Using nothing more than the unique number assigned to every Internet connection, websites could determine whether you’re logging on at home, at work, or a travel location like an airport or hotel, researchers at Microsoft have shown. They say the technique could target advertisements more precisely—or improve the security of Web services by identifying users as legitimate according to their location.
Websites commonly use the numbers known as Internet protocol (IP) addresses to approximate the physical location of visitors (visit this site to see the location guessed from your IP address). The method, which is typically accurate to the level of a city, lets advertisers target people with local deals.
Until now, though, IP addresses have not been used to determine what kind of place the person is connecting from. Researchers at Microsoft Research Silicon Valley used a data set of IP addresses collected from logs of updates to an unnamed widely used software package and from log-ins to an unnamed popular webmail service. Tracking user locations by IP address could help advertisers sidestep suggested features of the “do not track” option that Congress is considering as a way to let people opt out of tracking by advertisers.
They first identified the IP address or addresses where each user most frequently logged in. Then they tagged any addresses more than 250 miles away from those as “travel.” Combining the logs for different users and looking at the timing of log-ins sharpened the labeling of IP addresses as either “home,” or residential connections, “work” locations such as offices, or “travel” locations from which many different users logged in when away from home. To make the results more robust, IP addresses were assigned to a particular category only if the records of the majority of people that had logged in there led to the same conclusion.
Verifying that the resulting database identified locations accurately would require following people around, but other clues suggest the method works. The software update data showed that over 90 percent of “travel” IP addresses were associated with laptop computers rather than desktops, while “home” IP addresses were equally likely to be a laptop or a desktop. Another test compared the logged IP addresses with a small public data set of nearly 4,000 known residential broadband IP addresses. Around 24 percent of the “home” IP addresses overlapped with that set, compared with just 0.4 of “travel” IP addresses.