I've wanted to try something like this before, but I was under the impression that providers like MaxMind might use other techniques to figure out the "real" location of a server.
ipinfo.io uses a probe network for this[1], but even then a server physically located in the Netherlands with an IP announced as being from, say, Seychelles would still respond to pings faster from a European location than from somewhere like Singapore (unless you go out of your way to induce latency to ICMP responses).
surprised to see a p3terx blog referene here. His CF WARP scripts were quite popular.
Some background info: in China, all online discourse are required to show the user's provincial-level origin, or country name for non-mainland users, using geoip. this is enforced by the Cyber Admin Commission of CCP.
China has a lot of local politics and is surprisingly decentralised.
If you look at how American social media is, with people from Texas claiming to know in detail what New York is like (and vice versa), it makes some sense.
Not saying I agree with it and the privacy implications, but I can see the sense.
China has multiple levels and systems of citizenships and human rights granted...
That said, most European countries are smaller than bigger Asian cities, and no country on Earth is less than 4x smaller than China or India, so it might be just a fair game.
Hmm, it's a bit dark: China does not have a federal level task force like the FBI or CIA, raids/arrests are executed by provincial or municipal PD. It's called 公安属地原则 thingy
I saw a few documentaries about North Korea. Now, I'll skip the potemkin-village propaganda part of the regime, but I was quite surprised that they had skilled developers too and modern equipment / computers. Granted, this was an exception (Pyongyang is an exception in general anyway) and naturally in these documentaries you can only see what the regime feeds you, but even then I was surprised to see that they weren't like, say, 20 years behind or something like that. It may not be anywhere near as close to the quality in South Korea, but the image of some retrolooking guys from the 1945s is also incorrect. Of course a lot of this is weird, since they perfected the potemkin village strategy where things look so extremely bizarre like from almost 100 years ago now, but then they have some designated people roleplaying as computer designers and architects, and they actually are not totally clueless but know some things (that is, they are not all playing the potemkin part at all times, all the way).
I don't know why you'd be surprised that they have skilled developers and modern computers. North Korea has a state-funded hacking and phishing operation that generates $2 billion, which represents a pretty significant part of their $35 billion GDP.
Dude, computers and internet have been worldwide for 20+ years. Even war zones have internet and modern computers. The only place that doesn't is Cuba which is physically separated from the rest of humanity by geography and embargoes.
Did you know a country’s political system says nothing about how smart its citizens are? Education levels can differ, sure. But in IT especially, almost all learning material is freely available online. All you really need is motivation. And autocratic regimes have plenty of ways to create that.
North Korea doesn't have access to the open internet, so no learning materials are 'freely available' online. All computer access is gated through the countries own locked down Linux distro 'Red Star OS', and all internet access is blocked.
There are effective North Korean hacking teams. They seem to operate from China, but one assumes that there are ways to train North Koreans in this stuff before sending them abroad to do the work.
I will agree that for most people in North Korea access to the outside internet is limited, but your claim that "All computer access is gated" is a stronger one, that I haven't seem evidence for.
Also, we know that Red Star OS exists, but I haven't seen any information about it's actual use. I can imagine it's used in certain sectors (e.g. education or certain ministries), but if you have information about it's usage I'd be interested to see that.
My gut feeling is that there is probably still a lot of cracked windows PCs also used in industry, but I have no evidence for that either. This is just based on how in my experience China works, and the fact that there is some business exchange between North Korea and China.
> I was surprised to see that they weren't like, say, 20 years behind or something
That actually says more about what the Western "First World" media feeds their people, that the rest of the world is 20 years behind and stuff :')
Maybe 10, maybe some places, sure. In terms of social progress and basic rights, hell there are places that are 50 or even 200 years behind (see Afghanistan's treatment of women for example)
But tech-wise, I was surprised when I visited some parts of the Middle East and Asia; almost everything was available online, paid for electronically, clean and effective mass transport, walkable and safe cities..
> That actually says more about what the Western "First World" media feeds their people, that the rest of the world is 20 years behind and stuff :')
More like, "western" media rarely talks about most countries not undergoing a crisis, somehow relevant or close culturally. A British paper will talk about the US and Western EU countries because they're relevant to Britons and close partners; it will also cover Ukraine and Gaza because they're undergoing crisis and relevant. It won't talk all that much about the war in Mali or the local politics of Tashkent. French media will cover former colonies like Mali more due to the shared language and the presence of large amounts of people of that descent in France, but won't cover e.g. what's happening in Sri Lanka day to day.
So the little that the average "westerner" hears about North Korea is the occasional weird case, or when they make missile tests / international threats. The state of urbanism in Pyongyang is irrelevant to most people, so there is little reporting on it.
> But tech-wise, I was surprised when I visited some parts of the Middle East and Asia; almost everything was available online, paid for electronically, clean and effective mass transport, walkable and safe cities..
Wildly location dependent.
> clean and effective mass transport
Big Chinese cities, big former Soviet cities, Hong Kong, Singapore, South Korea, Japan. Everywhere else in Middle East and Asia doesn't have effective mass transport there might be a few metro lines like in Dubai, or be rapidly expanding like Hanoi, Riyadh, but nothing else comparable to the gold standards of e.g. Tokyo, Seoul, Beijing, London, Paris.
> walkable and safe cities..
Which cities were walkable? I have yet to visit a developing country where walking wasn't barely an afterthought with little to no sidewalks, no priority for pedestrians, etc. While it's definitely better in some countries compared to others, it's really not the norm in "the Middle East and Asia". It is in most developed countries in those regions, like Japan, China, South Korea, UAE, Saudi (and the last two have temperatures that make it challenging).
> almost everything was available online
My favourite is the countries in the middle. E.g. Sri Lanka, where the railways are stuck in the 1950s from when the British left, everything is on paper (schedules, tickets, etc.) and you have to go to a train station to buy a ticket... but a lot of other things are quite digital. Everywhere has 4G coverage, everyone has a phone with data. But some things are literally decades behind.
> media feeds their people, that the rest of the world is 20 years behind and stuff
Well western or pretty media having no access to the country pretty much guarantees that everything they might be reporting is a mix of speculation and outdated information. Doing the best you can with whatever data is available doesn’t seem like an unreasonable approach.
> see Afghanistan's treatment of women for example
My first thought was "is this legal?", but then had a hard time considering even which jurisdiction this (or using a "fraudulent" IP location) would fall under?
In Germany it could be computer fraud, which criminalises entering incorrect data into a computer system for financial gain. I don't know if "watching a different set of shows on Netflix" would qualify.
How does one feasibly purchase IP blocks these days? Most blocks that are available are starting in the six figure range, generally higher from what I see.
Six figures should get you one hell of a block, it's more like 6k for a /24 IPv4 block sale.
An IPv6 block, as used here, should be "free" (as in registration fees alone).
If you register a new company with only IPv6 there are ways to get one or two "free" (as in registration fees alone) /24 IPv4 blocks to aid in NAT64 and DNS hosting for your first ASN. All in all it was something a little over 1k for me to get an Org ID + ASN + /40 IPv6 + a /23 IPv4.
Cloudflare does not have any IPv4 blocks in North Korea. Geolocation databases use RIPE as the primary source and then make estimates using various tools.
Yeah Geo-IP is "fake" when I look at this deeper, idk why people use this as source of truth
also important point when you using Starlink and got totally different "relay" station sometimes can be thousand miles away, I think we need to "upgrade" our internet infrastructure for interplanetary system
It's the best there is and good enough for most business purposes. Regulations may require you not to do business with people in certain countries so you have to do a good faith effort not to provide your services to those people. GeoIP, despite just being an indicator or correlation rather than objective truth, just happens to be that good faith effort.
…and for that matter, the more people game GeoIP like this, the less it’s “good enough.”
The regulatory imperative isn’t going anywhere, even if we degrade our good-enough, handshake-based, AS-operator-trusting system.
If history is any guide, any replacement technology might look a lot more intrusive and a lot more onerous: the first thought that comes to mind is some kind of DRM-style, device-based, attested location surveillance (tied to a government ID? Why not?!) as “proof of location,” and I’m sure the powers that be could come up with “better”…
As someone who constantly runs into problems visiting websites because of my IP geolocation, I agree that the system needs to be updated to make it impossible to use IP addresses for anything except packet routing.
I live in Texas, but for a while my ISP issued me IP addresses that had some geolocation information suggesting I was in Québec. Hey, at least its still North America.
Tons of websites and apps would use that IP location to default payment to Canadian dollars, default language as French, incorrect timezone, metric units instead of imperial.
It was like that for a couple of years. Quite annoying.
tl;dr it requires owning your own IP blocks and then lying.
> In reality, the “location” of an IP is inherently fuzzy. For instance, my 2a14:7c0:4d00::/40 block was originally allocated to Israel. But later, I bought parts of this range and announced them via BGP in Germany, the US, and Singapore (see previous article on Anycast networks). Meanwhile, I’m physically located in mainland China. As the owner of this IP block, I can also freely edit the country field in the WHOIS database — and I set it to KP (North Korea).
> Because of this ambiguity, it’s nearly impossible to precisely determine an IP’s location using any single technical method. As a result, almost all geolocation databases accept public/user-submitted correction requests.
I would not be surprised if this practice is technically against most terms of service.
> I would not be surprised if this practice is technically against most terms of service.
It doesn't really matter. RIPE and other RIRs let you put whatever metadata you want for an IP range into the database, and you can serve whatever you want from your own geolocation feed. If the geolocation providers don't like it, it's up to them to stop fetching your data.
quickly skimming the article i couldn't see a specific price for the ipv4 block, but ipv6 is cheap - the article mentions having to pay at least $50 a year + service fees to a "LIR", and you also need a BGP-enabled hosting provider which i imagine will come with similar cost at least (don't quote me on that).
For RIPE (don't know others) the are two ways: you can either sign up as a full member (an ISP) for 1500€/year, which gives you the same rights as any other ISP. You can also request a "provider independent" or PI address block, which comes with some contractual restrictions (you have to use it yourself and you can't act as an ISP), from a member for 50€/year plus their profit margin. Officially you should get one from your actual ISP, but there are a few RIPE members who sell easy access to PI blocks as part of their business model.
> tl;dr it requires owning your own IP blocks and then lying.
If this was the case, and theres tons of financial incentive to do so, wouldnt cloudflare,etc, block not based on the reported 'country' but some fuzzy heuristic that knows what country it comes from? hops?
That might work in big countries like the US, but in western Europe it's basically impossible to tell whether a connexion originates from London, Paris, Brussels or Amsterdam just by hop count or latency.
Even just jitter in router response time is already higher than the difference in latency due to speed of light between those locations. And just France is large enough that a connexion to some IP in France might legitimately travel further or not compared to a connexion to some other country, from basically any vantage point you might be looking from, and might or might not round-trip through Paris, adding potentially up to 1500 km of uncertainty in the path.
Identifying the interchanges the packets go through can help though, but not as much for residential ISPs.
They've got enough points of presence that they ought to be able to narrow most people down to a reasonably small circle just by speed of light - unless they're intentionally increasing their ping or on some terribly congested network or something.
This is a great post, I was asking about this for asn location to ChatGPT and it was telling me it wouldn’t help on this request lol.
But thanks to this series I setup an ARIN account, got allocated ipv6 and ipv4 addresses and starting the ASN assignment process. It’s a fun rabbit hole to go into.
ipinfo.io uses a probe network for this[1], but even then a server physically located in the Netherlands with an IP announced as being from, say, Seychelles would still respond to pings faster from a European location than from somewhere like Singapore (unless you go out of your way to induce latency to ICMP responses).
[1] https://ipinfo.io/blog/probe-network-how-we-make-sure-our-da...
reply