A technical webinar featuring Oliver Gasser, Head of Research at IPinfo, discussing the methodologies behind IP geolocation. Here are the most interesting technical details.
The Core Challenge: Geolocation is a Moving Target
The fundamental misconception about IP geolocation is that it’s a solvable problem with a finish line. In reality:
“Geolocation is a moving target. You have to constantly be innovating and improving to even keep the accuracy you’re currently at.”
IPinfo observes more than 10% monthly city-level location changes across their database. The causes include IP leasing, network reorganizations, and multinational companies shifting resources between data centers based on demand.
Geolocation Hints: Building the Picture
Geolocation databases aren’t built from a single source. They aggregate multiple “hints”:
- Geo feeds: IETF-standardized CSV files where network operators publish prefix-to-location mappings
- WHOIS entries: Country-level data, sometimes with finer details in comments
- Reverse DNS records: Often encode airport codes or city identifiers (e.g., three-letter codes in traceroute paths)
- Device data: Collected via apps and third-party partnerships
- Latency measurements: Used for validation rather than primary location determination
The challenge is that some hints are unreliable. Network operators generally have good intentions, but there are incentives to misrepresent locations—particularly in the VPN industry.
Physics-Based Validation
This is where it gets interesting. IPinfo validates location claims using speed-of-light constraints:
“We know that a packet or anything cannot go faster than the speed of light. In fiber, the maximum speed is usually two-thirds of the speed of light—200,000 kilometers per second.”
By measuring round-trip times from their probe network, they can mathematically eliminate impossible locations. If a server claims to be in the Bahamas but responds in 0.27 milliseconds from Miami, that’s only 27 kilometers—physically impossible for the Bahamas.
“We have proof that this location cannot be accurate, whereas we can say this other location is a possible location.”
The Probe Network
IPinfo operates over 1,300 points of presence across 140+ countries and 540+ cities. Key stats:
- Half of all autonomous systems are reachable within 1.3 milliseconds
- Presence in niche regions: Malawi, Iceland, Isle of Man, Guam, Mauritius
- Runs custom measurement software: pings, traceroutes, port scans
The advantage over platforms like RIPE Atlas is flexibility—they can deploy any measurement type immediately rather than being limited to predefined options.
VPN Location Claims: Trust Issues
IPinfo analyzed 150,000 VPN exit IPs across 137 claimed countries. The findings:
“17 out of the 20 providers we analyzed had instances where traffic was exiting a different country than the country the VPN provider claimed.”
They identified 38 countries where VPN providers claimed physical presence but had no actual exit nodes—only “virtual locations” where traffic routes through a different country entirely.
The Bahamas example is illustrative: multiple VPN providers claimed Bahamas exit nodes, but latency measurements showed sub-millisecond responses from Miami and New York. The servers were clearly in the US.
“27 milliseconds means it’s 27 kilometers away from Miami. That’s not the Bahamas.”
Only 3 of 20 analyzed providers had fully accurate location claims.
IPv6: The Expanding Frontier
The IPv6 address space is so large that exhaustive scanning is impossible. IPinfo’s approach:
“We conduct measurements to a very large number—more than IPv4 measurements actually—towards IPv6. That’s to all of the addresses that we know or we’ve encountered during our measurements.”
They build target lists from traceroutes and other passive collection, then actively measure those known addresses.
Accuracy Benchmarking
IPinfo maintains ground truth IP addresses excluded from their pipeline for internal validation. They also rely on customer comparisons:
“A large CDN recently did a comparison between us and other geolocation database providers and we came out on top with 85% city-level accuracy and the others like 67 or so.”
Update frequency matters significantly. IPinfo publishes daily database updates, with API access providing near-real-time data. They note that customers running monthly update scripts undermine the value of fresh data.
The Dynamic Internet Problem
When asked about the biggest challenge in internet measurement:
“If I would basically boil it down to a single thing, it’s just the dynamic nature of the internet. It’s a moving target. You can’t say we just have 10% more to go and then we are there, because at that point it’s already moved away again.”
An extreme example: Maldives’ capital reportedly routes 64,000 users through a single IP address. Determining accurate city-level geolocation for such scenarios remains an open challenge.