to the IP address with an error scale. This error scale could be a city, a state or a country. But if the client only reads the actual GPS coordinates what are you to do?
Re: (Score:2)
Client is the restriction. The database in question already returns an uncertainty but the clients do not take that into consideration as it is. So to my question, this is caused by clients who read 2 GPS values and ignores a wealth of other information in the database. So do you just throw a complete error if you're not 100% certain of the address or do you give them the GPS co-ordinates to somewhere in the USA?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: Bullshit (Score:2)
But its not wrong location. Its the coords for the country.
Re: (Score:2)
Oh they understand the concept of NULL values, but the value isn't NULL. They know part of the location but at a low resolution. My guess is their database, or more specifically the front end of many thousands of products don't take into account of "nearly NULL" as a suitable location.
Now I'm keen to know how you propose to reply to a query for a location when you know it's somewhere in Canada but you don't know the exact location of the router, but the client only accepts a latitude and longitude field.
Ded
Re: (Score:2)
Oh they understand the concept of NULL values, but the value isn't NULL. They know part of the location but at a low resolution.
ARIN can get you to the country level. The data here is NULL because they don't know where it is. The closest they can get is "USA", but, again, I can get that information elsewhere. For this particular dataset the appropriate value is NULL.
Re: (Score:2)
Magnified stupidity (Score:5, Insightful)
Project Manager: Sounds good to me!
Later...
A moron sysadmin: I'm getting tons of inbound spam traffic coming from this farmhouse in the middle of Kansas that has curiously rounded coordinates! They must be the culprit, clearly this IP GIS lookup has 5 digits of precision on lat/long!
Lots of stupidity to go around here
Re: Magnified stupidity (Score:5, Funny)
They should have located it at some high security base, so that people with too much time on their hands would no longer be a public nuisance
Re: Magnified stupidity (Score:4, Insightful)
They should have located it at some high security base, so that people with too much time on their hands would no longer be a public nuisance
Here's the dilemma: Do we send them to Area 51, or Guantanamo Bay?
Re: (Score:3)
Here's the dilemma: Do we send them to Area 51, or Guantanamo Bay?
Neither; Fort Meade, Maryland.
Re: (Score:2)
Re: (Score:2, Funny)
Too hard to get to. They should set it to 1060 West Addison Street, Chicago.
Re: Magnified stupidity (Score:5, Funny)
Re:Magnified stupidity (Score:5, Insightful)
Even worse, they claim it's only good to the city/county level, in which case why are you returning exact GPS style coordinates?! People assume when you have exact coordinates, they're, well, exact.
At least report an uncertainty circle in your result at the very minimum. If you're not sure, make it stupidly large, like the country or the earth, or the solar system.
Though what you should do is simple - just return the zip code. You can convert zip codes to the approximate area quite easily, but they don't result in houses. Or just return it as city and state, since that's the resolution you're dealing with.
Really, a huge sigfig problem.
Re: (Score:2)
Re: (Score:2)
You can convert zip codes to the approximate area quite easily
[citation needed]
Re:Magnified stupidity (Score:5, Funny)
2030, somewhere off the west coast of Africa there's a graveyard. A graveyard for broken drone ships, and the occasional long range drone aircraft. Fragments of wing and the odd tyre float between listing hulls, batteries and fuel long since depleted.
Well, not just "somewhere", GPS coordinates 0,0.
Re: (Score:3)
Well, not just "somewhere", GPS coordinates 0,0.
... zero, destruct, zero.
Re:Magnified stupidity (Score:5, Informative)
We use the MaxMind database. Lat/Long is not the only information stored in their databases. For instance, it also contains a column that indicates whether the record found is considered accurate to the level of, for instance, a city, a state or an entire country. These records centered on the farm are all clearly marked for "country" (which is why they point to the center of the country in the first place). The problem here isn't the database, it's people using a fraction of the database without understanding what the information actually means.
Re: (Score:2)
The problem here isn't the database, it's people using a fraction of the database without understanding what the information actually means.
Oh, c'mon, that's just a blame-the-victim cop-out. Sure they can attempt to deflect blame by claiming that the masses, who are at least two degrees removed from the vendor, are supposed to somehow just know that the exact-seeming location really isn't. I'll bet you'd be singing a different tune if the GPS were centered on your driveway.
Re: (Score:2)
The problem here isn't the database, it's people using a fraction of the database without understanding what the information actually means.
Well, that explains the aforementioned repeat visits from the FBI, anyway...
Re: (Score:2)
More like:
Developers: Hey, what should we do if we can't resolve an IP? We're thinking throw back a detailed error message of the reason.
Project Manager: No, we want to give as much information as we can, then we can claim to resolve any IP, which adds value for our customers. Just return the coordinates of the center of the country the IP is issued to.
Developers: That's a terrible...
Project Manager: Just do it.
Developers: Fine.
Re: (Score:2)
Reminds me of a medical software application I know of where if they didn't know the birthday, they would just enter January 1. Stupid. Stupid. Stupid. Garbage data.
Re: (Score:2)
It's clear from your dialog that the PM in question lives at the center of whatever country in which he/she currently resides. How could a smart developer have missed this?
Project Manager: Just do it.
Developer #1: Fine. I seem to recall you sent everyone xmas cards last year.
Project Manager: I probably did. You'd be amazed at how much harder people will work for small tokens of personal significance rather than bankable remuneration.
Developer #2: You haven't moved lately have you?
Project Manager: No. Why
Re: (Score:2)
Like others have said, they should have made the "default location" the company's own headquarters.
However, I suspect they get paid for providing locations, so a "default location" is fraud.
If they don't have a location for an IP, they should just say "location unknown".
Re: (Score:2)
But they do have a location, they have the country. They provide that data, and they provide the lat/long for the country. Obviously a country is not a single point, and a lat/long is a single point, so maybe that's not the best representation of a country but the position is in fact inside the country. It's not fraud, it's end users not understanding the data that they're using.
Re:Magnified stupidity (Score:5, Insightful)
He's the kind of developer that turns globals on and writes everything in PHP 3, who puts in a hardcoded root password of "1234" for testing, and then forgets to take it out before the software goes production. He's the kind of developer that captures all exceptions and errors in one big exception method that pukes out "An unexpected error occurred". He's the kind of developer that still writes Flash-based scripts, insisting "They're still cutting edge, man!"
He's the kind of developer that ends up as head of his department, and will be CTO within two years.
Re:Magnified stupidity (Score:5, Funny)
He's the most interesting developer in the world.
Re:Magnified stupidity (Score:5, Funny)
Stay on call, my friends...
Re: (Score:2)
It's a scavenging birds of prey, it's an airplane crash, no it's... supermanager
Re: (Score:2)
He's the type of developer that gets replaced by an H1B and then complains about it on Slashdot.
Or hits 50 and can't find a job so he blames ageism.
Re: (Score:3)
Exactly. One that periodically shows up on our DFS file servers:
Index : 170203
EntryType : Information
InstanceId : 1073756378
Message : The description for Event ID '1073756378' in Source 'DfsSvc' cannot be found. The local computer
may not have the necessary registry information or message DLL files to display the message, or
you may not have permission to access them. The following information is part of the e
Re:Magnified stupidity (Score:4, Informative)
Rounding in a GPS location can move the address by 30+ miles. So, while rounding is done all the time, doing so in this case would be dangerously irresponsible.
Re: (Score:2)
Rounding to the nearest degree can result in an error of very nearly 100 statute miles (157 km). You can round to things other than the nearest whole degree, of course.
Re: (Score:2)
Correction, 50 statute miles, 78 km. Forgot to divide by 2.
Re: (Score:2)
Rounding to the nearest degree can result in an error of very nearly 100 statute miles (157 km). You can round to things other than the nearest whole degree, of course.
Indeed, you can. If you read TFA, however, you will find that in this case they did not. They rounded to the nearest whole degree in both directions.
And even a second of latitude us enough to put you off by two or more street numbers in most urban areas.
Dangerously irresponsible.
Re: (Score:2)
Uh, no. The problem was that they used a default location for IPs they didn't know. Yes, they did round that location to the nearest degree, but that wasn't the problem.
Re: (Score:2)
Re: (Score:2)
Yes, but that's not the answer to the question.
The worst case scenario is when you round x.5, y.5 to the nearest degree. A degree of latitude is 60 nm or about 111 km. A degree of longitude on the equator is also 60 nm, zero at the poles, and somewhere in between everywhere else. So we'll use the equator as worst case.
If you have to round both latitude and longitude by half a degree you'll be off by about sqrt(60**2+60**2) / 2 = 42 nm or 78 km.
Re: (Score:2)
An nm is a nanometer, not a nautical mile. Being only 42 nanometers off would be pretty good.
Re: Magnified stupidity (Score:2)
Well that is the problem with using an inconstant refference value. The earth is still bulging meaning even the straight through the core line version of that measure is changing. Very slowly but still.
Re: (Score:2)
Obviously you don't work in Climatology, they learn how to interpolate a mercury thermometer to 3 decimal places.
How about (Score:2)
How about just directing everyone to "1060 West Addison" in New York City?
Re: (Score:2)
I'd be more amused if you'd said Chicago since that's the correct address for Wrigley Field
Re: (Score:3)
I'd be more amused if you'd said Chicago since that's the correct address for Wrigley Field
Pretty sure this was just a clever ploy to out Cubs fans :)
Re: (Score:3)
Not just Cubs fans--the joke was in the Blues Brothers, so I've known the address of Wirgley Field since I was a kid, despite never having set foot in the greater Chicago metro outside of O'Hare or Midway.
Re: (Score:2)
I'd be more amused if you'd said Chicago since that's the correct address for Wrigley Field
Yeah, chalk this one up to a brain cramp; I've no idea why I put NYC.
Re: (Score:2)
How about just directing everyone to "1060 West Addison" in New York City?
I'd have thought the obvious default coordinates should be the official residence of the head of state.
Not a "glitch" (Score:5, Insightful)
This most assuredly was not a "glitch".
It was a deliberate design decision on the part of the mapping company to portray the returned data as more accurate than it was. The reason this Kansas farm became a "digital hell" is because the company decided to use a defined point (which happened to be their front yard) to represent "USA, not otherwise specified". (Reason being that it was close to the center of the continental USA.) Similar types of approaches were taken for other entities. (IP addresses in Georgia that didn't have further county/city information got put at the geographic center of Georgia, etc.)
That's not a "glitch" - that's a bone-headed design decision. A fundamental rule of data processing is that you shouldn't represent invalid values (or values with lowered precision) with valid values -- for this very reason. If you have invalid values and valid values which can both be the same value, if you get that value back, you don't know if it's valid or invalid. Sure, pick some value to represent "Somewhere in the USA, but no further information", but make sure it can't be confused with any valid value. Make sure it's incredibly obvious that the value isn't valid just from looking at it.
If you can't do this (if all values of the variable might be valid), you have to use out-of-band information to specify things. e.g. Having an extra data field to specify the level of precision (country, state, county, city, block, etc.). "38N 97W" is much different from "38N 97W, plus or minus 1500 miles".
Re: (Score:3)
" e.g. Having an extra data field to specify the level of precision (country, state, county, city, block, etc.). "38N 97W" is much different from "38N 97W, plus or minus 1500 miles".
Their API has a field for that. It's an enum that defines precision.. The datum for US is algorithmical centre of the US. Unfortunate for the farm. Maxmind should probably move it.
What you can't really forgive is application developers that ignore this field in their implementation or otherwise not displaying dp/sf info to the
reverse Ralsky (Score:2)
Reminds me of that time when some slashdotters found Ralsky's physical addy and signed him up for everything imaginable... the post office had to give him his own zipcode among other things.
Northern KS (Score:3)
That really depends... (Score:5, Insightful)
Re: (Score:2)
or if your riding a bicycle in a tornado
Default Gone Wrong. (Score:3)
It sounds like a story about a digital altimeter on a new ground attack aircraft. The programmer was trying to figure out what to display in case of a malfunction. He asked a pilot what altitude they normally flew at. He stated '2,000 ft" and that is what the programmer displayed. There was a warning on the aircraft that if the altimeter said "2,000ft for more than 5 second to pull up. It was fixed in the next install. Why he didn't just display all 9's no one knows.
In this case 0 degrees lat and 0 degrees lon would have been much better. That is an obvious incorrect location.
Re: (Score:2)
There are places on earth where an airplane can be flown at or below sea level, so 00000 would not be safe either.
sPh
Re: (Score:2)
Wouldn't it be even clearer there is a malfunction by displaying... nothing?
Misread title (Score:2)
At first, I thought that said "Internet Fapping Glitch Turned a Random Kansas Farm Into a Digital Hell".
That would have been a different kind of story.
Is there an "approximate" coordinate system? (Score:2)
Is there a coordinate system with a value that represents, say, the radius of accuracy of the point coordinates?
It seems like that would be useful for an application like this or anything else where you want to report a center but should also report the potential error value.
"Jenny Jenny..." (Score:2)
People with the phone number 867-5309 has similar problems when that song came out.
Re: (Score:3, Informative)
People with the phone number 867-5309 has similar problems when that song came out.
That's probably true, but at least it was a little easier to get a new phone number than to change the lat/lon coordinates of your farm...
Re: (Score:2)
The amusing part is that 867-5309 is an oft-requested vanity number. The even more amusing part is that the people requesting it often change it soon after.
The abuse continues: Shows up on Google Earth/maps (Score:2)
Re: (Score:2)
It would probably be sufficient to have map text that says "Exact center of the United States". That would raise enough eyebrows every time anybody sees it to make most people realize that their data is probably wro
Re: (Score:2)
but it's not the exact center b/c the mapping company rounded.
Text should read:
This is the default location for all IP lookups and is... not the location you are looking for.
Re: (Score:2)
Why hasn't Google blurred or removed this persons' farm from their maps?
Everybody is trying to get there! Why would they remove it? it's like removing a landmark because too many people are trying to get there!
Re: (Score:3)
Why hasn't Google blurred or removed this persons' farm from their maps? Oh and by the way the more this story is circulated the more idiots will go and harass this person in Kansas. If anything and anyone has a 'right to be forgotten' on the Internet, it's this poor 85 year old woman in Kansas.
Becase the right to be forgotten was something ruled in the EU, and the US is not a member of the EU. For some reason people keep dredging that up, and while a service may offer to do it for her out of good will, Google has absolutly no other reason to do so. And if I may, many of the people who make the most noise about it aren't affected by it either.
That being said, my sentiments are with yours exactly - why the business didn't check first if they were putting the marker on somebody's property is stup
Re: (Score:2)
If anything and anyone has a 'right to be forgotten' on the Internet, it's this poor 85 year old woman in Kansas.
Seriously! The poor woman has gained 3 years just since I read the article!
Squashed a similar bug for a bank once (Score:5, Interesting)
Long story short, one of the vendors of data we used did a stupid trick like this. If they couldn't find the address, it returned a "zip centroid" (middle of the zip code), And if the entire zipcode had no flooding risk, it would go ahead and "clear" the property. The problem was when it got worse than a Zip code match, it would think it got a zip centroid match in the middle of Kansas (probably this lady's farm actually!)... clearing the property of flood risk.
It was the vendor's mistake and they would have been liable, but it was BS and easy to detect once I ran some statistical analysis on it.
It really screwed with people's lives though... they get a home loan knowing they won't need to pay 2-4 grand a year in flood insurance, then once we audited the vendor data, or their home finally showed up on a map, they would be required to get insurance.
Upcoming increase in drowning cases (Score:2)
Now that I've made MaxMind aware of the consequences of the default locations it's chosen, Mather says they're going to change them. They are picking new default locations for the U.S. and Ashburn, Virginia that are in the middle of bodies of water, rather than people's homes.
Fly-over generalization (Score:2)
I guess we're supposed to be content there wasn't also yet another fucking Wizard of Oz reference.
Well Mr. Farmer (Score:2)
Law suit? (Score:2)
Re: (Score:3)
At best. This is an inch of intent away from deliberate misinformation. Malice. That's with benefit of the doubt.
Re: (Score:3)
Re: (Score:3)
Re: (Score:3)
Until they are bankrupt, and their product lives on.
They should be able to go after ANYONE using that database(s).
Re: (Score:2)
Maybe because the middle of the ocean or the top of Mt. Everest are not inside the US. I'm not a geographer or anything, but I'm pretty sure that's true. When they are trying to refer to the US, why would they point at Mt. Everest? I realize that Americans like to think that this is our planet, but I think the Nepalese and Tibetans would take offense at that.
Re: (Score:2)
MaxMind is a spam facilitation company. Their whole business is victimizing people.
The whole point of capitalism is pocketing the profits while forcing other people to pay the costs.
Re: (Score:2)
This is exactly what I was thinking. Fuck these people. Going around collecting and exposing people's private data in the first place....then this? Fuck them twice.
I hope this guy drains their company of every fucking cent it ever dreamed of making into the future.