TR-06-05: Internet Geolocation and Evasion

Abstract

Internet geolocation technology (IP geolocation) aims to determine the physical (geographic) location of Internet users and devices. It is currently proposed or in use for a wide variety of purposes, including targeted marketing, restricting digital content sales to authorized jurisdictions, and security applications such as reducing credit card fraud. This raises questions about the veracity of claims of accurate and reliable geolocation, and the ability to evade geolocation. We begin with a state-of-the-art survey of IP geolocation techniques and limitations, and examine the specific problems of (1) approximating a physical location from an IP address; and (2) approximating the physical location of an end client requesting content from a web server. In contrast to previous work, we consider also an adversarial model: a knowledgeable adversary seeking to evade geolocation. Our survey serves as the basis from which we examine tactics useful for evasion/circumvention. The adversarial model leads us to also consider the difficulty of (3) extracting the IP address of an end client visiting a server. As a side-result, in exploring the use of proxy servers as an evasionary tactic, to our surprise we found that we were able to extract an end-client IP address even for a browser protected by Tor/Privoxy (designed to anonymize browsing), provided Java is enabled. We expect our work to stimulate further open research and analysis of techniques for accurate and reliable IP geolocation, and also for evasion thereof. Our work is a small step towards a better understanding of what can, and cannot, be reliably hidden or discovered about IP addresses and physical locations of Internet users and machines.