TRWTF is Charles Schwab: IP addresses used to verify physical address.



  • About a year ago I oppened up an IRA at charles schwab, my long time broker. I did it from my work, which uses a VPN. This is because the company stores a lot of classified data under a mountain some where in the middle of no where; their main servers are also under this mountain. Please keep in mind, this mountain where we all VPN into is a few states over from my office and my residence.

    Any way fast forward a YEAR to last week and get a bunch of letters telling my that my online payments; car loan, credit card, ect, failed to go through because my account was closed! No one bothered email me or call me when my account was locked! Adding to the WTF, the day before I recieved the letter a pay check failed to get into my bank account; calling about it, they said the account numbers were prbly off; no one mentioned my account being locked!

    Any way, when I called in today they said that they had to lock my account because when I opened my IRA a year ago, the IP address did not match my listed address. I had to anwser a bunch of geography questions to get them to unlock it. I tried to explain to them all the reasons tracing ip addresses cannot prevent fraud, but of course it was useless, they were just phone jockies.

     But the Patriot Act requires us to verify addresses! Not with IP addresses retards! That's not verifcation!

    After my meeting today I am going to close my account, their trades are expensive as shit anyway.



  • @this_code_sucks said:

    About a year ago I oppened up an IRA at charles schwab, my long time broker. [...] fast forward a YEAR to last week and get a bunch of letters telling my that my online payments; car loan, credit card, ect, failed to go through because my account was closed!

    So you pay your credit card with your retirement money? You should call that woman from "Til Debt do us part", I think you need to use her jars system for a while.



  • @this_code_sucks said:

    of course it was useless, they were just phone jockies.
     

    That's easy to explain.  Schwab makes a point of noting in their employment postings that they won't even consider hiring anyone who's been out of college for more than eighteen months, which to me is saying "nobody here has any experience".



  • I do agree that this is a WTF, but I also think it's a pretty good idea to lock out access for non-US IPs (or at least Chinese and Russian IPs..) It could be a default that you could have lifted if you are a business traveler who, for some reason, does not have access to a VPN.



  • @Speakerphone Dude said:

    So you pay your credit card with your retirement money? You should call that woman from "Til Debt do us part", I think you need to use her jars system for a while.


    I have three accounts with them, checking, normal trading, IRA.

    Trust me, I don't need debt help.


    @morbiuswilters said:
    I do agree that this is a WTF, but I also think it's a pretty good idea to lock out access for non-US IPs (or at least Chinese and Russian IPs..) It could be a default that you could have lifted if you are a business traveler who, for some reason, does not have access to a VPN.


    Just different state, not a different country; BUT they did not even block the transaction!!!!!! It went through fine. But then they blocked my checking account; A YEAR LATTER!



  • @this_code_sucks said:

    @morbiuswilters said:
    I do agree that this is a WTF, but I also think it's a pretty good idea to lock out access for non-US IPs (or at least Chinese and Russian IPs..) It could be a default that you could have lifted if you are a business traveler who, for some reason, does not have access to a VPN.


    Just different state, not a different country; BUT they did not even block the transaction!!!!!! It went through fine. But then they blocked my checking account; A YEAR LATTER!

    Oh no, I know. And trying to verify an address via IP is stupid. But preventing fur'ners from logging into our accounts is still a good idea.



  • @da Doctah said:

    @this_code_sucks said:

    of course it was useless, they were just phone jockies.
     

    That's easy to explain.  Schwab makes a point of noting in their employment postings that they won't even consider hiring anyone who's been out of college for more than eighteen months, which to me is saying "nobody here has any experience".

    Last year I worked for a company that likes to employ graduates, yet somehow myself and two other experienced workers managed to slip past that restriction. During the company annual meeting we were sitting there listening to the president give his little talk and all of our jaws dropped when he came out with statements about how experienced people were a liability as we were too set in our ways to learn how things should be done in that company. Yet us oldsters could all see how badly the youngsters were stumbling around and just failing at producing anything resembling quality work, and how management was setting itself up to fail.

    A couple of weeks ago I saw a quote (can't remember where) that did seem to explain things:

    Q. Why is employing a graduate like having sex with a virgin?
    A. Because neither one knows how badly you are screwing them



  • @OzPeter said:

    @da Doctah said:

    @this_code_sucks said:

    of course it was useless, they were just phone jockies.
     

    That's easy to explain.  Schwab makes a point of noting in their employment postings that they won't even consider hiring anyone who's been out of college for more than eighteen months, which to me is saying "nobody here has any experience".

    Last year I worked for a company that likes to employ graduates, yet somehow myself and two other experienced workers managed to slip past that restriction. During the company annual meeting we were sitting there listening to the president give his little talk and all of our jaws dropped when he came out with statements about how experienced people were a liability as we were too set in our ways to learn how things should be done in that company. Yet us oldsters could all see how badly the youngsters were stumbling around and just failing at producing anything resembling quality work, and how management was setting itself up to fail.

    A couple of weeks ago I saw a quote (can't remember where) that did seem to explain things:

    Q. Why is employing a graduate like having sex with a virgin?
    A. Because neither one knows how badly you are screwing them

     

    I think hiring someone based soley on experience, or lack of; are both huge wtfs. Hiring should be based on skill first; the end result should be a good mix of experience levels.



  • @morbiuswilters said:

    But preventing fur'ners from logging into our accounts is still a good idea.
     

    A few years ago we moved offices and our old ISP was not available in the new premesis so we had to change. This changed our IP address to 14.x.x.x, which was a brand-new allocation with APNIC. We couldn't access about half the Internet due to old bogan filters. Interestingly we have two VPSs with the same host (in the States) and we could access one but not the other. It's a bit of a bugger that Australia has to share class A ranges with China.

    I was at the Apple store a few weeks ago on their wifi (at least an order of magnitude faster than our office wifi) and Facebook asked me to verify stuff. I wonder if the public IP address was in a different country?



  • @Zemm said:

    It's a bit of a bugger that Australia has to share class A ranges with China.

    Nobody should be filtering based on the first octet. The actual IP should have shown as allocated to an Australian ISP.

    @Zemm said:

    I was at the Apple store a few weeks ago on their wifi (at least an order of magnitude faster than our office wifi) and Facebook asked me to verify stuff. I wonder if the public IP address was in a different country?

    Naw, Facebook is pretty paranoid nowadays, they'll challenge you even if the IP is in the same country.



  • @morbiuswilters said:

    @Zemm said:
    I was at the Apple store a few weeks ago on their wifi (at least an order of magnitude faster than our office wifi) and Facebook asked me to verify stuff. I wonder if the public IP address was in a different country?

    Naw, Facebook is pretty paranoid nowadays, they'll challenge you even if the IP is in the same country.

    They want me to verify the device even if one logs in using a different browser on the same computer.



  • @this_code_sucks said:

    I think hiring someone based soley on experience, or lack of; are both huge wtfs. Hiring should be based on skill first; the end result should be a good mix of experience levels.
    My and my colleagues hiring was based on skills .. skills that were obtained through experience in the industry. But given that this company had a 20% staff turnover last year, it was the skill soy the management team that are more in question.



  • @this_code_sucks said:

    After my meeting today I am going to close my account, their trades are expensive as shit anyway.
    Well, you know how to do that now, although it may take up to a year to process.

     



  • @morbiuswilters said:

    Nobody should be filtering based on the first octet. The actual IP should have shown as allocated to an Australian ISP

    A lot of GeoIP databases are woefully out of date. I used to work at an ISP in the UK who had a bunch of ranges (mostly /18's & /19's). One of those ranges used to belong to an Italian company, and 80% of the time would be identified as being in Italy, despite the range not being allocated to anyone in Italy for at least five years.

    14/8 has a bit of a weird history so it wouldn't surprise me if a lot of sites had no real idea where in the world an address in that range might be.



  • @OzPeter said:

    @this_code_sucks said:
    I think hiring someone based soley on experience, or lack of; are both huge wtfs. Hiring should be based on skill first; the end result should be a good mix of experience levels.
    My and my colleagues hiring was based on skills .. skills that were obtained through experience in the industry. But given that this company had a 20% staff turnover last year, it was the skill soy the management team that are more in question.

     

    Yes, but does everone with industry experience code well?

    We have all worked with someone with a decade of experience who can't manage anything more than hello world. It's not how much time you've been in the industry, it's how much you've learned while you're there.

     



  • @Vanders said:

    @morbiuswilters said:
    Nobody should be filtering based on the first octet. The actual IP should have shown as allocated to an Australian ISP

    A lot of GeoIP databases are woefully out of date. I used to work at an ISP in the UK who had a bunch of ranges (mostly /18's & /19's). One of those ranges used to belong to an Italian company, and 80% of the time would be identified as being in Italy, despite the range not being allocated to anyone in Italy for at least five years.

    14/8 has a bit of a weird history so it wouldn't surprise me if a lot of sites had no real idea where in the world an address in that range might be.

    Well, yeah, if you use an out-of-date database, you're gonna get poor results. So don't do that.



  • @morbiuswilters said:

    I do agree that this is a WTF, but I also think it's a pretty good idea to lock out access for non-US IPs (or at least Chinese and Russian IPs..) It could be a default that you could have lifted if you are a business traveler who, for some reason, does not have access to a VPN.

    Since our corporate proxy is in Japan, has always been in Japan, and is using an NTT-leased block of IPs but routinely gets identified as an India source address, even country-level geolocation is pretty unreliable.



  • @Ex-Navy Dude said:

    @morbiuswilters said:
    I do agree that this is a WTF, but I also think it's a pretty good idea to lock out access for non-US IPs (or at least Chinese and Russian IPs..) It could be a default that you could have lifted if you are a business traveler who, for some reason, does not have access to a VPN.

    Since our corporate proxy is in Japan, has always been in Japan, and is using an NTT-leased block of IPs but routinely gets identified as an India source address, even country-level geolocation is pretty unreliable.

    Eh, a lot of people do it poorly, like everything in this industry.



  • @Vanders said:

    14/8 has a bit of a weird history so it wouldn't surprise me if a lot of sites had no real idea where in the world an address in that range might be.
     

    For the mods that can see my IP address, I'm posting from it now, all the issues haven't happened in a while. I know I haven't updated one of my site's GeoIP database which doesn't know about our IP address, but all it's used for is pre-selecting a "Country" drop down, so is easy for the user to change.

    It still freaks me out a little bit when I see connections coming from 1.x.x.x, which happens a fair bit these days.



  • @Zemm said:

    It still freaks me out a little bit when I see connections coming from 1.x.x.x, which happens a fair bit these days.

    The best one is Google DNS: 8.8.8.8



  • @Zemm said:

    For the mods that can see my IP address, I'm posting from it now, all the issues haven't happened in a while. I know I haven't updated one of my site's GeoIP database which doesn't know about our IP address, but all it's used for is pre-selecting a "Country" drop down, so is easy for the user to change.

    Using the crappy free GeoIP tool that was the first result in Google, I show your IP coming from a city that starts with a B in a state (or whatever you call them) that starts with a Q in a country that starts with an A on a planet that starts with an E.



  • @morbiuswilters said:

    Using the crappy free GeoIP tool that was the first result in Google, I show your IP coming from a city that starts with a B in a state (or whatever you call them) that starts with a Q in a country that starts with an A
     

    LOL the one I found puts me several thousand kilometres away, in a different state. If B=Brisbane then that is the capital of Queensland which is where all the DSL connections in the state end up.

    My home IP address at least gets "Brisbane" from that crappy site. Same ISP, but using a 203.x.x.x on ADSL2+ instead of plain ADSL here.

    @morbiuswilters said:

    on a planet that starts with an E.

    Euchlidon?



  • @Zemm said:

    LOL the one I found puts me several thousand kilometres away, in a different state.

    Holy shit, that one thinks I'm in Iowa, which is not at all accurate.. Here's the one I always use (because it is first in the Google results): http://www.geoiptool.com/en/ You can look yourself and see what city it says.



  • @morbiuswilters said:

    @Zemm said:
    LOL the one I found puts me several thousand kilometres away, in a different state.

    Holy shit, that one thinks I'm in Iowa, which is not at all accurate.. Here's the one I always use (because it is first in the Google results): http://www.geoiptool.com/en/ You can look yourself and see what city it says.

     

    We must have used different terms or Google is providing different users with different results because mine was the first lookup result; the first few were to links to downloading code/database rather than "plug your IP here and press Go".

    Anyway, yours still got the wrong city, over 400km away. Interesting. However it got my home IP address associated with the correct suburb, which is actually pretty small and the telephone exchange (where the DSLAM is) is in the neighbouring suburb. Pretty scary what my ISP is sharing with the world, since it would be the only one that would share at that level of detail.



  • @Zemm said:

    Google is providing different users with different results

    Google has done this for years. They provide different results for a variety of reasons.

    @Zemm said:

    Anyway, yours still got the wrong city, over 400km away. Interesting.

    Hmm.. maybe the accuracy is a lot better in the US than overseas. I travel a lot and GeoIP stuff is always pretty accurate for me (usually to the actual city, although for small towns it might be off by a town or two). I think Google keeps its own very accurate GeoIP database, too (as do a lot of advertisers). I know when I travel I can just open Google and it knows the city I'm in (try searching for "movies", for example, and it gives you local movie times). Of course, you can set it explicitly, but it always seems to guess my location on its own.



  • GeoIP seems to be pretty accurate, though it does place my IP in a village some 20km from the capital where I live (but given the way my ISP assigns IPs, this isn't at all surprising - they seem to just randomly scatter them around the country, and I've gotten IPs in the same range as my fiber on 3G as well).



  • Zemm's link is accurate for me. Morbs' link places me several states away from my actual location.



  • @lettucemode said:

    Zemm's link is accurate for me. Morbs' link places me several states away from my actual location.

    Both of those are about the same distance from my physical location (within a few miles), though Morbs' gets the city name correct.



  • @lettucemode said:

    Zemm's link is accurate for me. Morbs' link places me several states away from my actual location.

    Don't worry, when my regime establishes the GeoIP Relocation Corps, it will show your location accurately.



  • @morbiuswilters said:

    @Zemm said:
    LOL the one I found puts me several thousand kilometres away, in a different state.
      Here's the one I always use (because it is first in the Google results): http://www.geoiptool.com/en/
    Both those links give me the same exact results.  They're wrong, but not by much  They both show me as being located in a city that is directly adjacent to the city I live in, which is understandable since my ISP provides service for both cities.  A while back somebody posted a link to a geolocation site that showed my location almost exactly.  That was pretty creepy.



  • @El_Heffe said:

    Both those links give me the same exact results.

    Ditto: they both identify my country, but I think the GeoIP data is pointing to the organisation that owns the parent company that took over the company that bought out the company that was originally my ISP.

    (don't ask. Each buyout, the purchasing company offered me an upgrade that delivered less but cost more - and were surprised I rejected it each time)


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.