Hacker News new | past | comments | ask | show | jobs | submit login

Since IBM has IP address of the request, they can map this to WiFi locations via geolocation. If IBM infers your home WiFI street address, this can be correlated with other data sets (e.g. credit card history) for further analysis, even if Apple does not send additional data in the API request to IBM's weather API endpoint.



As far as I know (and please correct me if I am wrong), geolocation is not quite that magical. At best they can infer who your ISP is and the region your IP block was assigned to.


Some wireless access points have a fixed IP over time, which lets IBM reasonably predict "anyone coming from ipaddr X is probably using wifi Y which is provably at lat/long Z" with sufficient levels of certainty.

This probably works better with "My Home AP Uses A Cute Name That's Hilarious" if your IP rarely changes and you have other software leaking data to IBM, but less well for "xfinitywifi".


In order for that to work in the way I am imagining, it would be necessary for the SSID to be available and correlated to access point's IP address. While this could be performed by wardriving open WIFI networks, it would be harder to gather this on a protected network.

Again, I'm not an expert here, and would be happy to learn more about whether this sort of data collection is possible.

edit: this is quite an interesting rabbit-hole I've stumbled into. It seems that there are databases correlating SSID to location, but aren't collecting IP addresses of those networks:

https://wigle.net/faq

https://wigle.net/phpbb/viewtopic.php?t=1620


If you have a static IP address at home, that IP address can be searched in public geolocation databases online. Try it. It will list a number of possible physical addresses.

That's available freely on the web. Hedge funds and others buying data from IBM can buy data from higher quality sources, including wireless carriers, financial institutions and data brokers.


Most residential ISPs use long lived DHCP leases, and do not issue true static IP addresses.

Do you have an example of an IP address that geolocates to its homeowner's actual address (as opposed to region/city?)

Again, geolocation databases are not magical. This article explains that and some deficiencies:

https://splinternews.com/how-an-internet-mapping-glitch-turn...


Long-lived DHCP leases work. There are many examples, try the client IP addresses from the headers of emails that you receive. Geolocation dbs are not magical, but they are often close enough for practical use.


You do realize this is happening all the time with Android OS, FB's family of apps and most popular free apps that make $ from ads, right?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: