Secure Client and Server Geolocation Over the Internet

AbdelRahman Abdou; Paul C. van Oorschot

arxiv: 1906.11288 · v1 · pith:VHFUYNCInew · submitted 2019-06-26 · 💻 cs.CR

Secure Client and Server Geolocation Over the Internet

AbdelRahman Abdou , Paul C. van Oorschot This is my paper

Pith reviewed 2026-05-25 15:19 UTC · model grok-4.3

classification 💻 cs.CR

keywords geolocationsecurityverificationVPNanonymizersclient presence verificationserver location verification

0 comments

The pith

CPV and SLV verify client and server locations on the Internet without allowing cheating.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper summarizes recent efforts to achieve secure Internet geolocation by preventing the entity being located from cheating about its own position. It offers a technical overview of Client Presence Verification for clients and Server Location Verification for servers. These methods handle a range of adversarial tactics such as VPNs and anonymizers that hide or fake locations. A sympathetic reader would care because reliable geolocation supports authentication and guards location-based services against impersonation.

Core claim

CPV and SLV are techniques designed to verify the geographic locations of clients and servers in realtime over the Internet while addressing a wide range of adversarial tactics to manipulate geolocation, including the use of IP-hiding technologies like VPNs and anonymizers.

What carries the argument

Client Presence Verification (CPV) and Server Location Verification (SLV), techniques that verify locations in real time while countering IP-hiding technologies.

If this is right

Impersonation attempts in location-based authentication can be blocked.
Location-dependent benefits become harder to claim falsely.
Real-time checks remain effective even when anonymizing tools are used.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

These verification steps could be added to standard network services to limit location spoofing.
Mobile and edge computing setups might adopt similar checks for device positioning.
New manipulation methods that emerge later would require updated versions of the same approach.

Load-bearing premise

The techniques summarized can be implemented to prevent the entity being geolocated from successfully cheating about its location in realtime.

What would settle it

A test where an entity using a VPN or anonymizer reports a false location that CPV or SLV accepts as correct.

Figures

Figures reproduced from arXiv: 1906.11288 by AbdelRahman Abdou, Paul C. van Oorschot.

**Figure 1.** Figure 1: Snapshots of the Flagfox browser extension. been proposed, but there have been very limited deployment in practice. As of this writing, most of the geolocation conducted in practice relies on the clients’ IP address or GPS coordinates of hand-held devices, as explained below. A. Geolocation in Practice There are several methods for device geolocation over the Internet. If the device belongs to a user that … view at source ↗

**Figure 2.** Figure 2: Snapshots of the Fake Location extension—an example browser extension allowing users to fake their locations. From a security perspective, none of the above techniques is resilient to adversarial manipulation. When the geolocation API is in use, the server normally makes no effort in geolocating the client device; it rather trusts the browser-communicated coordinates, which can easily be forged on the fly… view at source ↗

**Figure 3.** Figure 3: Server Location Verification (SLV) using network measurements from [PITH_FULL_IMAGE:figures/full_fig_p005_3.png] view at source ↗

read the original abstract

In this article, we provide a summary of recent efforts towards achieving Internet geolocation securely, \ie without allowing the entity being geolocated to cheat about its own geographic location. Cheating motivations arise from many factors, including impersonation (in the case locations are used to reinforce authentication), and gaining location-dependent benefits. In particular, we provide a technical overview of Client Presence Verification (CPV) and Server Location Verification (SLV)---two recently proposed techniques designed to verify the geographic locations of clients and servers in realtime over the Internet. Each technique addresses a wide range of adversarial tactics to manipulate geolocation, including the use of IP-hiding technologies like VPNs and anonymizers, as we now explain.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

This is a survey summarizing existing CPV and SLV geolocation techniques with no new results or data.

read the letter

The core takeaway is that this paper is a descriptive overview of prior work on secure client and server geolocation, not a source of new methods or evidence. It walks through Client Presence Verification and Server Location Verification as ways to check locations in real time while handling tactics like VPNs and anonymizers, but it states upfront that it is summarizing recent efforts rather than deriving or testing anything fresh. That framing is clear and consistent with what is delivered. The overview itself is the main value: it collects the adversarial scenarios and how the two techniques respond to them in one place, which could save time for someone entering the topic. No machine-checked proofs, code, or fresh measurements appear in the abstract or description, so the paper does not claim or supply that kind of grounding. The limitation is straightforward rather than hidden: because it is positioned as a summary, its contribution is awareness rather than a testable advance, and soundness of the underlying techniques cannot be judged from this text alone. The citation pattern is not an issue here since the goal is synthesis. This piece is mainly useful for readers who need a compact technical recap of the area before digging into the original papers. It is coherent on its own terms and shows straightforward engagement with the literature, so it clears the bar for a serious referee if the venue accepts survey-style work; the review would focus on completeness and accuracy of the summary rather than novelty of claims.

Referee Report

0 major / 1 minor

Summary. The manuscript provides a summary of recent efforts towards achieving Internet geolocation securely, i.e., without allowing the entity being geolocated to cheat about its own geographic location. It focuses on a technical overview of Client Presence Verification (CPV) and Server Location Verification (SLV)---two recently proposed techniques designed to verify the geographic locations of clients and servers in realtime over the Internet while addressing a wide range of adversarial tactics including the use of IP-hiding technologies like VPNs and anonymizers.

Significance. As a descriptive overview consolidating prior work on secure geolocation, the paper could serve as a useful reference for researchers in network security and cryptography. However, because the manuscript supplies no new data, proofs, implementations, or quantitative evaluations, its significance is limited to synthesis rather than advancing the state of the art; credit is due for explicitly framing the problem around real-world cheating motivations such as impersonation and location-dependent benefits.

minor comments (1)

The abstract states that the techniques 'address a wide range of adversarial tactics... as we now explain,' but the provided text does not include the promised technical details or citations to the original CPV/SLV papers; ensure the full manuscript supplies these references and a clear mapping from tactics to countermeasures.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for the careful reading and the positive recommendation to accept the manuscript. We agree that the work is a synthesis of prior efforts on secure geolocation and appreciate the recognition that it frames the problem around real-world cheating motivations.

Circularity Check

0 steps flagged

No significant circularity

full rationale

The paper is explicitly a descriptive technical overview and summary of prior CPV and SLV techniques rather than a derivation of new results. No equations, predictions, fitted parameters, or load-bearing derivation chain exist in the manuscript; the central content is a survey of existing methods addressing adversarial tactics. All claims reduce to external prior work without internal self-referential reduction or renaming of results as new predictions.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

The paper is a survey and introduces no free parameters, axioms, or invented entities.

pith-pipeline@v0.9.0 · 5644 in / 926 out tokens · 22116 ms · 2026-05-25T15:19:17.307923+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Foundation/RealityFromDistinction.lean reality_from_one_distinction unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

CPV relies on three verifiers... estimate the smaller of the forward and reverse one-way delays... area(△xab)+area(△ybc)+area(△zca)≤ area(△xyz) +ϵ
IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

Techniques like CPV can mitigate against this by adapting known Proof-of-Work techniques

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

14 extracted references · 14 canonical work pages

[1]

Zachary N. J. Peterson, Mark Gondree, and Robert Beverly. A Position Paper on Data Sovereignty: The Importance of Geolocating Data in the Cloud. In USENIX HotCloud, 2011

work page 2011
[2]

DRoP: DNS-based Router Positioning

Bradley Huffaker, Marina Fomenkov, and kc claffy. DRoP: DNS-based Router Positioning. SIGCOMM Comput. Commun. Rev. , 44(3):5–13, 2014

work page 2014
[3]

On Measuring the Geo- graphic Diversity of Internet Routes

Attila Csoma, Andr ´as Guly´as, and L´aszl´o Toka. On Measuring the Geo- graphic Diversity of Internet Routes. IEEE Communications Magazine , 55(5):192–197, 2017

work page 2017
[4]

IP geolocation databases: Unreliable? ACM SIGCOMM Computer Communication Review , 41(2):53–56, 2011

Ingmar Poese, Steve Uhlig, Mohamed Ali Kaafar, Benoit Donnet, and Bamba Gueye. IP geolocation databases: Unreliable? ACM SIGCOMM Computer Communication Review , 41(2):53–56, 2011

work page 2011
[5]

Internet geolocation: Evasion and counterevasion

James A Muir and Paul C van Oorschot. Internet geolocation: Evasion and counterevasion. ACM Computing Surveys , 42(1):4, 2009

work page 2009
[6]

Dude, where’s that IP?: Circumventing measurement-based IP geolocation

Phillipa Gill, Yashar Ganjali, Bernard Wong, and David Lie. Dude, where’s that IP?: Circumventing measurement-based IP geolocation. In USENIX Security, pages 241–256. USENIX Association, 2010

work page 2010
[7]

Accurate Manipulation of Delay-based Internet Geolocation

AbdelRahman Abdou, Ashraf Matrawy, and Paul C van Oorschot. Accurate Manipulation of Delay-based Internet Geolocation. In ACM AsiaCCS, pages 887–898. ACM, 2017

work page 2017
[8]

CPV: Delay-based Location Veriﬁcation for the Internet

AbdelRahman Abdou, Ashraf Matrawy, and Paul C van Oorschot. CPV: Delay-based Location Veriﬁcation for the Internet. IEEE Transactions on Dependable and Secure Computing (TDSC) , 14(2):130–144, 2017

work page 2017
[9]

Accurate one-way delay estimation with reduced client-trustworthiness

AbdelRahman Abdou, Ashraf Matrawy, and Paul C van Oorschot. Accurate one-way delay estimation with reduced client-trustworthiness. IEEE Communications Letter , 19(5), 2015

work page 2015
[10]

Taxing the queue: Hindering middleboxes from unauthorized large-scale trafﬁc relaying

AbdelRahman Abdou, Ashraf Matrawy, and Paul C van Oorschot. Taxing the queue: Hindering middleboxes from unauthorized large-scale trafﬁc relaying. IEEE Communications Letter , 19(1), 2015

work page 2015
[11]

Location Veriﬁcation of Wireless Internet Clients: Evaluation and Im- provements

AbdelRahman Abdou, Ashraf Matrawy, and Paul C van Oorschot. Location Veriﬁcation of Wireless Internet Clients: Evaluation and Im- provements. IEEE Transactions on Emerging Topics in Computing (TETC), 5(4):563–575, 2017

work page 2017
[12]

Server Location Veriﬁcation (SLV) and Server Location Pinning: Augmenting TLS Authentication

AbdelRahman Abdou and Paul C van Oorschot. Server Location Veriﬁcation (SLV) and Server Location Pinning: Augmenting TLS Authentication. ACM Transactions on Privacy and Security (TOPS) , 21(1):1:1–1:26, 2018

work page 2018
[13]

Characterizing large- scale routing anomalies: A case study of the china telecom incident

Rahul Hiran, Niklas Carlsson, and Phillipa Gill. Characterizing large- scale routing anomalies: A case study of the china telecom incident. In International Conference on Passive and Active Network Measurement , pages 229–238. Springer, 2013

work page 2013
[14]

Upgrading HTTPS in mid-air: An empirical study of strict transport security and key pinning

Michael Kranch and Joseph Bonneau. Upgrading HTTPS in mid-air: An empirical study of strict transport security and key pinning. In NDSS. Internet Society, 2015

work page 2015

[1] [1]

Zachary N. J. Peterson, Mark Gondree, and Robert Beverly. A Position Paper on Data Sovereignty: The Importance of Geolocating Data in the Cloud. In USENIX HotCloud, 2011

work page 2011

[2] [2]

DRoP: DNS-based Router Positioning

Bradley Huffaker, Marina Fomenkov, and kc claffy. DRoP: DNS-based Router Positioning. SIGCOMM Comput. Commun. Rev. , 44(3):5–13, 2014

work page 2014

[3] [3]

On Measuring the Geo- graphic Diversity of Internet Routes

Attila Csoma, Andr ´as Guly´as, and L´aszl´o Toka. On Measuring the Geo- graphic Diversity of Internet Routes. IEEE Communications Magazine , 55(5):192–197, 2017

work page 2017

[4] [4]

IP geolocation databases: Unreliable? ACM SIGCOMM Computer Communication Review , 41(2):53–56, 2011

Ingmar Poese, Steve Uhlig, Mohamed Ali Kaafar, Benoit Donnet, and Bamba Gueye. IP geolocation databases: Unreliable? ACM SIGCOMM Computer Communication Review , 41(2):53–56, 2011

work page 2011

[5] [5]

Internet geolocation: Evasion and counterevasion

James A Muir and Paul C van Oorschot. Internet geolocation: Evasion and counterevasion. ACM Computing Surveys , 42(1):4, 2009

work page 2009

[6] [6]

Dude, where’s that IP?: Circumventing measurement-based IP geolocation

Phillipa Gill, Yashar Ganjali, Bernard Wong, and David Lie. Dude, where’s that IP?: Circumventing measurement-based IP geolocation. In USENIX Security, pages 241–256. USENIX Association, 2010

work page 2010

[7] [7]

Accurate Manipulation of Delay-based Internet Geolocation

AbdelRahman Abdou, Ashraf Matrawy, and Paul C van Oorschot. Accurate Manipulation of Delay-based Internet Geolocation. In ACM AsiaCCS, pages 887–898. ACM, 2017

work page 2017

[8] [8]

CPV: Delay-based Location Veriﬁcation for the Internet

AbdelRahman Abdou, Ashraf Matrawy, and Paul C van Oorschot. CPV: Delay-based Location Veriﬁcation for the Internet. IEEE Transactions on Dependable and Secure Computing (TDSC) , 14(2):130–144, 2017

work page 2017

[9] [9]

Accurate one-way delay estimation with reduced client-trustworthiness

AbdelRahman Abdou, Ashraf Matrawy, and Paul C van Oorschot. Accurate one-way delay estimation with reduced client-trustworthiness. IEEE Communications Letter , 19(5), 2015

work page 2015

[10] [10]

Taxing the queue: Hindering middleboxes from unauthorized large-scale trafﬁc relaying

AbdelRahman Abdou, Ashraf Matrawy, and Paul C van Oorschot. Taxing the queue: Hindering middleboxes from unauthorized large-scale trafﬁc relaying. IEEE Communications Letter , 19(1), 2015

work page 2015

[11] [11]

Location Veriﬁcation of Wireless Internet Clients: Evaluation and Im- provements

AbdelRahman Abdou, Ashraf Matrawy, and Paul C van Oorschot. Location Veriﬁcation of Wireless Internet Clients: Evaluation and Im- provements. IEEE Transactions on Emerging Topics in Computing (TETC), 5(4):563–575, 2017

work page 2017

[12] [12]

Server Location Veriﬁcation (SLV) and Server Location Pinning: Augmenting TLS Authentication

AbdelRahman Abdou and Paul C van Oorschot. Server Location Veriﬁcation (SLV) and Server Location Pinning: Augmenting TLS Authentication. ACM Transactions on Privacy and Security (TOPS) , 21(1):1:1–1:26, 2018

work page 2018

[13] [13]

Characterizing large- scale routing anomalies: A case study of the china telecom incident

Rahul Hiran, Niklas Carlsson, and Phillipa Gill. Characterizing large- scale routing anomalies: A case study of the china telecom incident. In International Conference on Passive and Active Network Measurement , pages 229–238. Springer, 2013

work page 2013

[14] [14]

Upgrading HTTPS in mid-air: An empirical study of strict transport security and key pinning

Michael Kranch and Joseph Bonneau. Upgrading HTTPS in mid-air: An empirical study of strict transport security and key pinning. In NDSS. Internet Society, 2015

work page 2015