Good post. I think that yes, geolocation is hard, equally as you point to, it would be odd that bad actors and states wouldn't try to influence or manipulate using these platforms when they've done espionage and all sorts for years (what do you mean Bond is a movie?). I would say I don't think this story should be framed as Trump vs everyone else. If you look at who has been revealed as not where they seem, it cuts across left/right, populist/not populist, and all the geopolitical hot spots. Pro and anti-brexit and so on. Another example are Scottish Nationalists - some of the nosiest accounts first went quiet after the attack on Iran back in June, and when it was revealed on X that their locations were not in the UK - well, 2 + 2 does more than likely equal 4 in this case.
The which app store marker is stickier than IP geolocation though. You typically need a payment method from the country you are switching to: https://support.apple.com/en-gb/118283
I get the point about geolocation being hard/spoofable, but a user’s location used to be provided with every single post so presumably they never stopped recording that when Musk decided to remove it from view in the app, and of course had already decapitated third party apps so you couldn’t even use an alternative to see it.
So the work to ‘get’ the data was none/negligible, maybe all they needed to do was aggregate the location of a user’s last n posts and come up with a likely location?
Thanks for the article. Scepticism always a good idea.
Do we know how Twitter are working out location? Is it the public IP of the last login? The last tweet? Or some kind of weighted average?
To your point re Public IP databases being up to date, they are actually quite sticky, particularly by country. While there are odd cases, a user's public ip is a reliable way to determine what country they are in.
This is part of the problem - it's not clear exactly how they're working it out or what assumptions are being made. Similarly, is it just app logins or is it IP at the time posts were sent? Does API usage count or just use of the Twitter app? It's completely unclear.
I'd read that they were going to identify and state publicly , if a VPN was being used by an account but that would require then to be able to identify it as a VPN. I believe some common IPs (mostly the free ones reused ) provided by main VPN services may be able to be flagged but all? But likely if you wanted to cover your tracks you would sign up to Twitter etc with a VPN from the start, not just occasionally, unless to bypass some local "age verifiable" material blocks now imposed eg in the Uk and some US states.
Suppose I should add that it is of course very possible for someone to intentionally disguise their true public IP but this is rarer in practice than you might think.
Good post. I think that yes, geolocation is hard, equally as you point to, it would be odd that bad actors and states wouldn't try to influence or manipulate using these platforms when they've done espionage and all sorts for years (what do you mean Bond is a movie?). I would say I don't think this story should be framed as Trump vs everyone else. If you look at who has been revealed as not where they seem, it cuts across left/right, populist/not populist, and all the geopolitical hot spots. Pro and anti-brexit and so on. Another example are Scottish Nationalists - some of the nosiest accounts first went quiet after the attack on Iran back in June, and when it was revealed on X that their locations were not in the UK - well, 2 + 2 does more than likely equal 4 in this case.
The which app store marker is stickier than IP geolocation though. You typically need a payment method from the country you are switching to: https://support.apple.com/en-gb/118283
Gift Cards work and you can buy digital gift cards
I get the point about geolocation being hard/spoofable, but a user’s location used to be provided with every single post so presumably they never stopped recording that when Musk decided to remove it from view in the app, and of course had already decapitated third party apps so you couldn’t even use an alternative to see it.
So the work to ‘get’ the data was none/negligible, maybe all they needed to do was aggregate the location of a user’s last n posts and come up with a likely location?
Thanks for the article. Scepticism always a good idea.
Do we know how Twitter are working out location? Is it the public IP of the last login? The last tweet? Or some kind of weighted average?
To your point re Public IP databases being up to date, they are actually quite sticky, particularly by country. While there are odd cases, a user's public ip is a reliable way to determine what country they are in.
This is part of the problem - it's not clear exactly how they're working it out or what assumptions are being made. Similarly, is it just app logins or is it IP at the time posts were sent? Does API usage count or just use of the Twitter app? It's completely unclear.
I'd read that they were going to identify and state publicly , if a VPN was being used by an account but that would require then to be able to identify it as a VPN. I believe some common IPs (mostly the free ones reused ) provided by main VPN services may be able to be flagged but all? But likely if you wanted to cover your tracks you would sign up to Twitter etc with a VPN from the start, not just occasionally, unless to bypass some local "age verifiable" material blocks now imposed eg in the Uk and some US states.
Suppose I should add that it is of course very possible for someone to intentionally disguise their true public IP but this is rarer in practice than you might think.