{"id":1116,"date":"2024-07-07T13:03:39","date_gmt":"2024-07-07T11:03:39","guid":{"rendered":"https:\/\/stuff.tamius.net\/sacred-texts\/?p=1116"},"modified":"2024-07-07T13:03:39","modified_gmt":"2024-07-07T11:03:39","slug":"instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation","status":"publish","type":"post","link":"https:\/\/stuff.tamius.net\/sacred-texts\/2024\/07\/07\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\/","title":{"rendered":"Instagram&#8217;s security is shit (or: why you shouldn&#8217;t trust IP geolocation)"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">I&#8217;ve probably mentioned that before, but I ended up being one of the de-facto photographers for a club I&#8217;m in, where I take photos of the events we organize. As such, I was encouraged to create an instagram account.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For reasons, I keep all Facebook\/Meta apps off my phone, and only access them through a browser on my computer. In the past, that ended up causing some problems when I&#8217;ve got logins from 5 (3 + dual-boot) different devices<sup class=\"modern-footnotes-footnote modern-footnotes-footnote--expands-on-desktop \" data-mfn=\"1\" data-mfn-post-scope=\"000000000000046a0000000000000000_1116\"><a href=\"javascript:void(0)\"  title=\" I&#8217;m dual-booting Linux\/Windows on my PC, so that&#8217;s 2. My Surface Pro 7 brings the number up to 3. On my BYOD laptop that I also used for my employer, there were logins from my personal user profile, as well as on my work user account, for a grand total of 5 logins.\"  role=\"button\" aria-pressed=\"false\" aria-describedby=\"mfn-content-000000000000046a0000000000000000_1116-1\">1<\/a><\/sup><span id=\"mfn-content-000000000000046a0000000000000000_1116-1\" role=\"tooltip\" class=\"modern-footnotes-footnote__note\" tabindex=\"0\" data-mfn=\"1\"> I&#8217;m dual-booting Linux\/Windows on my PC, so that&#8217;s 2. My Surface Pro 7 brings the number up to 3. On my BYOD laptop that I also used for my employer, there were logins from my personal user profile, as well as on my work user account, for a grand total of 5 logins.<\/span> . At approximately the same time, I&#8217;ve learned that some Imagus<sup class=\"modern-footnotes-footnote modern-footnotes-footnote--expands-on-desktop \" data-mfn=\"2\" data-mfn-post-scope=\"000000000000046a0000000000000000_1116\"><a href=\"javascript:void(0)\"  title=\"A browser extension that allows you to preview images on the internet by hovering over links or thumbnails\"  role=\"button\" aria-pressed=\"false\" aria-describedby=\"mfn-content-000000000000046a0000000000000000_1116-2\">2<\/a><\/sup><span id=\"mfn-content-000000000000046a0000000000000000_1116-2\" role=\"tooltip\" class=\"modern-footnotes-footnote__note\" tabindex=\"0\" data-mfn=\"2\">A browser extension that allows you to preview images on the internet by hovering over links or thumbnails<\/span> users got bans for &#8220;using automated tools.&#8221; <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Just so happens that I use Imagus, so I upped my instagram op-sec to ridiculous levels ever since. I only ever use Instagram from one (1) browser with no addons that I use for nothing else, on one (1) device. And for just over a year, there were no problems with Instagram.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But then I took a vacation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">I spent an extended weekend on Cres, which is about three hours (+ a ferry) south and across a country border. While on Cres, I made two or three instagram posts, and checked how Instagram is doing about twice more. This was done either through a wifi network at the place I was staying, or through a hotspot on my phone.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">When I came home, there was a &#8220;hey you&#8217;re not banned yet, but we suspect you&#8217;re using automated tools to access instagram&#8221; popup waiting for me when I opened instagram. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">So why did it happen?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Given my policy of only using instagram in one stock browser on one device, the only reason they could &#8220;get&#8221; me is via IP geolocation. The logic being that if person&#8217;s IP geolocation changes often, and if changes from country to country a bit too fast, then this could be a sign that someone could be using Instagram from a server they bought somewhere else<sup class=\"modern-footnotes-footnote modern-footnotes-footnote--expands-on-desktop \" data-mfn=\"3\" data-mfn-post-scope=\"000000000000046a0000000000000000_1116\"><a href=\"javascript:void(0)\"  title=\"Or they could be using VPN, but the Venn diagram of people who know what a VPN is and people who use Instagram is almost two distinct circles\"  role=\"button\" aria-pressed=\"false\" aria-describedby=\"mfn-content-000000000000046a0000000000000000_1116-3\">3<\/a><\/sup><span id=\"mfn-content-000000000000046a0000000000000000_1116-3\" role=\"tooltip\" class=\"modern-footnotes-footnote__note\" tabindex=\"0\" data-mfn=\"3\">Or they could be using VPN, but the Venn diagram of people who know what a VPN is and people who use Instagram is almost two distinct circles<\/span>. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The problem with that logic is the existence of roaming in EU\/EEA.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For the purposes of IP geolocation, your device will show as being in your home country even when you&#8217;re roaming abroad. However, if you connect to a wifi network, your device will suddenly appear as being in the country you&#8217;re in. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you&#8217;re using a browser on a computer, Instagram will identify that as sus behaviour. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The only reason this kind of issue doesn&#8217;t happen often is because most instagram users only use instagram on their phones. An app on your phone can access a lot more data about your device than a webpage running in your browser, and facebook apps absolutely do that. Which is probably a good part of the reason average Instagram user isn&#8217;t going to get this issue. That, and most people probably either use cellphone data while roaming and don&#8217;t bother with wifi, or don&#8217;t use data while roaming and only do wifi while abroad.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;ve probably mentioned that before, but I ended up being one of the de-facto photographers for a club I&#8217;m in, where I take photos of the events we organize. As such, I was encouraged to create an instagram account. For reasons, I keep all Facebook\/Meta apps off my phone, and only access them through a browser on my computer. In the past, that ended<span class=\"more-dots\">&#8230;<\/span> <span class=\"more-tag d-block mt-05\"><a class=\"more-link\" href=\"https:\/\/stuff.tamius.net\/sacred-texts\/2024\/07\/07\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\/\">Continue Reading...<span class=\"screen-reader-text\"> \"Instagram&#8217;s security is shit (or: why you shouldn&#8217;t trust IP geolocation)\"<\/span><\/a><\/span><!-- .more-tag --><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"pgc_sgb_lightbox_settings":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-1116","post","type-post","status-publish","format-standard","hentry","category-uncategorized","no-post-thumbnail"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Instagram&#039;s security is shit (or: why you shouldn&#039;t trust IP geolocation) - Tamius&#039; sacred texts<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/stuff.tamius.net\/sacred-texts\/2024\/07\/07\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Instagram&#039;s security is shit (or: why you shouldn&#039;t trust IP geolocation) - Tamius&#039; sacred texts\" \/>\n<meta property=\"og:description\" content=\"I&#8217;ve probably mentioned that before, but I ended up being one of the de-facto photographers for a club I&#8217;m in, where I take photos of the events we organize. As such, I was encouraged to create an instagram account. For reasons, I keep all Facebook\/Meta apps off my phone, and only access them through a browser on my computer. In the past, that ended...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/stuff.tamius.net\/sacred-texts\/2024\/07\/07\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\/\" \/>\n<meta property=\"og:site_name\" content=\"Tamius&#039; sacred texts\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-07T11:03:39+00:00\" \/>\n<meta name=\"author\" content=\"Tamius Han\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tamius Han\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/stuff.tamius.net\\\/sacred-texts\\\/2024\\\/07\\\/07\\\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/stuff.tamius.net\\\/sacred-texts\\\/2024\\\/07\\\/07\\\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\\\/\"},\"author\":{\"name\":\"Tamius Han\",\"@id\":\"https:\\\/\\\/stuff.tamius.net\\\/sacred-texts\\\/#\\\/schema\\\/person\\\/4677d05a4f45974f27cd21481c561c21\"},\"headline\":\"Instagram&#8217;s security is shit (or: why you shouldn&#8217;t trust IP geolocation)\",\"datePublished\":\"2024-07-07T11:03:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/stuff.tamius.net\\\/sacred-texts\\\/2024\\\/07\\\/07\\\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\\\/\"},\"wordCount\":702,\"commentCount\":0,\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/stuff.tamius.net\\\/sacred-texts\\\/2024\\\/07\\\/07\\\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/stuff.tamius.net\\\/sacred-texts\\\/2024\\\/07\\\/07\\\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\\\/\",\"url\":\"https:\\\/\\\/stuff.tamius.net\\\/sacred-texts\\\/2024\\\/07\\\/07\\\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\\\/\",\"name\":\"Instagram's security is shit (or: why you shouldn't trust IP geolocation) - Tamius&#039; sacred texts\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/stuff.tamius.net\\\/sacred-texts\\\/#website\"},\"datePublished\":\"2024-07-07T11:03:39+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/stuff.tamius.net\\\/sacred-texts\\\/#\\\/schema\\\/person\\\/4677d05a4f45974f27cd21481c561c21\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/stuff.tamius.net\\\/sacred-texts\\\/2024\\\/07\\\/07\\\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/stuff.tamius.net\\\/sacred-texts\\\/2024\\\/07\\\/07\\\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/stuff.tamius.net\\\/sacred-texts\\\/2024\\\/07\\\/07\\\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/stuff.tamius.net\\\/sacred-texts\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Instagram&#8217;s security is shit (or: why you shouldn&#8217;t trust IP geolocation)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/stuff.tamius.net\\\/sacred-texts\\\/#website\",\"url\":\"https:\\\/\\\/stuff.tamius.net\\\/sacred-texts\\\/\",\"name\":\"Tamius&#039; sacred texts\",\"description\":\"... containing one of the weirdest mix of pointless topics.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/stuff.tamius.net\\\/sacred-texts\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/stuff.tamius.net\\\/sacred-texts\\\/#\\\/schema\\\/person\\\/4677d05a4f45974f27cd21481c561c21\",\"name\":\"Tamius Han\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1ce12569905c4aff5d48778af8527565f1175c254ad56cc5e5221666ff1e222b?s=96&d=blank&r=pg\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1ce12569905c4aff5d48778af8527565f1175c254ad56cc5e5221666ff1e222b?s=96&d=blank&r=pg\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1ce12569905c4aff5d48778af8527565f1175c254ad56cc5e5221666ff1e222b?s=96&d=blank&r=pg\",\"caption\":\"Tamius Han\"},\"url\":\"https:\\\/\\\/stuff.tamius.net\\\/sacred-texts\\\/author\\\/tamius-han\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Instagram's security is shit (or: why you shouldn't trust IP geolocation) - Tamius&#039; sacred texts","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/stuff.tamius.net\/sacred-texts\/2024\/07\/07\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\/","og_locale":"en_US","og_type":"article","og_title":"Instagram's security is shit (or: why you shouldn't trust IP geolocation) - Tamius&#039; sacred texts","og_description":"I&#8217;ve probably mentioned that before, but I ended up being one of the de-facto photographers for a club I&#8217;m in, where I take photos of the events we organize. As such, I was encouraged to create an instagram account. For reasons, I keep all Facebook\/Meta apps off my phone, and only access them through a browser on my computer. In the past, that ended...","og_url":"https:\/\/stuff.tamius.net\/sacred-texts\/2024\/07\/07\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\/","og_site_name":"Tamius&#039; sacred texts","article_published_time":"2024-07-07T11:03:39+00:00","author":"Tamius Han","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Tamius Han","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/stuff.tamius.net\/sacred-texts\/2024\/07\/07\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\/#article","isPartOf":{"@id":"https:\/\/stuff.tamius.net\/sacred-texts\/2024\/07\/07\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\/"},"author":{"name":"Tamius Han","@id":"https:\/\/stuff.tamius.net\/sacred-texts\/#\/schema\/person\/4677d05a4f45974f27cd21481c561c21"},"headline":"Instagram&#8217;s security is shit (or: why you shouldn&#8217;t trust IP geolocation)","datePublished":"2024-07-07T11:03:39+00:00","mainEntityOfPage":{"@id":"https:\/\/stuff.tamius.net\/sacred-texts\/2024\/07\/07\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\/"},"wordCount":702,"commentCount":0,"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/stuff.tamius.net\/sacred-texts\/2024\/07\/07\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/stuff.tamius.net\/sacred-texts\/2024\/07\/07\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\/","url":"https:\/\/stuff.tamius.net\/sacred-texts\/2024\/07\/07\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\/","name":"Instagram's security is shit (or: why you shouldn't trust IP geolocation) - Tamius&#039; sacred texts","isPartOf":{"@id":"https:\/\/stuff.tamius.net\/sacred-texts\/#website"},"datePublished":"2024-07-07T11:03:39+00:00","author":{"@id":"https:\/\/stuff.tamius.net\/sacred-texts\/#\/schema\/person\/4677d05a4f45974f27cd21481c561c21"},"breadcrumb":{"@id":"https:\/\/stuff.tamius.net\/sacred-texts\/2024\/07\/07\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/stuff.tamius.net\/sacred-texts\/2024\/07\/07\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/stuff.tamius.net\/sacred-texts\/2024\/07\/07\/instagrams-security-is-shit-or-why-you-shouldnt-trust-ip-geolocation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/stuff.tamius.net\/sacred-texts\/"},{"@type":"ListItem","position":2,"name":"Instagram&#8217;s security is shit (or: why you shouldn&#8217;t trust IP geolocation)"}]},{"@type":"WebSite","@id":"https:\/\/stuff.tamius.net\/sacred-texts\/#website","url":"https:\/\/stuff.tamius.net\/sacred-texts\/","name":"Tamius&#039; sacred texts","description":"... containing one of the weirdest mix of pointless topics.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/stuff.tamius.net\/sacred-texts\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/stuff.tamius.net\/sacred-texts\/#\/schema\/person\/4677d05a4f45974f27cd21481c561c21","name":"Tamius Han","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1ce12569905c4aff5d48778af8527565f1175c254ad56cc5e5221666ff1e222b?s=96&d=blank&r=pg","url":"https:\/\/secure.gravatar.com\/avatar\/1ce12569905c4aff5d48778af8527565f1175c254ad56cc5e5221666ff1e222b?s=96&d=blank&r=pg","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1ce12569905c4aff5d48778af8527565f1175c254ad56cc5e5221666ff1e222b?s=96&d=blank&r=pg","caption":"Tamius Han"},"url":"https:\/\/stuff.tamius.net\/sacred-texts\/author\/tamius-han\/"}]}},"_links":{"self":[{"href":"https:\/\/stuff.tamius.net\/sacred-texts\/wp-json\/wp\/v2\/posts\/1116","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/stuff.tamius.net\/sacred-texts\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/stuff.tamius.net\/sacred-texts\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/stuff.tamius.net\/sacred-texts\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/stuff.tamius.net\/sacred-texts\/wp-json\/wp\/v2\/comments?post=1116"}],"version-history":[{"count":2,"href":"https:\/\/stuff.tamius.net\/sacred-texts\/wp-json\/wp\/v2\/posts\/1116\/revisions"}],"predecessor-version":[{"id":1118,"href":"https:\/\/stuff.tamius.net\/sacred-texts\/wp-json\/wp\/v2\/posts\/1116\/revisions\/1118"}],"wp:attachment":[{"href":"https:\/\/stuff.tamius.net\/sacred-texts\/wp-json\/wp\/v2\/media?parent=1116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/stuff.tamius.net\/sacred-texts\/wp-json\/wp\/v2\/categories?post=1116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/stuff.tamius.net\/sacred-texts\/wp-json\/wp\/v2\/tags?post=1116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}