Secrets of Internet Forensics, Part II, Snow Leopard

 

Date & Time start

Date & Time Preferences – Setup

Note, however, that if you aren’t using AirPort/Wi-Fi, this service is unavailable. If Wi-Fi is in use, it works, and you’ll see a red pushpin that identifies your geographic location and sets the time zone. At first, that seems like a mystery because there are well known databases on the Internet that can convert an IP address to a city.

Date & Time result

Date & Time Prefs – Result

Solving the Location Problem

The problem for Apple is that 1) these databases aren’t 100 percent accurate in converting your WAN (Wide Area Network) IP address to a city and 2) there is a more accurate way of determining your location — but it depends on Wi-Fi.

First, however, I need to back up a little. Your Mac has an IP address on the LAN (Local Area Network). It can be static or dynamically assigned by, say, your home router. The latter method is called DHCP (Dynamic Host Configuration Protocol). If you look in System Preferences -> Network, you’ll see that address.  In my case below, it’s 192.168.1.15.

 

LAN Address

DHCP LAN address

What’s required, but not shown, is the WAN IP address that’s assigned to your cable or DSL modem. That’s the address that’s visible on the Internet. One quick way to see it is to go to Speakeasy.net/speedtest. Just inside the thin lined border, on the upper right, you’ll see your WAN IP reflected back to you. That’s the IP you can type into one of the databases to obtain a general city location. (I’ve obscured the last two numbers of the dotted quad for privacy.)

Speakeasy speed test (2)

Speakeasy speed test

The problem is that sometimes that database will point to the location of the ISP, and it may not be in your own city. I’ve seen instances when the resulting city (or contact office of record) is, in fact, thousands of kilometers from the actual location, so it’s just not a reliable and accurate method even for something as coarse as a time zone setting.

A company called Skyhook in Boston has developed what it calls the XPS database. The company has been sending vehicles out in the U.S. and collecting information on Wi-Fi hot spots and tying them to geo-locations. This method has an accuracy of approximately 10 to 20 meters (33 to 66 ft.) In addition, cell phone tower locations are folded into the XPS database so that triangulation can also be used. That method has 200 to 1,000 meter (660 to 3280 ft) accuracy.

Another advantage of Skyhook is that it’s fast. The company claims one second lookups. As we know, depending on conditions (indoors/outdoors), an accurate GPS location can take a minute or more, not a great user experience. That’s why, starting in 2008, Apple started using using Skyhook technology in the iPhone OS 2.0 for Location Services. That much we do know.

How it Works on the Mac

Because your Macintosh doesn’t have a GPS (Global Positioning System) or 2G/3G radio bult-in and because IP -> city lookups can be somewhat coarse, a better method is needed. There is both indirect and direct technical evidence that Skyhook is also used in Snow Leopard. The direct evidence is based a report from our Dave Hamilton, whose location was off quite a bit. After manually entering his router location in the Skyhook database, a few days later, his location accuracy improved dramatically. The indirect evidence comes from Skyhook’s own press page that points to a TUAW article by Steve Sande.  That article identifies Skyhook as the service in Snow Leopard.  Even so, Skyhook would not verbally confirm that to the Mac Observer, leaving that instead to Apple. Apple, in turn, was asked for comment, but did not respond. Nevertheless, Apple does provide a strong hint here in Note #5.

Also, Apple appears to be reserving the right to change that service behind the scenes.  Little Snitch reveals that Core Location appeals to mac-services.apple.com. So it would be easy to modify the back end service without modifying Snow Leopard.

The upshot is that if your home Wi-Fi base station signal can reach the street, you may have been put into the Skyhook database, just as Google has been driving around, tying geo-locations to street views. All this explains why you must have Wi-Fi in use on your Mac, using Snow Leopard, to take advantage of Core Location surfaced in the Date & Time System Preferences.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.