From Newsgroup: sci.geo.satellite-nav

*How did Malibu Media 100% determine GPS LOCATION of an IP address*
*WITHOUT contacting the ISP*?

<https://www.csoonline.com/article/546518/ip-address-does-not-identify-a-person-judge-tells-copyright-troll-in-bittorrent-ca.html>

A discussion today on the phone ngs was about copyright infringement and I
went to look up the fact nobody has ever been successful in a US court case
for torrenting suits - when I ran into this (unsuccessful as usual) case by
the infamous Malibu Media (whose lawyers were previously disbarred).

The question I'm asking isn't about the merits of that case itself.

It's only about the software they used to geolocate to an address using
only the IP address and _not_ by contacting the ISP to get that address.

How does "Maxmind" software accurately trace IP addresses 100% of the time?
<https://ia801002.us.archive.org/29/items/gov.uscourts.flsd.429757/gov.uscourts.flsd.429757.10.0.pdf>
"Maxmind geolocation technology which traced Defendant to a location
in Miami, FL has always been 100% accurate"

How do they 100% geolocate an IP address alone to your unique address? (assuming borders aren't nearby and noting they correlated neighbors)
--
The whole point of Usenet is to find people who know more than you do.
And to contribute to the overall tribal knowledge value of the newsgroup.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

"wally",

It's only about the software they used to geolocate to an address
using only the IP address and _not_ by contacting the ISP to get
that address.

...

How do they 100% geolocate an IP address alone to your unique address?

Do not believe the claims a companies sales department makes. After all,
they are trying to sell a product (either the software or its results).

The answer to your question ? By accessing the database which stores such IP-to-user "translations", which an ISP is legally required to upload its
own log in that regard to.

And no, your "unique address" doesn't exist. There is something called "dynamic IP adresses". But using the thanwhile IP *plus* time of access a user can again be uniquely identified.

... unless you go thru some VPN or similar server thats located outside of a countries legal reach (and doesn't upload its logs). Which ofcourse
/should/ make a dent in their "100%" claim. But I'm sure their sales department has got some "thats outside our intended scope" excuse for that.

The whole point of Usenet is to find people who know more than you do.

And you do not seem to have much of any problem with that. Than again, although "common sense" is said to be common, it often isn't. :-)

And to contribute to the overall tribal knowledge value of the newsgroup.

Bullshit. The only reason I want to talk to someone who knows more about something than I do is to get my problem solved (or just learn something).
Any benefit others might get from my conversation with that other person is purely coincidental (not that I mind if it happens though).

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

Wally J wrote:

*How did Malibu Media 100% determine GPS LOCATION of an IP address*
*WITHOUT contacting the ISP*?

<https://www.csoonline.com/article/546518/ip-address-does-not-identify-a-person-judge-tells-copyright-troll-in-bittorrent-ca.html>

The only mention of GPS in that article and the linked PDF is as a
source of accurate time.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

"R.Wieser" <address@is.invalid> wrote

| > How do they 100% geolocate an IP address alone to your unique address?
|
| Do not believe the claims a companies sales department makes. After all,
| they are trying to sell a product (either the software or its results).
|
| The answer to your question ? By accessing the database which stores such
| IP-to-user "translations", which an ISP is legally required to upload its
| own log in that regard to.
|

I use a free database from MaxMind to process my server logs.
It gets location within a few miles. Getting more accurate costs.
But even Google only gets within miles. If they're getting an exact
address that's just datamining of personal information.

I'm curious. What do you know about ISPs uploading logs? I've
never heard of that. Is that a Dutch law? IP range assignments are
public knowledge, but I've never heard of any law requiring ISPs
to share their traffic data.



--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

Newyana2,

I'm curious. What do you know about ISPs uploading logs?

Very little I'm afraid. I just remember that it was (American) news a
number of years ago (after 9/11) - to be able to track what "terrorists"
where doing.

but I've never heard of any law requiring ISPs
to share their traffic data.

Not full traffic, just who assigned a particular IP and what IPs it connects to. But yes, here in Europe the IPSs by law have to keep such info
available for ... 5 years IIRC.

Some links, talking about such retention laws at least 10 years ago :

https://security.stackexchange.com/questions/17279/what-are-the-laws-regarding-isp-recording-ip-addresses-how-would-they-know-who

https://www.pcworld.com/article/477233/faq_will_your_isp_protect_your_privacy_.html

(England) https://www.cnet.com/news/privacy/police-internet-providers-must-keep-user-logs/

A more recent question about it in regard to GDPR (Europe) :

https://law.stackexchange.com/questions/28603/how-to-satisfy-gdprs-consent-requirement-for-ip-logging


This year :

https://www.privacyend.com/mandatory-data-retention/

https://www.cyberghostvpn.com/en_US/privacyhub/global-data-retention-laws/

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

"R.Wieser" <address@is.invalid> wrote

|
| This year :
|
| https://www.privacyend.com/mandatory-data-retention/
|
| https://www.cyberghostvpn.com/en_US/privacyhub/global-data-retention-laws/
|

Thanks. I didn't know about that. The pattern seems to be
that most countries are very intrusive, but many of the laws
have been challenged. While in the US there's no law but all
the big spyware companies are happy to sell/share the data.

I've never heard of ISPs giving out logs, but it's possible.
I have heard of law enforcement using phone records, but
they don't usually talk about details. For example, a murder
suspect in Idaho was found to have had his cellphome near
the murder location several times before the murder. Interestingly,
his cellphone was turned off for a couple of hours when the
murder happened. People still don't get that they're being
tracked on cellphones. This suspect apparently thought to
turn off his phone during the murder but never thought about
how his movements could be tracked leading up to the
murder.

If someone is identified down to street address from their
home IP I'd guess that's browser location data, not IP. On the
other hand, who knows what Wally's ever talking about.


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

"R.Wieser" <address@is.invalid> wrote

The answer to your question ? By accessing the database which stores such IP-to-user "translations", which an ISP is legally required to upload its own log in that regard to.

Hi Rudy,

Thanks for trying to help explain how geolocation is 100% accurate to a
single address in the United States _without_ contacting the ISP for data.

The PDF explicitly says they did _not_ contact the ISP so those logs you
speak of are completely immaterial as the PDF is clear they never used any.

"In the event the Court is still not convinced that Plaintiff has
properly established venue, Plaintiff respectfully requests the Court
allow it to subpoena the ISP with the subpoena response being returnable
to your Honoros chambers. If the Defendant's address is insufficient to
establish venue then Plaintiff's suit will be dismissed."
<https://ia801002.us.archive.org/29/items/gov.uscourts.flsd.429757/gov.uscourts.flsd.429757.10.0.pdf>

Note very clearly they *never contacted the ISP* to get the guy's address.
They used a _different_ database to get his 100% unique GPS location, Rudy.

There is no question they obtained the guy's exact unique 100% geolocation down to his residence using a Maxmind(R) Premium IP geolocation database.

The question here, for people who know more than I, is how Maxmind does it.
--
One perennial problem I have is _finding_ someone who knows more than I do, which isn't because they don't exist - they do - but I have to find them.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

Newyana2 <Newyana2@invalid.nospam> wrote

People still don't get that they're being
tracked on cellphones. This suspect apparently thought to
turn off his phone during the murder but never thought about
how his movements could be tracked leading up to the
murder.

Hi Mayayana,

You're correct about that case as I read all these court case PDFs intently
to figure out _how_ they track people down to their exact location.

In the Bryan Kohberger November 2022 murders, they only had cell-tower overlapping circles of where the phone was being driving around that night.

However, they had his phone number from a previous traffic stop the prior August which is where they started their AT&T-tower venn-diagram overlaps.

"Kohberger provided his phone number as 509-592-8458, hereafter the
"8458 Phone as his cellular telephone number. Investigators conducted
electronic database queries and learned that the 8458 Phone is a
number issued by AT&T."
<https://www.documentcloud.org/documents/23577650-kohberger-warrant>

Here is a shocking court case where the defendant's red iPhone tracked him
not visiting the remote murder site twice in the same dozen hours.
<https://www.njherald.com/story/news/politics/courts/2023/05/26/hayden-harris-army-corporal-murder-trial-xo-testifies/70256187007/>

All this was before the body was found by the authorities so only he knew
where the body was, and they tracked him over hundreds of miles in a twelve hour period watching his phone from Pennsylvania to New York to New Jersey, looping around the murder site (because he got lost on the second time
around) and then stopping twice within a dozen hours at the murder site).

They even knew every Wi-Fi access point the murderer passed that night.

If someone is identified down to street address from their
home IP I'd guess that's browser location data, not IP.

Hi Mayayana,

The question is _how_ they did it so that "may" be how they did it,
although all we have, so far, is they used the Maxmind payware database.

<https://ia801002.us.archive.org/29/items/gov.uscourts.flsd.429757/gov.uscourts.flsd.429757.10.0.pdf>
"...each IP Address present within the abovementioned forensic data is
automatically referenced against Maxmind(R) Premium's IP geolocation
database (1)"

(1)"As an example of how the process works, www.maxmind.com/en/geoip_demo
provides a way for anyone to test the database which Plaintiff uses.
Here, Plaintiff inputted Defendant's IP address and received the same
information it originally received from Maxmind. See Exhibit B"

We also know that they only pick the big ISPs, as they explicitly say
"Plaintiff only forms its suits against defendants that have reputable
Internet Service Providers (ISPs), such as here, AT&T, which from
Plaintiff's experience have consistently traced to the city location
provided by Maxmind."

They say it works 100% of the time to find the precise GPS location.
"Plaintiff's Maxmind geolocation technology which traced Defendant
to a location in Miami, FL has always been 100% accurate when traced
to the Southern District of Florida. The proof that the technology
works is that it has always worked previously."

The important question, for privacy reasons, is we must know _how_ the
Maxmind company is able to determine, 100%, our physical address.
<https://www.maxmind.com/en/home>

If we don't know _how_ they track our IP address to our homes, 100% of the time, then we can't implement any measures to prevent them from doing that.
--
Posting to Usenet is an attempt to find someone who knows more than I do.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

Alan Browne <bitbucket@blackhole.com> wrote

<https://www.csoonline.com/article/546518/ip-address-does-not-identify-a-person-judge-tells-copyright-troll-in-bittorrent-ca.html>

The only mention of GPS in that article and the linked PDF is as a
source of accurate time.

Why not just ask the ISP for the client data (with an appropriate
subpoena of course)?

This judge would still toss it out, I suppose, because it still didn't
id the actual person.

Hi Alan,

There is no question the PDF explicitly says the ISP was never contacted.
<https://ia801002.us.archive.org/29/items/gov.uscourts.flsd.429757/gov.uscourts.flsd.429757.10.0.pdf>

In fact, the PDF says if the judge doesn't believe their 100% accurate 'Maxmind(R) Premium IP geolocation' result, only _then_ would they bother
to ask the judge to allow them to subpoena AT&T (who was the guy's ISP).

The PDF says the 'Maxmind(R) Premium IP geolocation database' is 100%
accurate to identify the exact address that had that IP address for 6
months (where the judge's response was that an address isn't a person).

Even though they 100% pinpointed the address sans ISP logs, that didn't
matter because his legal point is an address can't commit infringement.

However...
I'm not asking about the merits of the case (as it was dismissed anyway).

What I'm trying to find is someone who knows more about how this supposedly 100% accurate 'Maxmind(R) Premium IP geolocation database' is created.
<http://www.maxmind.com/en/geoip_demo>

Does anyone out there know more about how this Maxmind database is created?
--
I am on this newsgroup to seek knowledge from others who know more than I.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

Andy Burns <usenet@andyburns.uk> wrote

*How did Malibu Media 100% determine GPS LOCATION of an IP address*
*WITHOUT contacting the ISP*?

<https://www.csoonline.com/article/546518/ip-address-does-not-identify-a-person-judge-tells-copyright-troll-in-bittorrent-ca.html>

The only mention of GPS in that article and the linked PDF is as a
source of accurate time.

Hi Andy,
Thanks for bringing up that GPS concern - where I'm using GPS colloquially.

We know the Plaintiff feels they properly established the defendant's home address as they said in the PDF if the judge didn't believe them, then they would ask to be allowed to subpoena the AT&T ISP database to confirm it.

However, we don't know if they established that address down to the exact global positioning coordinates or to the location of the USPS mailbox.

But does that minor detail really matter?
I don't know.

It all depends on _how_ Maxmind determines your location from IP addresses.

Suffice to say they tracked the guy down to his home as he used the same IP address for six months - which is the part I'm trying to understand better.

How does the Maxmind company determine, 100%, our physical address anyway?
<https://www.maxmind.com/en/home>
--
I'm on Usenet to learn from others and to teach others who want to learn.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

Newyana2,

I've never heard of ISPs giving out logs, but it's possible.

They're not "giving out logs". Their customers would leave in droves if
they would know. If they have them available for the Law than that is
under pressure.

I have heard of law enforcement using phone records, but
they don't usually talk about details.

The same goes for the above logs (IP to user correlation). Stuff like that
is often kept silent, as it will just cause civil unrest. Although catching crooks with them is often wantd and applauded, being included in such lists
as a common citizen feels creepy - and rightly so.

People still don't get that they're being tracked on cellphones

There is also the possibility that they know, realize that they can't change anything about it, and (purposely) forget all about it (as it would only
cause stress).

This suspect apparently thought to turn off his phone during the
murder but never thought about how his movements could be tracked
leading up to the murder.

:-) Most (occasional) criminals are not all that smart. But for the guy to know he could be tracked but not realizing that the same could be done for
his checking out of the place is remarkable. As if only the deed itself
was the danger point.

By the way, in the same line : I recently read people being found guilty of killing others because they looked up the method of killing on the internet
in the days just before the killing.

IOW, the gouverment has got access to a bit more than just the IP-to-user information. Though that might just be in the IPS's own logs (asked for
when a specific person raised suspicion).

If someone is identified down to street address from their
home IP I'd guess that's browser location data, not IP.

Nope, its likely easier than that. It makes sense that the "ip to user" log includes the users billing addres - just to make sure that the user is uniquely identified (a log list which tells you that a certain IP was used
by "James Smith" isn't all that usefull)

On the other hand, who knows what Wally's ever talking about.

True. Though most likely trying to create another of his famous tutorials. :-)

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

"Wally",

The PDF explicitly says they did _not_ contact the ISP so those logs you speak of are completely immaterial as the PDF is clear they never used
any.

Did I ever mention them contacting an ISP ? I don't think so.

If you think otherwise you only have to quote where I did. Good luck with that though.

The question here, for people who know more than I, is how Maxmind does
it.

[quote=me]
Than again, although "common sense" is said to be common, it often isn't. [quote]

Tell me, do you think that their method of their discovering the relation between an IP and a user location is their money-maker, and divulging it to the world (allowing them to do it themselves) would bring a stop to that ?

IOW, that the method is likely considered to be a 'trade secret' and packed into layers of NDA's.

That would mean that you are asking for something the company doesn't want
you to know, and that the people who do know are not allowed to speak about it.

But here you are, still "asking" random people for it.

One perennial problem I have is _finding_ someone who knows more
than I do, which isn't because they don't exist - they do - but
I have to find them.

Thats odd : you claim that nobody knows more than you do, but at the same
time you are asking others for information.

Something doesn't quite add up here ...

Regards,
Rudy Wieser



--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

On 2023-10-24 22:29, Newyana2 wrote:

"R.Wieser" <address@is.invalid> wrote

|
| This year :
|
| https://www.privacyend.com/mandatory-data-retention/
|
| https://www.cyberghostvpn.com/en_US/privacyhub/global-data-retention-laws/ |

Thanks. I didn't know about that. The pattern seems to be
that most countries are very intrusive, but many of the laws
have been challenged. While in the US there's no law but all
the big spyware companies are happy to sell/share the data.

I've never heard of ISPs giving out logs, but it's possible.
I have heard of law enforcement using phone records, but
they don't usually talk about details. For example, a murder
suspect in Idaho was found to have had his cellphome near
the murder location several times before the murder. Interestingly,
his cellphone was turned off for a couple of hours when the
murder happened. People still don't get that they're being
tracked on cellphones. This suspect apparently thought to
turn off his phone during the murder but never thought about
how his movements could be tracked leading up to the
murder.

If someone is identified down to street address from their
home IP I'd guess that's browser location data, not IP. On the
other hand, who knows what Wally's ever talking about.

Hum. The browser knows the location from the IP. Try Google Maps in a
computer with a new web profile or computer user, see how they get your location correct. At least the area.
--
Cheers,
Carlos E.R.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

On 10/25/2023 7:11 AM, Carlos E. R. wrote:

Hum. The browser knows the location from the IP. Try Google Maps
in a computer with a new web profile or computer user, see how
they get your location correct. At least the area.

It's more complicated than that.

The browser can query the "Location Service" on a Windows machine.

https://support.microsoft.com/en-us/windows/windows-location-service-and-privacy-3a8eee0a-5b0b-dc07-eede-2a5ca1c49088

"Microsoft operates a location service that helps determine the
precise geographic location of your Windows device. The precise
location of your device allows apps to give you directions, show
shops and restaurants that are near you, and more.

Many apps and services request location information from your device,
and the Windows location service gives you control over which apps
are allowed to access your precise location."

There is a big difference between the "precise" on a Windows Phone
versus the "precise" on a de-equipped desktop. Using my Ethernet IP, they
would precisely locate me to the "head office of my ISP".

My pizza won't be getting here in 30 minutes, so it will be free.

*******

There was an academic paper, claiming location via Ethernet packets,
to around two city blocks. Which is not "precise" and is not enough
for legal cases. And that method, required a certain density of probing devices, to make the determination. This is a good enough method for
setting up police road blocks and doing a grid search.

With wireless in the picture, the situation could be quite different.
Both Microsoft and Google have "snarfed" SSIDs. Google was doing
this, with the Google map car that drives around. Microsoft was doing
it with the OS, but they have likely stopped doing that, some time ago. Microsoft would collect all the SSIDs they could find, on a Wifi, and
then by comparing all the customers, build a map using that info.

I would guess, without Wifi and without a 4G Dongle, you're pretty safe.

However, if you Google on "toronto pizza" then you're in Toronto,
and if you type in "toronto city hall main phone number", again,
you're in Toronto. If you type in "Joes Pizza", then that might
isolate you to a section of Toronto. Enough of these kinds of requests, geolocates you (as people are too lazy to go to the other side of Toronto).

I think on one occasion, they got three of my post-code letters correct.
But since the info displayed at the bottom of the page, is not their
actual determination (it's to knock you off the scent), their
determination could be a lot closer.

Paul
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

Carlos,

Hum. The browser knows the location from the IP.

No, it doesn't.

Try Google Maps in a computer with a new web profile or computer user, see how they get your location correct. At least the area.

:-) Yes, "at least"

A new profile doesn't change your IP, nor your 'puters "fingerprint" - the latter of which can often be "probed" by a bit of JS.

Also, from your IP they know which ISP you're using, and from that (and previous experiences) they can pin-point your general(!) area.

And thats assuming you're *not* using a Google browser, 'cause in that case
it can just grab an ID that was set up when it was installed/first used.

And yes, there have already been complaints about that. Especially here in Europe, as such a tracking ID violates the GDPR.

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

"Carlos E. R." <robin_listas@es.invalid> wrote

| Hum. The browser knows the location from the IP. Try Google Maps in a
| computer with a new web profile or computer user, see how they get your
| location correct. At least the area.
|

I think we're potentially talking about multiple things here.
Browser location reporting is one thing. Spyware data collection
is another. Locating you by your IP is yet another. As I mentioned,
I use a free database that lets me locate IP within a few miles.
You can also look up a single IP online. That's based on public
records. If I visit Google (with no script allowed, as usual) they
list my location as being 2-3 miles away from where I am, in
a different subsection of town. They're using those public IP
records. That's not a source of addresses.

I have a VBScript on
my desktop to do the same thing. Having processed the MaxMind
free database (deliberately imprecise) and stored the data in an
MSI (software installer) database, I can look up an IP and get
the location. MaxMind will probably give me the next town over,
because they don't want to give away full functionality for free.
But the data is there. What they do give me is very handy for
tracking visitors to my website. At least I can tell a Chinese hacker
from a Spaniard from someone in Ohio. (And I know, for example,
that it's ALWAYS the Chinese who try to hack into my website
by making hundreds of requests at a time to test for things like
Wordpress vulnerabilities. Russians stop by to download code.
Chinese just try to do automated break ins, presumably to plant
malware for driveby downloads.)

Spyware is completely separate. I don't use Google products
and keep all but the base domain in my HOSTS file. I also don't
enable any kind of location data and rarely use a cellphone. Nor
do I use Google maps. If you're using Google maps on a cellphone,
with location enabled, then they will know your location fairly
precisiely from tower signal triangulation. But that's a different
thing. With a cellphone you're basically wearing a tracking collar.
And Google even sells that data in their "geofencing" business.

https://techcrunch.com/2021/08/19/google-geofence-warrants/

So there's a lot of location tracking going on via various spyware
methods, as well as voluntary location tracking through cellphone apps
that give driving directions, restaurant recommendations, suggested
sex partners at a nearby bar, and so on. During the COVID situation, governments were encouraging people to install warning software.
If you came within 6 feet of another cellphone sucker with the same
software, who had recently tested positive, the app would warn you
to get tested! Unfortunately it didn't discriminate between having
lunch with an infected person vs passing them in your car.

It's highly unlikely that
Google knows my home address just by seeing my IP, even in
combination with their spyware. I just don't make that much data
accessible. I haven't even seen ads to speak of for decades,
simply due to HOSTS and disabling script. (I don't use any adblocker
software.)

There was an interesting example of the spyware datamining
several years ago:

http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/

Target is almost the last remaining US department store. They
track customers any way they can. As a result of garden variety
tracking and purchase history, they mailed ads for baby supplies
to a teenage girl. The father found out his daughter was pregnant
from the mailing.

So all of that is happening and it's astonishingly intrusive. Target
knew the girl's name, address, shopping history, etc, probably from
a charge card. (I avoid charge cards.) Or maybe because they
suckered her into being a "loyalty member". Or possibly through a
combination of disparate data that they collect or pay for.

The other
day I read from a Mozilla article that Nissan claims the right, in their privacy policy, to track your sex life, presumably by filming you in
your car.

Crazy stuff, and lawmakers are in the dark. But it doesn't
help when Chicken Littles like Wally go around screaming, with no idea
what they're talking about. It just gives the ostriches an excuse to
keep their heads buried. The facts are plenty shocking without making
stuff up.



--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

On 2023-10-25 13:39, Paul wrote:

On 10/25/2023 7:11 AM, Carlos E. R. wrote:

Hum. The browser knows the location from the IP. Try Google Maps
in a computer with a new web profile or computer user, see how
they get your location correct. At least the area.

It's more complicated than that.

The browser can query the "Location Service" on a Windows machine.

https://support.microsoft.com/en-us/windows/windows-location-service-and-privacy-3a8eee0a-5b0b-dc07-eede-2a5ca1c49088

"Microsoft operates a location service that helps determine the
precise geographic location of your Windows device. The precise
location of your device allows apps to give you directions, show
shops and restaurants that are near you, and more.

Many apps and services request location information from your device,
and the Windows location service gives you control over which apps
are allowed to access your precise location."

There is a big difference between the "precise" on a Windows Phone
versus the "precise" on a de-equipped desktop. Using my Ethernet IP, they would precisely locate me to the "head office of my ISP".

Right :-)

My pizza won't be getting here in 30 minutes, so it will be free.

*******

There was an academic paper, claiming location via Ethernet packets,
to around two city blocks. Which is not "precise" and is not enough
for legal cases. And that method, required a certain density of probing devices, to make the determination. This is a good enough method for
setting up police road blocks and doing a grid search.

I think they need access to the ISP hardware for doing this, so getting
the help of the ISP would be faster.

With wireless in the picture, the situation could be quite different.
Both Microsoft and Google have "snarfed" SSIDs. Google was doing
this, with the Google map car that drives around. Microsoft was doing
it with the OS, but they have likely stopped doing that, some time ago. Microsoft would collect all the SSIDs they could find, on a Wifi, and
then by comparing all the customers, build a map using that info.

I would guess, without Wifi and without a 4G Dongle, you're pretty safe.

True, they can use wifi maps. Still, the external query needs access to knowing the WiFi... or access to the OS location services.

However, if you Google on "toronto pizza" then you're in Toronto,
and if you type in "toronto city hall main phone number", again,
you're in Toronto. If you type in "Joes Pizza", then that might
isolate you to a section of Toronto. Enough of these kinds of requests, geolocates you (as people are too lazy to go to the other side of Toronto).

I don't think the ISPs do this. Facebook, Google... maybe.

I think on one occasion, they got three of my post-code letters correct.
But since the info displayed at the bottom of the page, is not their
actual determination (it's to knock you off the scent), their
determination could be a lot closer.

Paul

--
Cheers,
Carlos E.R.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

Please type your IP address into this lookup from Maxmind and let us know
how accurate it seems to be (given my results were within a neighborhood).
<https://www.maxmind.com/en/geoip-demo/>

Or simply visit this geolocation web site offered by Maxmind on the net.
<https://www.maxmind.com/en/locate-my-ip-address>

The result is a latitude/longitude (which we can colloquially call "GPS" keeping in mind what Andy Burns brought up) which was within a half mile.
<https://blog.maxmind.com/2021/07/how-accurate-is-ip-geolocation/>
"Whether you're localizing content, implementing geofencing,
or gathering data for security and analytics, you start with an
IP address and hope for something like the latitude and longitude
of the end-user."

They provide an overview of how they collect this geolocation data here.
<https://www.maxmind.com/geoip2-overview-2021-06-08.pdf>
Note that their "Precision" database includes what they call "Insights."

Delving into "Insights", it's further referred to as a "Precision Web
Service" using "Traffic Analysis" compiled from "Data Points" on the net,
& charges ranging from $0.0001 to $0.002 per query with volume discounts.

<https://support.maxmind.com/hc/en-us/articles/4408918396571-Lookup-IP-Addresses-in-the-Web-Services>

They say specifically "GeoIP2 geolocation data is never precise enough to identify or locate a specific household, individual, or street address"

<https://support.maxmind.com/hc/en-us/articles/4407630607131-Geolocation-Accuracy>

And, surprisingly considering the merit of the aforementioned lawsuit...
"we cannot geolocate the *person* who is using the IP address"
because they say people can be using up to 5 different kinds of anonymizers
VPNs,
hosting providers,
public proxies,
residential proxies,
and TOR exit nodes,
and then they go on to say there are other anonymizers such as
Apple iCloud Private Relay.
<https://support.maxmind.com/hc/en-us/articles/4408208507163>

And their most accurate databases use a variety IP-intelligence data.
IP Network Data
Anonymizer and Proxy Data
Business VPNs and Consumer Privacy Networks
User Context Data

<https://support.maxmind.com/hc/en-us/sections/4407512691867-IP-Intelligence-Data>
--
Being intelligent enough to be privacy conscious is not a crime.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

Wally J wrote:

Please type your IP address into this lookup from Maxmind and let us
know how accurate it seems to be

It says centre of London, with a claimed accuracy of 200km, which is
157km away from where I actually am, so it knows its limitations.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

Andy Burns <usenet@andyburns.uk> wrote

Those various databases vary wildly in accuracy, they all know my IP is
in the UK, but some are 100 miles out.

How accurate is the Maxmind lookup for your IP address in the UK?
<https://www.maxmind.com/en/geoip-demo/>
<https://www.maxmind.com/en/locate-my-ip-address>

When logged-out of my google account, google maps used to at least
pretend it didn't know my location at all, now even when logged-out, it knows to within a couple of miles

I use Google Maps on the phone where I also employ GPS spoofing software,
as you're well aware (e.g., "Fake GPS") which produces interesting
artifacts since Google Maps knows _both_ locations, fake & real,
simultaneously (so it literally jumps back and forth between them).

This is due to the rude inconsiderate neighbors who don't hide their home router broadcasts and to the even more inconsiderate masses who upload them
to the various NetStumbler, Mozilla, Wigle & Google AP-to-GPS databases.

Unfortunately, the vast majority of humans are the type who would kick a
stray dog just to get it out of their way judging from this basic fact.

I wish more people would stop being rude & simply do 2 important things:
1. Set up the AP with _both_ hidden broadcasts & append "_nomap", and,
2. Set up the phone to _not_ upload broadcasts to the location databases.

Those simple steps aren't being done by 999,999 out of 1,000,000 cases.
Hence it's the rude people surrounding us, who give our location away.

When my PC is logged-in, google maps knows to within 300 metres or so,
my phone logs-in to the same google account and has GPS enabled, so I'm surprised it isn't bang-on.

I don't know of GPS-spoofing freeware on Windows to prevent that. Do you?
--
Those who are intelligent enough to understand privacy have to deal with
the unwashed masses who are so rude as to daily throw them under the bus.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

Andy Burns <usenet@andyburns.uk> wrote

Please type your IP address into this lookup from Maxmind and let us
know how accurate it seems to be

It says centre of London, with a claimed accuracy of 200km, which is
157km away from where I actually am, so it knows its limitations.

Thanks for running that test, where that's the free database, which even
Rudy (or was it Mayayana?) noted has purposefully introduced inaccuracies.
<https://www.maxmind.com/en/geoip-demo/>

In my case, the geolocation turned out to be within the same neighborhood;
but that may be because of the particular way we obtain our IP addresses
given there are no cable lines on the telephone poles out in the boonies.
<https://www.maxmind.com/en/locate-my-ip-address>

Hence all our Internet access has to come from a few miles away LOS from an eclectically tiny set of IP providers - although with the T-Mobile 5G
hotspots nowadays, many of us are switching to broadband over cellular.

BTW, does your PC really have GPS enabled on it?
I've never encountered such a thing.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

Andy Burns <usenet@andyburns.uk> wrote:

Wally J wrote:

Please type your IP address into this lookup from Maxmind and let us
know how accurate it seems to be

It says centre of London, with a claimed accuracy of 200km, which is
157km away from where I actually am, so it knows its limitations.

Mine is off by a few km and says I'm in the water, which is *NOT*
good! :-)
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

Wally J wrote:

does your PC really have GPS enabled on it?
I've never encountered such a thing.

No mine doesn't, but I've known PCs with 3G/4G/5G connectivity to
provide GPS
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

"Carlos E. R." <robin_listas@es.invalid> wrote

On 2023-10-25 21:06, Andy Burns wrote:

Carlos E. R. wrote:

For me, it says somewhere in Madrid, where I guess the offices of my
current ISP are registered, which happens to be 4 Km of my actual
location.

But google maps locates me much more accurately, and I am not logged in.

I have a /29 subnet, normally everything goes out with a single source
IP addr, so I set up a specific NAT rule for this laptop to use a
different IP, started a private browsing window, obviously not logged
into google.

checked with whatsmyip.org that the NAT rule was taking effect, and
google maps *still* knows which village I live in ...

Did you login with a new user?

I'm interested in Andy's and Carlos' results where they get more accurate geolocation in Google Maps when they're logged in than when they're not...

But...

I would simply ask both to confirm when they report their test results
whether or not they're using the Windows PC (which I presume they are).

As the Google maps (web or app) in Android/iOS uses different sensors.

Specifically, on Android it's darn nigh near impossible to turn off GPS geolocation from happening under the covers unless you go to great lengths.

And, once you figure out all the places you need to turn 'em off...
they go back on again under a variety of common circumstances
(e.g., using maps or clearing cache or accessing firebase, etc.)

Ask me how I know this...
<https://i.postimg.cc/v8CS9SvY/precise-shortcut01.jpg>
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

On Tue, 24 Oct 2023 01:33:15 -0400, Wally J <walterjones@invalid.nospam>
wrote:

*How did Malibu Media 100% determine GPS LOCATION of an IP address*
*WITHOUT contacting the ISP*?

More importantly, how do we all know exactly who you are no matter how
much you nym shift?
--
Zag

No one ever said on their deathbed, 'Gee, I wish I had
spent more time alone with my computer.' ~Dan(i) Bunten
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

Andy Burns <usenet@andyburns.uk> wrote

has been gone into
detail by many of the same participants in the android group

The original discussion from 2016 with WallyJ (then known as AliceJ) and
a one-liner that lets you feed two MAC addrs into google's API and spit
out a location

<https://groups.google.com/g/comp.mobile.android/c/-PK03bCEheM/m/feKn0AfpGgAJ>

Just checked and that still works today, though it's a little more
involved to get an apikey ...

Oh my! "*Our stoooooopid neighbors threw us all under the bus*!"
<https://groups.google.com/g/comp.mobile.android/c/-PK03bCEheM/m/q3xjDe4QGwAJ>
<https://groups.google.com/g/comp.mobile.android/c/-PK03bCEheM/m/feKn0AfpGgAJ>
<https://groups.google.com/g/comp.mobile.android/c/-PK03bCEheM/m/dynPTAJbGwAJ>
<https://groups.google.com/g/comp.mobile.android/c/-PK03bCEheM/m/KELoC5LlGgAJ>
<https://groups.google.com/g/comp.mobile.android/c/-PK03bCEheM/m/GjnM55CDGgAJ>
<https://groups.google.com/g/comp.mobile.android/c/-PK03bCEheM/m/BQ6iXOpeGgAJ>
<https://groups.google.com/g/comp.mobile.android/c/-PK03bCEheM/m/V0MRl_teGgAJ>
<https://groups.google.com/g/comp.mobile.android/c/-PK03bCEheM/m/5JCrrS5jGgAJ>
etc.

You ask Google's database if one BSSID is at the location of another BSSID, and Google will tell you if your wife is at the hair salon or not, right?
(As long as your wife has a hotspot enabled, which can easily be arranged.)
<https://developers.google.com/maps/documentation/geolocation/overview>
<http://samy.pl/androidmap/>
<https://blog.technitium.com/2011_06_01_archive.html>
<https://www.huffpost.com/entry/android-map-reveals-router-location_n_853214>
<http://blog.skidzun.de/2011/06/17/do-you-know-where-you-are/>
etc.

From that thread way back in January 2016 that Andy just referred to above.
*Are we all handing to Google the SSID of our home routers?*
<https://groups.google.com/g/comp.mobile.android/c/-PK03bCEheM/>
That was way back in Jan 29, 2016, when I didn't know what I know now.

The biggest problem then was as now; we can't control our stupid neighbors.
Nor can we control the phone of the stupid people who drive by our house.

We can only control our stuff, so that we don't do stupid things too.

Most things only got worse since then... but the fix remains similar.
<https://i.postimg.cc/v8CS9SvY/precise-shortcut01.jpg> Privacy shortcuts
(The only thing that got better are my screenshots, due to FOSS Paint.NET)

Note that "cloning the LAN BSSID" actually got easier over time, while most everything else got harder but what's bad is what you can do with LAN data (where Jeff Liebermann explained the Wi-Fi port is on the LAN, not WAN).

Essentially, if you have the key, you can do the lookup if you tell Google
a few things, some of which you know already - so you can be malicious.

You can find if your wife's cellphone is at the hair parlor or not, if you
know two things about her cellphone & a similar two things at the parlor.

But malicious lookups aside, people should do a few things (one of which
almost everyone, if not everyone - doesn't understand & yet is so simple).

Note: The SSID isn't important - but the unique BSSID + GPS location is!

1. *Turn OFF your home router AP SSID broadcast (yes, turn it off).*
Not for security - so don't tell me that NetStumbler can still see it.

Why?
Phones don't _upload_ (with well-behaved software) when you turn it off.

Note: The SSID isn't the point - it's the BSSID you don't want uploaded!

2. *Append "_nomap" to the home router AP SSID.*

Why?
Well-behaved databases (e.g., Google/Mozilla) _remove_ opt-out items.
<https://searchengineland.com/google-announces-nomap-wifi-optout-101134>

NOTE: See Andy Burns' caveat about "well-behaved" online databases.
<https://groups.google.com/g/comp.mobile.android/c/-PK03bCEheM/m/L4bfO4NSGQAJ>

We used to need to add "_optout" for Microsoft, but no longer (AFAIK).
Don't get hung up on the SSID; it controls the unique BSSID upload!

3. *Set the client device (e.g., a phone or mobile PC) to NOT RECONNECT!*

Why do you set "Reconnect=OFF" to a hidden-broadcast home AP SSID?
Otherwise, it "screams out" (Andy's words) that it's looking for it.

4. *You can also randomize the BSSID automatically every time you connect.*

Why?
Your old connection, if "screamed out", will contain a random BSSID.

5. *Jeff Liebermann suggests a blase SSID (e.g., NETGEAR or DEFAULT).*

Why?
The combination of unique SSID & BSSID is even more unique than before.

However, then you might want to choose a really good passphrase since
WPS2 rainbow hash tables exist on the Internet for dictionary lookups.

Caveat: See Jeff Liebermann's clarification about Rainbow Tables.
<https://groups.google.com/g/comp.mobile.android/c/-PK03bCEheM/m/Hf4LdRhYGQAJ>
--
Privacy is simple things but you have to know what they are to do them.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

Wally J wrote:

From that thread way back in January 2016 that Andy just referred to above.
*Are we all handing to Google the SSID of our home routers?*

Google do "age-out" BSSIDs that haven't been seen in some time, the
original addresses I fed the API back then won't return a result now.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

Andy Burns <usenet@andyburns.uk> wrote

From that thread way back in January 2016 that Andy just referred to above. >> *Are we all handing to Google the SSID of our home routers?*

Google do "age-out" BSSIDs that haven't been seen in some time, the
original addresses I fed the API back then won't return a result now.

Thank you for that thread, as there was a lot then that is apropos now.
Yes. I know they age out, as I tested it myself by changing my SSID.

One thing I could not, for the life of me figure out then, and now, is how _you_ managed to _change_ your home router's MAC (BSSID) address, Andy.

1. Jeff Liebermann said you could not "normally" change the AP BSSID.
<https://groups.google.com/g/comp.mobile.android/c/-PK03bCEheM/m/ST-ShkR4GQAJ>

2. Not without Linux, anyway... (we're talking the outward-facing MAC!)
<https://groups.google.com/g/comp.mobile.android/c/-PK03bCEheM/m/feKn0AfpGgAJ>

3. But you seem to have changed the router's AP MAC (but did you really)?
<https://groups.google.com/g/comp.mobile.android/c/-PK03bCEheM/m/vcxeErfiGQAJ>
"ifconfig wlan0 down
ifconfig wlan0 hw ether 08:BD:43:XX:XX:XX
ifconfig wlan0 up
on mine to change the MAC for the 2.4GHz Atheros radio
(as I'm SSH'ed over the 5.2GHz radio wlan1) and it seems
to have taken the new address"

I don't understand how you changed the hard-coded AP MAC (BSSID)
(which is what is seen by a wardriving car driving by your home).

Did you really change the outward-facing BSSID on your router?
How?
--
Because if you managed to change yours, I want to change mine.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

"Carlos E. R." <robin_listas@es.invalid> wrote

a car at ground level will have problems recording a hundred WiFi
signals at the same spot, some of them very weak.

But if the car records some of the BSSIDs that your PC or phone can also
see, it knows where you are ...

Ah, but there I have the advantage: I'm using Linux at the moment ;-p

Linux may not be doing what the PC is doing, but just to be clear, Android
is _definitely_ (by default) uploading these four things about each of
those (hundred) access points that it can see at any given point in space.

1. The phone's GPS location (which is unique!)
2. The (hundred) Wi-Fi BSSIDs that it can see (all of which are unique!)
3. The _signal strength!_ to each of those (hundred) Wi-Fi access points
4. The SSID for each of those (hundred) Wi-Fi access points

More information is uploaded, but that's the main four characteristics.
A. Notice they have the location of the phone
B. And the signal strength (in dBm) of the (hundred) access points

From that Google can pretty easily figure out approximately how far each of those (hundred) APs are from your phone; and from doing that for hundreds
of phones, almost exactly where each of those (hundred) APs are located.

Like it or not, it's miserable to turn all this Wi-Fi (and Bluetooth!)
scanning off on today's Android phones if you happen to use Google Maps.
<https://i.postimg.cc/v8CS9SvY/precise-shortcut01.jpg> Privacy shortcuts

It can be done - but you have to be intelligent - and not stooopid.
(HINT: Most people are incredibly stupid - which is why this stuff works.)

Notice none of this happens if you do two things (you only need the first).
a. You append "_nomap" to the SSID (to remove it from the databases)
b. You hide the broadcast (which prevents it from being uploaded at all)
--
Privacy is not impossible any more than personal hygiene isn't impossible.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

Wally J wrote:

One thing I could not, for the life of me figure out then, and now, is how you managed to change your home router's MAC (BSSID) address

At that time my router was running openWRT so I could have overridden
the hardware MAC address, but don't actually think I did.

I have a feeling that the .json file I used contained some of my
neighbours' BSSIDs rather than my own, however I'm using a different
router now.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

Andy Burns <usenet@andyburns.uk> wrote

One thing I could not, for the life of me figure out then, and now, is how >> you managed to change your home router's MAC (BSSID) address

At that time my router was running openWRT so I could have overridden
the hardware MAC address, but don't actually think I did.

Thanks for confirming, as I'm well aware all the platforms (Windows, Linux
& Android) can change "their" connecting MAC address - but the one MAC
address that is outward facing is the one in the home router itself.

I'm aware there is a CLI on every router but I don't know (yet) of any
command that will clone/spoof/change the hard-coded outward facing MAC.

I have a feeling that the .json file I used contained some of my
neighbours' BSSIDs rather than my own, however I'm using a different
router now.

The problem with privacy from Google is in two ways (both because most
people are stupid as I said back in 2016) that we have to protect against.

1. People who drive by our homes upload to Google our broadcast information
2. People next door broadcast their information (which is at our location)

It wasn't so bad when Google didn't force "precise location" scanning.

But now that Google forces that on smartphones, we're doomed as a result
unless we can figure out a way to prevent this from happening to us.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

You have got to be the most successful troll I have ever seen. I can't
even begin to killfile this stuff. But your count group is weird.

I mean, clearly it has nothing to do with satellite navigation, even
though the header mentions GPS. That is: IP geolocation has absolutely *nothing* to do with satellite navigation. Very clever.

Now could you please go away, Arlen? I'm getting sick of deleting your messages, but more than that, the troll feeding frenzy that follows them.

Could y'all please stop fattening this guy up?
--
Zag

No one ever said on their deathbed, 'Gee, I wish I had
spent more time alone with my computer.' ~Dan(i) Bunten
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

Zaghadka <zaghadka@hotmail.com> wrote

Now could you please go away,

If you can't see how your GPS location is part of the upload to Google's database, and which is likely what they're using, then you're an idiot.

But to your point Zaghadka, you're one of the biggest trolls out there.
When have _you_ ever added even a single iota of on-topic value Zaghadka?
*The answer is you have _never_ added any value, Zaghadka*

Also the answer is you can't ever add any value, Zaghadka.

Want facts?

You posted twice, for example, to this thread, subtracting value each time. Think about that before you claim everyone else is a troll except for you.

Please do not post further to this thread unless you can add topical value.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.geo.satellite-nav

On Sun, 29 Oct 2023 20:24:46 -0400, Wally J <walterjones@invalid.nospam>
wrote:

Zaghadka <zaghadka@hotmail.com> wrote

Now could you please go away,

If you can't see how your GPS location is part of the upload to Google's >database, and which is likely what they're using,

Goalposts moved. Now it's about Google and not Malibu Media? It's really
about satnav and not IP geolocation? Smooth.

then you're an idiot.

Ah, ad hominem insults. The last resort of a troll on the ropes.

Good luck, guy. Please stop nym-shifting so I can properly ignore you.
--
Zag

No one ever said on their deathbed, 'Gee, I wish I had
spent more time alone with my computer.' ~Dan(i) Bunten
--- Synchronet 3.21a-Linux NewsLink 1.2