IPrating
Back to Blog

Why City-Level Geolocation Is the Honest Ceiling — and Why Finer Data Is a Sales Story

A frank comparison of IPrating, MaxMind, and IP2Location on geolocation granularity — why sub-city precision is marketing dressed as data, and why keeping things high-level is better for accuracy and visitor privacy.

by Alex N.
comparisongeolocationprivacy

Ask any IP intelligence vendor how precise their location data is and you'll get a feature list. IP2Location sells twenty-six escalating database packages, each adding another field — ZIP code, district, elevation, weather station, mobile carrier, area code — and the implication is clear: more fields means more accuracy, and the biggest package means you can practically see the visitor's front door. MaxMind ships latitude, longitude, postal code, and an "accuracy radius," and markets its GeoIP City database as the industry standard for visitor localization.

Here's the thing both vendors quietly admit in their own documentation, and generally don't include in their pricing tables: IP addresses are assigned to networks, not to people.

The Physics of IP Geolocation

An IP address is a label a network operator puts on a block of infrastructure. When you look up that label, the most truthful answer you can give is: this block belongs to this operator, and the operator's relevant infrastructure sits roughly here. The "here" is a point of presence — a datacenter, an ISP aggregation node, a cellular gateway — and it is, at its absolute best, a city-level approximation.

Anything finer than that isn't actually measured. It's inferred. A ZIP code might come from the ISP's registered billing address, which could be nowhere near the subscriber. A latitude/longitude pair might be the centroid of a city, a postal district, or the operator's headquarters. MaxMind puts this more politely than most: their own product page states that coordinates "are not precise and should not be used to identify a particular street address or household," and that you must display an accuracy radius in kilometers because the point refers to "a larger geographical area instead of a precise location." Their accuracy comparison tool doesn't measure pinpoint accuracy — it measures the percentage of IPs that fall within radii of 250 km, 100 km, 50 km, 25 km, and 10 km. Even "Exact city" and "Exact postal" are reported as percentages, not guarantees.

So when a vendor hands you a database with a ZIP code column and a district column and a weather-station column, they are not giving you a more accurate picture of the visitor. They are giving you more fields, each one an inference stacked on the same underlying network registration data, each one a fresh opportunity to be confidently wrong at higher resolution.

Why "More Accurate" Is Usually Less Honest

Precision and accuracy are not the same thing. A reading of "40.7128° N, 74.0060° W" looks precise — it has six decimal places — but if the visitor is actually fifty kilometers away on a mobile network whose gateway sits in a different metro, that precision is worse than useless. It's misleading. It invites you to make routing, compliance, and personalization decisions on a coordinate that was never measured against the human being you're trying to reach.

The commercial incentive to sell ever-finer data is obvious: it justifies a higher-tier license. IP2Location's packages climb from under a thousand dollars a year to several thousand as you unlock more fields. The fields cost them almost nothing to generate — they're derivations of the same ASN and registration sources — but they command premium pricing because buyers equate granularity with truth. This is the propaganda: the suggestion that paying more reveals more about the visitor, when in reality it reveals more inference layered on the same coarse foundation.

The Privacy Cost That You Should Care About

There's a second problem with chasing sub-city granularity, which we care about deeply at IPrating. Every additional field you collect, store, and pass around your stack is a field that can leak, be subpoenaed, be sold, or be quietly joined to other datasets. A country and a city are coarse enough to be genuinely anonymous at population scale. A ZIP code plus a mobile carrier plus a timestamp plus an ASN is not. The further you push toward "where exactly is this person," the more your geolocation product starts to look like a tracking product — and the more liability you accumulate under GDPR, the California Consumer Privacy Act, and the wave of privacy laws following them.

Granular data also degrades faster. A cellular user commuting across a metro can resolve to three different "precise" locations in an hour, all of them wrong for where the human actually is. Coarse data is stable: the country and city don't change on a train ride, so your decisions don't thrash, and your logs don't fill with phantom location hops that you then have to explain to a privacy regulator.

How IPrating Draws the Line

We made a deliberate choice: city-level geolocation is the honest ceiling, and we stop there. We resolve country, region, and city from network registration and ASN data, and we treat anything below that as what it is — inference that trades honesty for the appearance of insight. Instead of pretending to know the visitor's street, we invest in the signals that actually predict intent and risk: the network operator, the connection type, the browser and OS fingerprints, the VPN and proxy indicators, and the customer's own rules layered on top.

The result is a platform that tells you something true about every visitor — this is a residential connection in this city, on this operator, and here's whether it behaves like a real browser — and refuses to invent a coordinate it can't stand behind. Your decisions get better because they're built on signals that correlate with the outcomes you care about, not on a six-decimal number that was never measured against a person.

Granularity is not accuracy. More fields is not more truth. And the most respectful thing a geolocation platform can do is tell you exactly what it knows, and be clear about what it doesn't.