27 comments

[ 3.3 ms ] story [ 73.1 ms ] thread
Which method are they using?
Well, it can’t be the JavaScript location API, because there’s no JavaScript on that page, and anyway my browser would ask me if the page wanted to use my location. The only other method I know of that relies on information the site could get just by my visiting the page is looking the IP address up in a database of IP addresses and locations.
I work there. It's MaxMind.
Not very accurate for me. Wrong by about 400km. (that's basically from one end of my country to the other end)
For me, it was wrong by about 50 miles.
It's off by ~10 miles, but since there are several million people between me and where it thinks I am, that's not particularly disturbing.
Same for me as well. I'm being detected all the way in another prefecture.

I find it strange that depending on the device, that I will be detected in different areas (even within the same service).

For example: Google Maps says I'm at a park about a 10 minute drive from my current location. But if I view the mobile version of it on my iPod, it can find me to the room of the building I am in.

Anything that's not google or apple puts me in Hamanako, which is a 2 hour drive on the expressway.

Cool. But what are the terms of use around this one?
The payload is not JSONP and strikes me as a bit impractical:

    Geo = { /* object literal */ }
I assume this service is meant to be consumed via <script> tag injection. Without a JSONP-style callback parameter, what are consumers to do, inject-then-poll until a "Geo" object is found in the global scope?

    <script src="http://geoiplookup.wikimedia.org/"></script>
    <script>geoloaded()</script>
    </body></html>
The approach of dynamically generating a callback script is more robust than pure JSONP. If your URL returns an error (e.g., 404), you immediately notice, instead of waiting for the time-out. These days, my usual approach looks something like this in flight:

    <script type="text/javascript">
        var response = undefined;
    </script>
    <script type="text/javascript" src="...">
       // response = { .... };
    </script>
    <script type="text/javascript">
       _callbacks[1234](response); // response == undefined means error
       response = undefined;       // allow garbage collection
    </script>
    
It's a bit more administration, but I really like not having to worry about dynamic callback names, delayed errors, or non-existent callback functions any more.
Hey folks, just FYI, I work there and this is not intended to be a public API for anyone to use. As others have pointed out, it's trivial to set up such a service yourself anyway.

I know the security-minded among you are going to start complaining that it would be easy to add a nonce, but we'd rather avoid that. Our strategy is to serve virtually everything from cache.

If anyone wants something similar I built a version of this a few weeks ago: https://github.com/contrast/geoip_sinatra

It's a sinatra app which uses the MaxMind data, typically responds in < 1ms, and it has caching built in (if you deploy it to heroku).

Interestingly, the latest version of Google AppEngine automatically geolocates every request (to the country level anyway)

All user request have an X-AppEngine-Country header which contains the ISO-3166-1 alpha-2 country code for the user, based on the IP address of the client request.

(from Version 1.5.1 http://code.google.com/p/googleappengine/wiki/SdkReleaseNote...)

Hmmm, as a chinese user behind a VPN (that i just checked was working), I'm amazed it pinpointed me down to my true city... Not sure if my vpn service passes my IP along or something else...