Effective managed attribution (MA) is critical for successful online investigations. If you are identified, websites can easily block your access, provide misinformation, hide crucial content, or even engage in counter attacks. User behavior is the primary cause of exposed identities.

Ntrepid products establish anonymity or misattribution through the use of geo pools— geographic IP hub servers that we control in desired locations. Geo pools allow you to egress from a specific location by directing your online activity through those geo pools. This means all your browsing activity is routed through the IP address of your choice, allowing you to access online information as if you are in that location and control your online identity.

One common difficulty for MA users is geolocation confusion. This occurs when your point of presence appears to be somewhere other than the geolocation that you’ve chosen. For example: You are running an operation out of Bismarck, North Dakota; Your internet traffic is being routed from San Diego, California — the location of your choice. However, websites, like Google, think you are in some other place like Tallahassee, Florida — or worse, they know that you are actually working out of North Dakota.

Though problematic, it is common to see inaccurate reports of your location. This is often a result of user activity leaking location information to public web services. With the right technologies and good operational security (OPSEC) practices, you can protect your location and identity.

So, why is my geolocation all over the map?

Before diving into the best practices, it is important to understand why geolocation confusion occurs. Websites, like Google, are devoted to making their location data as accurate as possible. To help accomplish this, they are experts at discovering people’s true location. In addition, there are many services that collect and provide information on your location: Maxmind, IP2Location, and WHOis.net are just a few.

Websites are able to find your location through several ways:

Registration: Every IP address is registered to a person, organization, or internet service provider with a known mailing address. This is the least accurate method to determine someone’s location. The address of record for an IP address block could be at the ISP’s corporate headquarters thousands of miles away from the user of that IP.

Ecommerce: Billing or shipping addresses that are used during your online activities can reveal the location of the IP address. Averaged over many transactions, this location information becomes very accurate.

Search: Searches for local places or businesses can indicate your general location. While people can search for directions, locations, and businesses anywhere in the world, they typically search for things near where they actually are. This method is typically accurate at locating users within a section of a city.

WiFi: The location of almost every WiFi base station in the world is known and is often accurate to 10 ft. If you are running an application that allows a third party to see the WiFi network you are using, they can pinpoint you exactly.

Best practices to protect your identity & location

The first line of defense for effective misattribution is to leverage the right technologies to help protect your identity. Using widely available tools like traceroute, any investigator could quickly find the true source of your traffic. Ntrepid’s products run constant tests to ensure that traffic is always traced back to the selected geo pool, protecting you and your mission. Ntrepid’s secure browser, Passages, avoids the typical detection methods by hiding your WiFi location and using the internet service provider’s mailing address. Passages provides rotating misattributed IP addresses from your choice of locations around the world. It completely destroys all trackers at the end of every session, and provides a browser fingerprint that cannot be associated with any particular individual or organization. Finally, Passages prevents any active website or malware from being able to see your internal network at all.

The second line of defense against identity and location exposure is to ensure that you are applying proper operational security practices. Good OPSEC starts with you. When engaging in misattribution, it is important to make sure your internet activity is consistent with your selected geo pool. You should always consider which geo pool is appropriate to use before searching or mapping locations. The same is true when making online purchases; Always double-check that you are making a purchase with only the payment and shipping credentials appropriate to the geo pool in use. It is also imperative that you never mix misattributed activity with any accounts attributed to you, your organization, or your location. One small mistake could expose an entire operation. In short: Think before you type!

Though managed attribution is a complex and sometimes risky method of operations, you can indeed successfully protect your identity and location. By leveraging Ntrepid products for your managed attribution requirements and applying proper OPSEC practices, your users can conduct their investigations with confidence.