Online adverts could soon start stalking you. A new way of working out where you are by looking at your internet connection could pin down your current location to within a few hundred metres.

Similar techniques are already in use, but they are much less accurate. Every computer connected to the web has an internet protocol (IP) address, but there is no simple way to map this to a physical location. The current best system can be out by as much as 35 kilometres.

Now, Yong Wang, a computer scientist at the University of Electronic Science and Technology of China in Chengdu, and colleagues at Northwestern University in Evanston, Illinois, have used businesses and universities as landmarks to achieve much higher accuracy.

These organisations often host their websites on servers kept on their premises, meaning the servers’ IP addresses are tied to their physical location. Wang’s team used Google Maps to find both the web and physical addresses of such organisations, providing them with around 76,000 landmarks. By comparison, most other geolocation methods only use a few hundred landmarks specifically set up for the purpose.


Closing in

The new method zooms in through three stages to locate a target computer. The first stage measures the time it takes to send a data packet to the target and converts it into a distance – a common geolocation technique that narrows the target’s possible location to a radius of around 200 kilometres.

Wang and colleagues then send data packets to the known Google Maps landmark servers in this large area to find which routers they pass through. When a landmark machine and the target computer have shared a router, the researchers can compare how long a packet takes to reach each machine from the router; converted into an estimate of distance, this time difference narrows the search down further. “We shrink the size of the area where the target potentially is,” explains Wang.

Finally, they repeat the landmark search at this more fine-grained level: comparing delay times once more, they establish which landmark server is closest to the target. The result can never be entirely accurate, but it’s much better than trying to determine a location by converting the initial delay into a distance or the next best IP-based method. On average their method gets to within 690 metres of the target and can be as close as 100 metres – good enough to identify the target computer’s location to within a few streets.

Client independent

That kind of accuracy normally requires people to deliberately disclose their location, but Wang’s method works without the user’s permission. “This is a client-independent method,” as he puts it. “The client does not need to approve anything.”

You can avoid any geolocation method by routing traffic through a proxy server, which makes you appear to be elsewhere. Wang can’t get around this, but says he can detect proxies and so he can at least return a null result rather than a false positive.

Although Wang’s method could potentially allow adverts to target a certain street, advertisers may prefer to retain broader messages. “The majority of brands wouldn’t necessarily want to go to that much granularity,” says Jack Wallington at the Internet Advertising Bureau in London. He says the method could be useful in certain situations, however, such as targeting hungry office workers with vouchers for nearby takeaway food outlets.

Wang presented the research last week at the Usenix Symposium on Networked Systems Design and Implementation in Boston.