How do sites like Airbnb know my location without my consent? - ip-geolocation

See screenshot below. Airbnb knew my location was in Los Angeles. I visited the page in incognito mode. I'm not logged in. I did not consent to geolocation via HTML5 (the browser didn't even prompt me). So how do sites like Airbnb know my location?
My guess is with my IP address. If that's the case, could someone show me how I could replicate that if I were to build a site? Is there an API by Google or someone that provides that service? As far as I can tell the majority of Google Maps' API requires some sort of user input.
Airbnb_screenshot

How do sites like Airbnb know my location without my consent?
Through IP Address Geolocation. If you visit https://www.ipinfo.io, you will see that that your geolocation estimate is fairly accurate. But you haven't provided that service any kind of location permission, hence the word "estimate".
For IP Geolocation:
They don't need a permission for IP Geolocation through HTML5
They only need your IP address
To populate the location information from the IP address, the IP geolocation service provider will aggregate data from various sources and perform analytics to come up a with an estimated location which is accurate on a city or postal code level.
But because this data is collected from IP addresses, changing your IP address through a VPN or hosting can result in inaccurate IP geolocation address. But IPinfo can detect VPN usage as well:
disclaimer: I am the developer success manager at IPinfo

Nowadays, it quite common to geolocate users based on their IP addresses. Despite what people may argue, IP geolocation, especially country estimation is really accurate (more than 99% for IP addresses assigned in developed countries).
Some users may hide their real IP address using a proxy. That's why services such as Ipregistry (disclaimer: I run the service) include threat data along with IP geolocation data. This way you can detect suspicious IP addresses.
Getting information is as simple as calling an HTTP endpoint:
https://api.ipregistry.co/?key=tryout

Related

Google Geocode API IP restrictions

When using IP restrictions for the Geocode API, what IP address should I put there? The IP address returned by a Google search of "What is my I.P."? Or the I.P address of the server where the application/website files are hosted?
I have a website under inMotion Hosting and I tried to put their i.p as in the restrictions, but that doesn't seem to work.
I don't think I have to put the internet I.P address of everybody who visits my website since I cannot know who will visit and where.
Please let me know, I'm confused
you either have to pass ...
a) the server's IP, when geo-coding server-side (PHP API) or
b) the client's IP, when geo-coding client-side (JS API).
the server's IP should be known, for the client-side IP, see this Q&A.
in principle, it's always the IP of the party which actually requests data.

Why is the zone "asia-northeast1-a" showing up as in California instead of Japan

According to https://cloud.google.com/compute/docs/regions-zones/, the region/zone "asia-northeast1-a/b/c/" should suppose to be in Tokyo, Japan. But once I came up with the virtual machine with that zone/region, an IP trace/lookup website such as http://www.ip-tracker.org/locator/ip-lookup.php would say the VM is still in California where Google is. I meant to have the VM set up as a proxy (server) so that the VM appears to be in Japan to be able to browse content restricted to Japan. Am I misunderstanding the region/zone here? Thanks!
Many external Geo IP services solely depend on SWIP database/ WHOIS entry. Almost all Google IP addresses are SWIP’ed to Mountain View, California. Both of these do not reflect anything about the physical location of the machine answering packets to an IP address nor the decisions on how packets are routed to the destination.
Rest assured, although the IPs seem to be US based; the VM instances will be running in the geographical zone you selected. It is a common practice to remap a block of IPs from one location to another, especially given the elasticity of IP addresses for the Google Cloud Platform. You can learn more about the different regions and zones from this article.

Restrict public web application access to specific dynamic source IP addresses

I'm developing a web application using Laravel hosting on a public cloud. Now, the application can be accessed publicly on the internet via domain address. However, I want to restrict to only users who are connecting to the organization networks to be able to use the application since we do not want the application to be used at home or elsewhere.
At the moment, the organization has 2 places (2 public internet networks) where they must be able to access to the application. Both of them are using home-standard internet where IP address changes every time the internet reconnects. As we do not have static IP addresses, I cannot filter user by using IP address filter. The IP filter rule must be changed every time when the organization network reconnected.
My application already have solid authentication and authorization mechanism and, of course, the users must know this information since they must access the app for work. However, this doesn't meet the requirement.
I have thought about the VPN but it (probably) doesn't not work because if we allow user the access to the VPN, they still be able to access the VPN anywhere and use the application outside the work places. If we restrict the VPN client to access from specific IP address, then when the IP changes, the same problem occurs.
To sum up, I would like to ask for the advice on how to restrict the access of web application, hosted on public internet, to the users that are connecting from the public IP address that can change every time when the internet reconnected. The requirement may sound strange but it is as it is. Please feel free to ask for more details if you want to and have a discussions on the suggestions.
Thank you in advance.
You could setup a client for a dynamic dns service (e.g. dyndns) on the client-side.
Then you could use that on the server-side to always check against current IP using that dns.
As alternative you could bind the website to localhost only and only let it be accessed via an pubkey-enforced SSH tunnel (and make that get auto-established by a script/scheduler on the client side, on a permission level outside of the users' reach, so that they can't take the private key needed for the connection anywhere)
You can use different PHP methods and variables to detect from where the request has been originated. Just whitelist your domains and organizations, and allow only them by adding a middleware.
Additionally, you can generate a token using Laravel Passport or you can create your own mechanism, and then use that token to authenticate if the request is valid or not.
Since the IP changes, you can setup a dynamic dns or as suggested on the comment above.

Map my domain name with my own server

Hi I am having my own domain mydomain.ac.in and i am having my own server (windows 2008) and a Public static IP.
Now i want to host my site in my own server.
Please give me the step by step information to get it done.
Thanks.
You need to register your domain with some DNS hosting service (DNS provider), there is such an astronomic number of these on the web that I do not want to spam the site. Google.
Also, collocation center where you keep this server (and from where you have probably obtained that public IP) may also provide DNS services.
From the other side, any computer can be configured as the name server but this will probably not work Internet wide and can be used inside the local network only (combined with DHCP service). If there is an easy way to make this Internet wide, I would also be very interested in, but I doubt.
Your operating system is not much relevant to this question.
I registered my domain already in ernet by indian Government and I got my Public Static IP from BSNL India. I hosted my site already and i am able to access my site already using the ip. Now i want to map my domain with the server that i have so that i can access my domain using a domain name.
I tried the steps in http://www.hosting.com/support/dedicated/dns/setdns#additional.. But when i add the name server information it says cannot resolve hostname??? that s why i want to know where i am making mistake..
I once again tried the steps at http://www.hosting.com/support/dedicated/dns/setdns and got it right..Now i have updated the name server info at my domain registrar ernet and waiting for it to be updated. Thanks fo the people helped me

Can I use google to determine vhosts on same IP?

Can I use google -- specifically i am thinking of the google ajax api -- to enumerate a list of host names of websites that are hosted on a particular IP address.
Note
Yes, I know that other mechanisms, such as MSN search and obviously DNS services can be used, but I am specificially looking for whether a google solution exists.
AFAIK Google doesn't give out the IP addresses in its search results (unless the URL is only accessible from IP address rather than a host name).
I know you only want Google solutions, but have you tried My IP Neighbors? You put in a URL or IP and it gives you the sites also hosted on the IP.
Not sure you can do with google ajax api; however I think that the best solution would be more oriented towards a sysadmin job (thus ask serverfault..), mainly:
find which nameserver is authoritative for such website
find out which other domains using that nameserver as authoritative
simply because websites hosted on the same server are often served by the same DNS.
On a side note, since a DNS can be authoritative for other domains (not hosted on that IP), you might want to double-check that list and do a lookup on all domains, filtering out those that are hosted on a different server.
This leaves open the question of load balancing, tho: what if a domain is hosted on more than one server?
The answer is left as an exercise to the reader. :)
I searched through Google's forums for SEO Q&A and technical Q&A. The issue of whether Google captures IP addresses is not directly addressed. However, there is at least one answer which suggests Google doesn't care about IP addresses (see squibble's second response.)

Resources