The use of IP geolocation data: an overview

Probably nobody doubts that IP geolocation data should be important in many applications. If you know at least approximately where a device using a given IP address is located, obviously you can do a lot of things. Of course you may wonder how it can be found out, and you are right: doing it from scratch it is far from being straightforward (we have another blog about it if you are interested) Also, IPs are given dynamically and sometimes the devices using them change locations. This is also something one should bear in mind when using IP geolocation data. In spite of these potential difficulties they are really very useful. In the present article we provide a brief overview of at least some of the applications.

Intrusion detection

The relevance of advanced cyber attacks carried out by networks of professional agents can reach the level of international diplomacy. A good example is the APT-1 report exposing one of China’s espionage units. This is due to Mandiant, an American cybersecurity firm. Beginning in 2004, Mandiant monitored breaches in cybersecurity by agents referred to as the “Advanced Persistent Threat” or APT for many organizations across the globe. It had been proclaimed that “a large share of hacking activity targeting the US could be traced to an office building in Shanghai”. Although the Chinese government had denied the accusations, it lead to an increased political pressure on China from the US.

Even in cases attracting much less international attention, the analysis of cyberattacks necessarily involves inspection of the geolocations of the opponent. It is necessary to finally break down an attack e.g. by isolating the opponent’s infrastructure, or to conduct a successful counterattack. An access to IP geolocations can be useful even before an intrusion. Data from previously revealed intrusions or attempts can be correlated with those of actual traffic. IP geolocation data makes this activity more efficient.

E-mail security, anti-phishing

Phishing, a special form of social engineering has a tremendous and increasing impact, causing harm to many individuals and organizations worldwide. It aims at obtaining sensitive data by sending information pretending as if the attacker was a reliable, trusted party. Have you ever received any message stating that the maintainer of your e-mail service urgently needs your password in order to keep your account running? Or your bank needs your authentication data for some validation purpose? Probably yes: phishing became a part of our life, unfortunately. Frequently carried out by botnets during a longer time period, detection of phishing is a very important challenge for cybersecurity.

By using IP geolocations, for instance, e-mails can be subjected to a geographical plausibility check. By comparing the locations of the IP addresses occurring in the e-mail headers with the addressees’ data and the localization features of the e-mail content, malicious e-mails can be filtered out in many cases. A more detailed analysis of a larger set of such mails can then shed light onto a phishing campaign.

Online banking security

Credit cards are popular partly because of the ease of their use. There is a price to be paid for it, however: it is not very hard for someone to obtain all data of a card necessary to carry out a successful payment. Card companies, banks and other providers have to maintain security of transactions. IP geolocation data are essential for this purpose. All of them continuously monitor transaction data for regional discrepancies to reveal fraud ASAP. You paid for a coffee in a bar in California, and five minutes later you have purchased some luxury clothes online from a tablet in Paris? It is hardly possible that it was, the owner of the card in both cases. Luckily the aforementioned monitoring immediately reveals the threat.

Law enforcement

The Internet made many activities of even the simplest individuals global. This raises a vast amount of legal issues worldwide. Something might be legal somewhere in the world while being considered as a crime somewhere else. Some contents may be available in some regions of the world while copyright protected in others. Assuming that you provide a service which is not welcome in some regions, how do you decide where the communication of your client comes from? Investigating some suspicious activity, how do you find out where the actors came from? For sure, IP addresses are at your hand in all the cases, so IP geolocations can answer many of such questions.

Web content personalization, marketing research

It is quite a common expectation that a webshop should use your language and currency, no matter where it is actually operated. This should work even if you are not yet signed in or haven’t configured anything. Again, it is only your IP address which can be turned into location information.

Suppose you are running a successful business on the web and you want to make a survey of your clients to see whom your future marketing strategy should address. Using IP geolocation data can easily turn your web server access logs or other server data containing IP addresses into valuable business information. You will be able to analyze your traffic in physical time and space.

But not only on a strategic level: in everyday operation of a targeted advertisement service, the location of the consumer to whom an actual ad is directed to is of fundamental importance. And the IP address involved in the communication is always there to enable the localization of the client.

Content delivery networks (load balancing)

The applications we have mentioned so far relate to business aims or security considerations. But there are several others which are purely technical. A good example is communication load balancing.

Content delivery networks (CDNs) distribute services spatially to end-users to provide high availability and high performance. A significant portion of data available on the Internet today is distributed through various types of such network. As a distributed architecture, load balancing techniques play a very important role in their design and operation. It is easy to see that IP geolocations are very useful from this point of view, too.

Social sciences

The last example of our brief overview is an application which is maybe the most unexpected for a more technical-minded reader: IP geolocations can be useful in social sciences, too. For instance, in a research paper B. State et al. (2003) have published the results of their study on international human mobility, including tourism and also migration, entirely based on IP geolocations. By analyzing over 100 million anonymized logins from Yahoo!, they found relevant trends in migration and interesting structures in global tourism. They state that “the dataset, methodology and results presented have important implications for the travel industry, as well as for several disciplines in social sciences, including geography, demography and the sociology of networks.”

Conclusion

The above incomplete outline of applications of IP geolocation data clearly shows their importance. Maybe you have also found that you are in the need of these data. Though their accurate generation from scratch is a significant technological challenge, to actually obtain them is easier than you would think, especially using our IP geolocation API at https://ip-geolocation.whoisxmlapi.com.