How did Malibu Media find the exact GPS LOCATION of an IP address 100% of the time WITHOUT contacting the ISP?

"wally",

...

Do not believe the claims a companies sales department makes. After all, they are trying to sell a product (either the software or its results).

The answer to your question ? By accessing the database which stores such IP-to-user "translations", which an ISP is legally required to upload its own log in that regard to.

And no, your "unique address" doesn't exist. There is something called "dynamic IP adresses". But using the thanwhile IP *plus* time of access a user can again be uniquely identified.

... unless you go thru some VPN or similar server thats located outside of a countries legal reach (and doesn't upload its logs). Which ofcourse /should/ make a dent in their "100%" claim. But I'm sure their sales department has got some "thats outside our intended scope" excuse for that.

And you do not seem to have much of any problem with that. Than again, although "common sense" is said to be common, it often isn't. :-)

Bullshit. The only reason I want to talk to someone who knows more about something than I do is to get my problem solved (or just learn something). Any benefit others might get from my conversation with that other person is purely coincidental (not that I mind if it happens though).

Regards, Rudy Wieser

The only mention of GPS in that article and the linked PDF is as a source of accurate time.

"R.Wieser" snipped-for-privacy@is.invalid wrote

| > How do they 100% geolocate an IP address alone to your unique address? | | Do not believe the claims a companies sales department makes. After all, | they are trying to sell a product (either the software or its results). | | The answer to your question ? By accessing the database which stores such | IP-to-user "translations", which an ISP is legally required to upload its | own log in that regard to. |

I use a free database from MaxMind to process my server logs. It gets location within a few miles. Getting more accurate costs. But even Google only gets within miles. If they're getting an exact address that's just datamining of personal information.

I'm curious. What do you know about ISPs uploading logs? I've never heard of that. Is that a Dutch law? IP range assignments are public knowledge, but I've never heard of any law requiring ISPs to share their traffic data.

Newyana2,

Very little I'm afraid. I just remember that it was (American) news a number of years ago (after 9/11) - to be able to track what "terrorists" where doing.

Not full traffic, just who assigned a particular IP and what IPs it connects to. But yes, here in Europe the IPSs by law have to keep such info available for ... 5 years IIRC.

Some links, talking about such retention laws at least 10 years ago :

(England) A more recent question about it in regard to GDPR (Europe) :

This year :

Regards, Rudy Wieser

Why not just ask the ISP for the client data (with an appropriate subpoena of course)?

This judge would still toss it out, I suppose, because it still didn't id the actual person.

"R.Wieser" snipped-for-privacy@is.invalid wrote

| | This year : | |

| | |

Thanks. I didn't know about that. The pattern seems to be that most countries are very intrusive, but many of the laws have been challenged. While in the US there's no law but all the big spyware companies are happy to sell/share the data.

I've never heard of ISPs giving out logs, but it's possible. I have heard of law enforcement using phone records, but they don't usually talk about details. For example, a murder suspect in Idaho was found to have had his cellphome near the murder location several times before the murder. Interestingly, his cellphone was turned off for a couple of hours when the murder happened. People still don't get that they're being tracked on cellphones. This suspect apparently thought to turn off his phone during the murder but never thought about how his movements could be tracked leading up to the murder.

If someone is identified down to street address from their home IP I'd guess that's browser location data, not IP. On the other hand, who knows what Wally's ever talking about.

Newyana2 snipped-for-privacy@invalid.nospam wrote

Hi Mayayana,

You're correct about that case as I read all these court case PDFs intently to figure out _how_ they track people down to their exact location.

In the Bryan Kohberger November 2022 murders, they only had cell-tower overlapping circles of where the phone was being driving around that night.

However, they had his phone number from a previous traffic stop the prior August which is where they started their AT&T-tower venn-diagram overlaps.

"Kohberger provided his phone number as 509-592-8458, hereafter the "8458 Phone as his cellular telephone number. Investigators conducted electronic database queries and learned that the 8458 Phone is a number issued by AT&T."

Here is a shocking court case where the defendant's red iPhone tracked him not visiting the remote murder site twice in the same dozen hours.

All this was before the body was found by the authorities so only he knew where the body was, and they tracked him over hundreds of miles in a twelve hour period watching his phone from Pennsylvania to New York to New Jersey, looping around the murder site (because he got lost on the second time around) and then stopping twice within a dozen hours at the murder site).

They even knew every Wi-Fi access point the murderer passed that night.

Hi Mayayana,

The question is _how_ they did it so that "may" be how they did it, although all we have, so far, is they used the Maxmind payware database.

"...each IP Address present within the abovementioned forensic data is automatically referenced against Maxmind(R) Premium's IP geolocation database (1)" (1)"As an example of how the process works, provides a way for anyone to test the database which Plaintiff uses. Here, Plaintiff inputted Defendant's IP address and received the same information it originally received from Maxmind. See Exhibit B"

We also know that they only pick the big ISPs, as they explicitly say "Plaintiff only forms its suits against defendants that have reputable Internet Service Providers (ISPs), such as here, AT&T, which from Plaintiff's experience have consistently traced to the city location provided by Maxmind."

They say it works 100% of the time to find the precise GPS location. "Plaintiff's Maxmind geolocation technology which traced Defendant to a location in Miami, FL has always been 100% accurate when traced to the Southern District of Florida. The proof that the technology works is that it has always worked previously."

The important question, for privacy reasons, is we must know _how_ the Maxmind company is able to determine, 100%, our physical address.

If we don't know _how_ they track our IP address to our homes, 100% of the time, then we can't implement any measures to prevent them from doing that.

Alan Browne snipped-for-privacy@blackhole.com wrote

Hi Alan,

There is no question the PDF explicitly says the ISP was never contacted.

In fact, the PDF says if the judge doesn't believe their 100% accurate 'Maxmind(R) Premium IP geolocation' result, only _then_ would they bother to ask the judge to allow them to subpoena AT&T (who was the guy's ISP).

The PDF says the 'Maxmind(R) Premium IP geolocation database' is 100% accurate to identify the exact address that had that IP address for 6 months (where the judge's response was that an address isn't a person).

Even though they 100% pinpointed the address sans ISP logs, that didn't matter because his legal point is an address can't commit infringement.

However... I'm not asking about the merits of the case (as it was dismissed anyway).

What I'm trying to find is someone who knows more about how this supposedly

100% accurate 'Maxmind(R) Premium IP geolocation database' is created.

Does anyone out there know more about how this Maxmind database is created?

Andy Burns snipped-for-privacy@andyburns.uk wrote

Hi Andy, Thanks for bringing up that GPS concern - where I'm using GPS colloquially.

We know the Plaintiff feels they properly established the defendant's home address as they said in the PDF if the judge didn't believe them, then they would ask to be allowed to subpoena the AT&T ISP database to confirm it.

However, we don't know if they established that address down to the exact global positioning coordinates or to the location of the USPS mailbox.

But does that minor detail really matter? I don't know.

It all depends on _how_ Maxmind determines your location from IP addresses.

Suffice to say they tracked the guy down to his home as he used the same IP address for six months - which is the part I'm trying to understand better.

How does the Maxmind company determine, 100%, our physical address anyway?

Newyana2,

They're not "giving out logs". Their customers would leave in droves if they would know. If they have them available for the Law than that is under pressure.

The same goes for the above logs (IP to user correlation). Stuff like that is often kept silent, as it will just cause civil unrest. Although catching crooks with them is often wantd and applauded, being included in such lists as a common citizen feels creepy - and rightly so.

There is also the possibility that they know, realize that they can't change anything about it, and (purposely) forget all about it (as it would only cause stress).

:-) Most (occasional) criminals are not all that smart. But for the guy to know he could be tracked but not realizing that the same could be done for his checking out of the place is remarkable. As if only the deed itself was the danger point.

By the way, in the same line : I recently read people being found guilty of killing others because they looked up the method of killing on the internet in the days just before the killing.

IOW, the gouverment has got access to a bit more than just the IP-to-user information. Though that might just be in the IPS's own logs (asked for when a specific person raised suspicion).

Nope, its likely easier than that. It makes sense that the "ip to user" log includes the users billing addres - just to make sure that the user is uniquely identified (a log list which tells you that a certain IP was used by "James Smith" isn't all that usefull)

True. Though most likely trying to create another of his famous tutorials. :-)

Regards, Rudy Wieser

"Wally",

Did I ever mention them contacting an ISP ? I don't think so.

If you think otherwise you only have to quote where I did. Good luck with that though.

[quote=me] Than again, although "common sense" is said to be common, it often isn't. [quote]

Tell me, do you think that their method of their discovering the relation between an IP and a user location is their money-maker, and divulging it to the world (allowing them to do it themselves) would bring a stop to that ?

IOW, that the method is likely considered to be a 'trade secret' and packed into layers of NDA's.

That would mean that you are asking for something the company doesn't want you to know, and that the people who do know are not allowed to speak about it.

But here you are, still "asking" random people for it.

Thats odd : you claim that nobody knows more than you do, but at the same time you are asking others for information.

Something doesn't quite add up here ...

Regards, Rudy Wieser

Hum. The browser knows the location from the IP. Try Google Maps in a computer with a new web profile or computer user, see how they get your location correct. At least the area.

It's more complicated than that.

The browser can query the "Location Service" on a Windows machine.

"Microsoft operates a location service that helps determine the precise geographic location of your Windows device. The precise location of your device allows apps to give you directions, show shops and restaurants that are near you, and more.

Many apps and services request location information from your device, and the Windows location service gives you control over which apps are allowed to access your precise location."

There is a big difference between the "precise" on a Windows Phone versus the "precise" on a de-equipped desktop. Using my Ethernet IP, they would precisely locate me to the "head office of my ISP".

My pizza won't be getting here in 30 minutes, so it will be free.

*******

There was an academic paper, claiming location via Ethernet packets, to around two city blocks. Which is not "precise" and is not enough for legal cases. And that method, required a certain density of probing devices, to make the determination. This is a good enough method for setting up police road blocks and doing a grid search.

With wireless in the picture, the situation could be quite different. Both Microsoft and Google have "snarfed" SSIDs. Google was doing this, with the Google map car that drives around. Microsoft was doing it with the OS, but they have likely stopped doing that, some time ago. Microsoft would collect all the SSIDs they could find, on a Wifi, and then by comparing all the customers, build a map using that info.

I would guess, without Wifi and without a 4G Dongle, you're pretty safe.

However, if you Google on "toronto pizza" then you're in Toronto, and if you type in "toronto city hall main phone number", again, you're in Toronto. If you type in "Joes Pizza", then that might isolate you to a section of Toronto. Enough of these kinds of requests, geolocates you (as people are too lazy to go to the other side of Toronto).

I think on one occasion, they got three of my post-code letters correct. But since the info displayed at the bottom of the page, is not their actual determination (it's to knock you off the scent), their determination could be a lot closer.

Paul

Carlos,

No, it doesn't.

:-) Yes, "at least"

A new profile doesn't change your IP, nor your 'puters "fingerprint" - the latter of which can often be "probed" by a bit of JS.

Also, from your IP they know which ISP you're using, and from that (and previous experiences) they can pin-point your general(!) area.

And thats assuming you're *not* using a Google browser, 'cause in that case it can just grab an ID that was set up when it was installed/first used.

And yes, there have already been complaints about that. Especially here in Europe, as such a tracking ID violates the GDPR.

Regards, Rudy Wieser

Can you folks stop X-posting this convo in the satellites group please?

"Carlos E. R." <robin snipped-for-privacy@es.invalid wrote

| Hum. The browser knows the location from the IP. Try Google Maps in a | computer with a new web profile or computer user, see how they get your | location correct. At least the area. |

I think we're potentially talking about multiple things here. Browser location reporting is one thing. Spyware data collection is another. Locating you by your IP is yet another. As I mentioned, I use a free database that lets me locate IP within a few miles. You can also look up a single IP online. That's based on public records. If I visit Google (with no script allowed, as usual) they list my location as being 2-3 miles away from where I am, in a different subsection of town. They're using those public IP records. That's not a source of addresses.

I have a VBScript on my desktop to do the same thing. Having processed the MaxMind free database (deliberately imprecise) and stored the data in an MSI (software installer) database, I can look up an IP and get the location. MaxMind will probably give me the next town over, because they don't want to give away full functionality for free. But the data is there. What they do give me is very handy for tracking visitors to my website. At least I can tell a Chinese hacker from a Spaniard from someone in Ohio. (And I know, for example, that it's ALWAYS the Chinese who try to hack into my website by making hundreds of requests at a time to test for things like Wordpress vulnerabilities. Russians stop by to download code. Chinese just try to do automated break ins, presumably to plant malware for driveby downloads.)

Spyware is completely separate. I don't use Google products and keep all but the base domain in my HOSTS file. I also don't enable any kind of location data and rarely use a cellphone. Nor do I use Google maps. If you're using Google maps on a cellphone, with location enabled, then they will know your location fairly precisiely from tower signal triangulation. But that's a different thing. With a cellphone you're basically wearing a tracking collar. And Google even sells that data in their "geofencing" business.

So there's a lot of location tracking going on via various spyware methods, as well as voluntary location tracking through cellphone apps that give driving directions, restaurant recommendations, suggested sex partners at a nearby bar, and so on. During the COVID situation, governments were encouraging people to install warning software. If you came within 6 feet of another cellphone sucker with the same software, who had recently tested positive, the app would warn you to get tested! Unfortunately it didn't discriminate between having lunch with an infected person vs passing them in your car.

It's highly unlikely that Google knows my home address just by seeing my IP, even in combination with their spyware. I just don't make that much data accessible. I haven't even seen ads to speak of for decades, simply due to HOSTS and disabling script. (I don't use any adblocker software.)

There was an interesting example of the spyware datamining several years ago:

Target is almost the last remaining US department store. They track customers any way they can. As a result of garden variety tracking and purchase history, they mailed ads for baby supplies to a teenage girl. The father found out his daughter was pregnant from the mailing.

So all of that is happening and it's astonishingly intrusive. Target knew the girl's name, address, shopping history, etc, probably from a charge card. (I avoid charge cards.) Or maybe because they suckered her into being a "loyalty member". Or possibly through a combination of disparate data that they collect or pay for.

The other day I read from a Mozilla article that Nissan claims the right, in their privacy policy, to track your sex life, presumably by filming you in your car.

Crazy stuff, and lawmakers are in the dark. But it doesn't help when Chicken Littles like Wally go around screaming, with no idea what they're talking about. It just gives the ostriches an excuse to keep their heads buried. The facts are plenty shocking without making stuff up.

Right :-)

I think they need access to the ISP hardware for doing this, so getting the help of the ISP would be faster.

True, they can use wifi maps. Still, the external query needs access to knowing the WiFi... or access to the OS location services.

I don't think the ISPs do this. Facebook, Google... maybe.

That was the point of the google maps test :-)

Not if using a new user. I'm certain on Linux, and probably on Windows.

When first used, it can only write things in the user directory, not globally.