ipinfo.io uses a probe network for this[1], but even then a server physically located in the Netherlands with an IP announced as being from, say, Seychelles would still respond to pings faster from a European location than from somewhere like Singapore (unless you go out of your way to induce latency to ICMP responses).
[1] https://ipinfo.io/blog/probe-network-how-we-make-sure-our-da...
Might be hard to get the ping response time right from your Seychelles probe if you’re pretending to be in Seychelles but actually in Netherlands
That way you can still get the 'right' ping times to all places
Interesting technical insights though.
Previous discussion: https://news.ycombinator.com/item?id=5319419
Some background info: in China, all online discourse are required to show the user's provincial-level origin, or country name for non-mainland users, using geoip. this is enforced by the Cyber Admin Commission of CCP.
BTW, does his CF WARP scripts still work? I know he no longer updated it, but never really knew if it still works after all these months (years?).
My impression it either setup a socks5 proxy or generate a wireguard config and connect to CF.
What is the point of such a rule?
I understand why one would want to show that a foreign user is foreign, but what's the point for showing provincial origin?
If you look at how American social media is, with people from Texas claiming to know in detail what New York is like (and vice versa), it makes some sense.
Not saying I agree with it and the privacy implications, but I can see the sense.
That said, most European countries are smaller than bigger Asian cities, and no country on Earth is less than 4x smaller than China or India, so it might be just a fair game.
Some western sites are blocked in some regions but not others.
Hmm, it's a bit dark: China does not have a federal level task force like the FBI or CIA, raids/arrests are executed by provincial or municipal PD. It's called 公安属地原则 thingy
That actually says more about what the Western "First World" media feeds their people, that the rest of the world is 20 years behind and stuff :')
Maybe 10, maybe some places, sure. In terms of social progress and basic rights, hell there are places that are 50 or even 200 years behind (see Afghanistan's treatment of women for example)
But tech-wise, I was surprised when I visited some parts of the Middle East and Asia; almost everything was available online, paid for electronically, clean and effective mass transport, walkable and safe cities..
Well western or pretty media having no access to the country pretty much guarantees that everything they might be reporting is a mix of speculation and outdated information. Doing the best you can with whatever data is available doesn’t seem like an unreasonable approach.
> see Afghanistan's treatment of women for example
Or much of the the “advanced” gulf states..
I will agree that for most people in North Korea access to the outside internet is limited, but your claim that "All computer access is gated" is a stronger one, that I haven't seem evidence for.
Also, we know that Red Star OS exists, but I haven't seen any information about it's actual use. I can imagine it's used in certain sectors (e.g. education or certain ministries), but if you have information about it's usage I'd be interested to see that.
My gut feeling is that there is probably still a lot of cracked windows PCs also used in industry, but I have no evidence for that either. This is just based on how in my experience China works, and the fact that there is some business exchange between North Korea and China.
Interestingly, according to RIPE, North Korea has only assigned one IPv4 block (see https://github.com/analogic/ipgeo/blob/master/by-country/KP), whereas Antarctica has none.
Interesting, this really does seem to work on any site behind CF. Are there any other endpoints like this?
also important point when you using Starlink and got totally different "relay" station sometimes can be thousand miles away, I think we need to "upgrade" our internet infrastructure for interplanetary system
The regulatory imperative isn’t going anywhere, even if we degrade our good-enough, handshake-based, AS-operator-trusting system.
If history is any guide, any replacement technology might look a lot more intrusive and a lot more onerous: the first thought that comes to mind is some kind of DRM-style, device-based, attested location surveillance (tied to a government ID? Why not?!) as “proof of location,” and I’m sure the powers that be could come up with “better”…
Unfortunately, I don't think that not gaming GeoIP will change that. It's going there already.
> In reality, the “location” of an IP is inherently fuzzy. For instance, my 2a14:7c0:4d00::/40 block was originally allocated to Israel. But later, I bought parts of this range and announced them via BGP in Germany, the US, and Singapore (see previous article on Anycast networks). Meanwhile, I’m physically located in mainland China. As the owner of this IP block, I can also freely edit the country field in the WHOIS database — and I set it to KP (North Korea).
> Because of this ambiguity, it’s nearly impossible to precisely determine an IP’s location using any single technical method. As a result, almost all geolocation databases accept public/user-submitted correction requests.
I would not be surprised if this practice is technically against most terms of service.
It doesn't really matter. RIPE and other RIRs let you put whatever metadata you want for an IP range into the database, and you can serve whatever you want from your own geolocation feed. If the geolocation providers don't like it, it's up to them to stop fetching your data.
I bet they didnt to buy cooling system /s
https://blog.lyc8503.net/en/post/asn-1-asn-registration/
quickly skimming the article i couldn't see a specific price for the ipv4 block, but ipv6 is cheap - the article mentions having to pay at least $50 a year + service fees to a "LIR", and you also need a BGP-enabled hosting provider which i imagine will come with similar cost at least (don't quote me on that).
If this was the case, and theres tons of financial incentive to do so, wouldnt cloudflare,etc, block not based on the reported 'country' but some fuzzy heuristic that knows what country it comes from? hops?
Even just jitter in router response time is already higher than the difference in latency due to speed of light between those locations. And just France is large enough that a connexion to some IP in France might legitimately travel further or not compared to a connexion to some other country, from basically any vantage point you might be looking from, and might or might not round-trip through Paris, adding potentially up to 1500 km of uncertainty in the path.
Identifying the interchanges the packets go through can help though, but not as much for residential ISPs.
But cloudflare already is toxic, doable third party cookies - friction nonstop, etc.
But thanks to this series I setup an ARIN account, got allocated ipv6 and ipv4 addresses and starting the ASN assignment process. It’s a fun rabbit hole to go into.