IP Geolocation Worst Practices

Adam DuVander
Jun. 02 2009, 12:50AM EDT

Geolocating your users can create a better experience, but it can also be used in devious ways. For example, cathysteeth.com claims to have a cosmetic dentistry solution discovered by a mom. And wouldn't you know it, Cathy lives in your home town. And your home town.

How does Cathy manage to live in the same city as anyone visiting her site? The secret is a little bit of JavaScript that uses the MaxMind GeoIP API.

JavaScript code lies about location

The first time I visited cathysteeth, it claimed Cathy lives in Portland, Oregon--same as me. Curious, I loaded the site via a proxy and this time it claimed Cathy lived in the same place as my server, Culver City, California. That is because MaxMind, and similar services, use IP addresses to look up location. Every computer connected to the Internet has its own IP address.

To be fair, Cathy isn't alone in seeking a benefit from knowing a user's location. Google uses it to show local advertisements and dating websites have long taken advantage of the lonely with "get a date tonight in Your Town" banners.

The difference is that Cathy is preying on the assumed trust of a local success story. She is hoping that if you think she's your neighbor that it can't be a scam. Obviously, this is not an ethical use of IP location data.

And of course, Cathy doesn't really exist. Or, if she does, she should probably ask jennifersfirstblog.com to take down her similar site. Jennifer, too, lives in your home town.

Adam DuVander -- Adam heads developer relations at Orchestrate, a database-as-a-service company. He's spent many years analyzing APIs and developer tools. Previously he worked at SendGrid, edited ProgrammableWeb and wrote for Wired and Webmonkey. Adam is also the author of mapping API cookbook Map Scripting 101.

Comments

Comments(2)