11 August 2010

The case of the persistent salesman

At our law office in London, we were just given a stunning reminder of how easy it is (sometimes) to know where end-users are located.

A couple of us spent some time earlier today looking online for a particular type of networking equipment. We found multiple references to one specific piece of equipment, including web sites of distributors here in the UK.

A few hours later and the phone rang. It was a sales representative calling us from one of the distributors, who asked to be connected to our IT department. The salesman then said, "We noticed that you have been looking at the [equipment name] on our web site. I thought I would call to see if I could answer any questions or offer you a chance to try one of these devices."

How did he do it? I have to presume he relied on the wide-spread method of reverse-lookup for the IP number used by the web browser from our office. This is unique to our company LAN. It doesn't take too much effort to track us down from just that one piece of information.

This is one of those moments when I am torn between admiration for an enterprising use of the Internet, and a serious case of "this creeps me out". Either way one thing was clear: it did not take the salesman long to locate us. If we had been outside the country presumably he would not have called us.

For the large mass of home/consumer users, this method does not usually reveal THIS much data. But it is a reasonable method of identifying their geo-location on a large scale: such as what country they are in.

If you know where people are, it is possible to discriminate (access, content, prices, currencies, whatever) on the basis of that location. In other words, you can enforce Internet Borders.