Every time you visit a website, your IP address travels across the network as part of every packet your browser sends. That address — a numerical label assigned by your internet service provider — carries more geographic information than most people realize. IP geolocation is the science and engineering of extracting that information, and it powers everything from fraud detection and content localization to targeted advertising and cybersecurity threat analysis.
This article breaks down IP geolocation at every layer: how the internet protocol itself embeds location clues, how geolocation databases are built and maintained, what accuracy you can realistically expect, and the serious privacy implications that come with this technology.
Understanding geolocation starts with understanding how IP addresses are distributed. The process follows a strict hierarchy, and that hierarchy is the foundation of all geolocation inference.
The global authority that manages the root of all IP allocations. IANA assigns large blocks of IP addresses to five Regional Internet Registries (RIRs).
Five organizations cover different regions: ARIN (North America), RIPE NCC (Europe, Middle East, Central Asia), APNIC (Asia-Pacific), LACNIC (Latin America, Caribbean), and AFRINIC (Africa). Each RIR manages IP allocation for its region.
Some countries have NIRs (like JPNIC in Japan) that further subdivide allocations. LIRs are typically ISPs or large organizations that receive blocks from RIRs.
ISPs assign individual IP addresses or small blocks to end users, businesses, and hosting providers. This is where the allocation becomes most granular.
The key insight is that this hierarchy is inherently geographic. When IANA assigns a block to APNIC, that block will almost certainly be used in the Asia-Pacific region. When an ISP in Germany receives a block from RIPE NCC, those addresses will be assigned to German customers. The geographic information isn't encoded in the IP address itself — it's encoded in the allocation chain.
IPv4 addresses are 32 bits, yielding approximately 4.3 billion unique addresses. With the global IPv4 pool exhausted in 2019, the allocation chain for IPv4 is well-documented and highly structured, which benefits geolocation accuracy.
IPv6 addresses are 128 bits — an astronomically larger space (3.4 × 10³⁸ addresses). The allocation model is different: ISPs receive massive /32 blocks and subdivide them internally. This means IPv6 geolocation relies more on the ISP's internal allocation patterns, which are less transparent to external observers. As of 2025, IPv6 geolocation accuracy lags behind IPv4 by approximately 10-15% at the city level, though the gap is narrowing as more data becomes available.
IP geolocation databases are massive mappings between IP address ranges and geographic locations. Building and maintaining these databases is a complex process that combines multiple data sources.
The major geolocation database providers — MaxMind (GeoIP2), IP2Location, IPinfo, and DB-IP — use a combination of these techniques:
dynamic-192-168-customer.newyork.isp.com provides strong evidence about location.Modern geolocation databases store data as CIDR (Classless Inter-Domain Routing) ranges mapped to location records. A typical entry looks like this:
{
"network": "203.0.113.0/24",
"geolocation": {
"country": "AU",
"region": "New South Wales",
"city": "Sydney",
"postal_code": "2000",
"latitude": -33.8688,
"longitude": 151.2093,
"accuracy_radius_km": 50
}
}The accuracy_radius_km field is critical — it quantifies the uncertainty. Country-level records might have a radius of 200km, while data center IPs can achieve under 1km. Most consumer geolocation APIs expose this confidence radius, though many applications ignore it.
IP geolocation accuracy varies dramatically by granularity level. Here's what the current state of the art delivers:
| Granularity | Typical Accuracy | Best Case | Limiting Factor |
|---|---|---|---|
| Country | 95–99% | 99.8% | VPN/proxy usage |
| State/Region | 85–95% | 98% | ISP routing topology |
| City | 75–90% | 95% | ISP allocation patterns |
| Postal Code | 60–80% | 90% | Dynamic IP reassignment |
| Street Address | Not possible | ~80% (data centers) | Network architecture |
The fundamental limitation is that IP addresses identify network connections, not physical locations. When you connect to the internet through your home WiFi, your ISP assigns you an IP from a pool. That pool might serve an entire neighborhood, a city district, or even a broader region. The geolocation database knows the pool's general area, not your specific house.
Several factors further reduce accuracy:
Important: No IP geolocation service can reliably determine a user's exact physical address. If you see a service claiming "street-level" accuracy for consumer IPs, treat it with heavy skepticism.
IP geolocation sits at the intersection of technical capability and privacy rights. While the technology itself is legitimate and widely used, its implications deserve careful consideration.
When a website performs an IP geolocation lookup on your connection, it can typically learn:
Combined with other signals — your browser's language setting, timezone, Accept-Language header, and JavaScript-detected screen resolution — this builds a surprisingly detailed profile without any cookies or tracking pixels.
Under GDPR (General Data Protection Regulation), IP addresses are classified as personal data when they can be linked to an identifiable individual. This means that storing, processing, or selling IP geolocation data about EU residents requires a lawful basis — typically consent or legitimate interest. CCPA (California Consumer Privacy Act) takes a similar stance.
However, the practical enforcement is nuanced. Using IP geolocation in real-time to serve localized content or detect fraud is generally considered a legitimate interest. Building permanent profiles by logging and storing IP-location mappings over time requires more careful legal justification.
Instantly find the geographic location, ISP, and connection type of any IP address.
Lookup IP Location →Beyond the technical details, IP geolocation powers critical real-world applications:
As the internet evolves, so does geolocation. Several trends are shaping the next generation of this technology:
Machine learning refinement: Modern databases increasingly use ML models that combine multiple signals — BGP paths, latency measurements, DNS patterns, and historical data — to improve accuracy beyond what any single data source provides.
IPv6 maturation: As IPv6 adoption grows (now at 45% globally), databases are accumulating enough data to close the accuracy gap with IPv4. Some providers now offer IPv6 accuracy within 5% of their IPv4 numbers at the city level.
Privacy-preserving geolocation: Emerging approaches like differential privacy and federated learning aim to provide geolocation services without storing individual IP-location mappings, addressing GDPR and CCPA concerns.
Multi-signal fusion: The most accurate geolocation comes from combining IP data with GPS (on mobile), WiFi positioning, Bluetooth beacons, and browser APIs. This hybrid approach can achieve room-level accuracy but requires user consent for the additional signals.
IP geolocation accuracy varies by level. Country-level accuracy is 95-99%, city-level is 75-90%, and postal code or street-level is typically 50-80%. No IP geolocation service can pinpoint an exact physical address.
No. IP geolocation can determine your approximate city and ISP, but it cannot reveal your exact street address. The closest it gets is typically the location of your ISP's nearest routing hub, which may be miles from your actual location.
IPv4 geolocation benefits from decades of data collection and is generally more accurate. IPv6 geolocation is improving but still less precise because IPv6 address allocation is less centralized and the address space is so vast that fewer data points exist per block.
VPNs replace your real IP address with one from the VPN server. Geolocation services will show the VPN server's location, not yours. However, advanced techniques like WebRTC leaks, DNS leaks, or browser fingerprinting can sometimes reveal your true location even when using a VPN.
Yes, IP geolocation itself is legal in most jurisdictions. The IP address you expose when visiting a website is public information. However, how the resulting location data is used — particularly for tracking, profiling, or selling to third parties — is subject to privacy regulations like GDPR and CCPA.