Ever had a bad day? I mean one where nothing makes sense at all? The kind of day Kafka seemed to have every Tuesday? Well, today’s story is about someone who has that kind of day every day and has since around 2002. There is a nice, 82 year old, lady named Joyce Taylor who lives on her family farm in Kansas. Normally that’s not the kind of thing that sparks a Steven King story, or a Kafka reference, but here we are. You see, Mrs. Taylor, and her family, live near the center of the United States. There is corn, wheat, cows, and a dumping ground for unknown IP addresses. It is that last little bit of trivia that has led to threats, vandalism, FBI raids, and random acts of hatred. What did the gentle Mrs. Taylor do to deserve this?
Well, nothing really.
I’ll let Kashmir Hill, from Fusion, tell you all about it.
For the last decade, Taylor and her renters have been visited by all kinds of mysterious trouble. They’ve been accused of being identity thieves, spammers, scammers and fraudsters. They’ve gotten visited by FBI agents, federal marshals, IRS collectors, ambulances searching for suicidal veterans, and police officers searching for runaway children. They’ve found people scrounging around in their barn. The renters have been doxxed, their names and addresses posted on the internet by vigilantes. Once, someone left a broken toilet in the driveway as a strange, indefinite threat.
All in all, the residents of the Taylor property have been treated like criminals for a decade. And until I called them this week, they had no idea why.
To understand what happened to the Taylor farm, you have to know a little bit about how digital cartography works in the modern era—in particular, a form of location service known as “IP mapping.”
IP refers to an Internet Protocol address, which is a unique identifier assigned to a computer or a computer network. IP addresses play an essential role in computers talking to each other, and every internet-connected device needs one. The device you’re using to read this article has an IP address, and when you visited this site, our servers wrote it down. So we now have a record that someone using that particular IP address read this story in our server logs. Sometimes, through some sophisticated sleuthing, you can find out more information about a specific IP address—for example, whether it’s been associated with a malicious device, or where in the world it’s located.
The trouble for the Taylor farm started in 2002, when a Massachusetts-based digital mapping company called MaxMind decided it wanted to provide “IP intelligence” to companies who wanted to know the geographic location of a computer to, for example, show the person using it relevant ads or to send the person a warning letter if they were pirating music or movies.
There are lots of different ways a company like MaxMind can try to figure out where an IP address is located. It can “war-drive,” sending cars around the U.S. looking for open wifi networks, getting those networks’ IP addresses, and recording their physical locations. It can gather information via apps on smartphones that note the GPS coordinates of the phone when it takes on a new IP address. It can look at which company owns an IP address, and then make an assumption that the IP address is linked to that company’s office.
But IP mapping isn’t an exact science. At its most precise, an IP address can be mapped to a house. (You can try to map your own IP address here.) At its least precise, it can be mapped only to a country. In order to deal with that imprecision, MaxMind decided to set default locations at the city, state and country level for when it knows only roughly where the IP address lives. If it knows only that an IP address is somewhere in the U.S., and can’t figure out anything more about where it is, it will point to the center of the country.
As any geography nerd knows, the precise center of the United States is in northern Kansas, near the Nebraska border. Technically, the latitudinal and longitudinal coordinates of the center spot are 39°50′N 98°35′W. In digital maps, that number is an ugly one: 39.8333333,-98.585522. So back in 2002, when MaxMind was first choosing the default point on its digital map for the center of the U.S., it decided to clean up the measurements and go with a simpler, nearby latitude and longitude: 38°N 97°W or 38.0000,-97.0000.
As a result, for the last 14 years, every time MaxMind’s database has been queried about the location of an IP address in the United States it can’t identify, it has spit out the default location of a spot two hours away from the geographic center of the country. This happens a lot: 5,000 companies rely on MaxMind’s IP mapping information, and in all, there are now over 600 million IP addresses associated with that default coordinate. If any of those IP addresses are used by a scammer, or a computer thief, or a suicidal person contacting a help line, MaxMind’s database places them at the same spot: 38.0000,-97.0000.
Which happens to be in the front yard of Joyce Taylor’s house.
IP addresses were never designed to be used for locating a physical location, but more and more companies, and amateur detectives, use them for just that. Sometimes the results are hilarious, but often they’re not.
Kashim has many examples in her article that will give you pause. People are assumed guilty until proven innocent when things like this happen.
To their credit, MaxMind is changing the default address, hopefully to somewhere near the north pole (actually to the middle of an ocean), and is working with others who are experiencing problems, but this is going to take a while.
You’re talking about millions of potential mistakes.
Well, I’m talking about them. You’re reading about them. But you get the idea.
Kashim rounds this all out for us.
There are lots more of these phantom IP houses. When Dave Maynor (her research assistant) sent me that list of thousands of locations in the MaxMind database that have aberrantly high number of IP addresses associated with them, my colleague Kristen Brown and I called dozens of them. Many remain blissfully unaware that they’re living in an IP flood zone; they’d never had strangers show up on their doorstep. Apparently, the IP addresses attached to their homes haven’t yet been used for anything nefarious. Yet.
One important lesson of my sleuthing is that IP addresses, which get used as digital evidence in criminal trials and to secure search warrants, are not always reliable. Like Social Security numbers, they were a numerical system built for one purpose that are now used for something completely different. Social Security numbers were designed to keep track of a person’s earnings over their lifetime, but are now the security token used to lock down their entire identity. IP addresses were meant to allow computers to talk to each other, but have been repurposed to reveal details about the person behind that computer. The words “security” and “address” in their titles promise more than they can deliver.
I’m not sure how much I need to emphasize this, but just as John Oliver showed how credit reports can be wildly fictional (I was dead, while still in prison, on one for a couple of years – for the record, I’m alive and have never been to prison), IP Addresses are only meant to do one thing; let your computer talk to another computer. If you’re looking for more information than that, get a phone book.