30 December 2019

All Geographic IP (GeoIP) features will be removed from Akeeba software starting January 2020. This is a consequence of changes in the licensing and availability of MaxMind's GeoLite2 Country Database.

Some of our software has included Geographic IP (GeoIP) features, i.e. features which relied on a third party database to convert IP addresses to geographic information such as country of origin of the visitor.

As you know, IP addresses do not carry geographic information, they are just really big numbers. Our software was relying on a third party product, MaxMind's GeoLite2 Country Database, to determine the country and continent of origin of the visitor based on their IP addresses.

The GeoLite2 Country Database is a collection of information which maps IP addresses to geographic information based on publicly available information such as the assignment of blocks of IP addresses to organisations, as well as other data sources which are not explicitly disclosed by MaxMind.

Even in the past, the accuracy of this information hovered between 90% and 95%. This meant that one in ten to twenty visitors's country of origin would be misidentified. This was good enough for some casual features – such as showing a rough location of where a login came from – but not adequate for use in any security feature.

On December 18th, 2019 MaxMind announced that even this free, partially accurate database would have to change both its licensing and its distribution model due to internaltional privacy legilsation such as EU's GDPR and California's CCPA. The problem is that as soon as someone files a request to remove their IP address in accordance with either of these legislative measures both MaxMind and all sites using its database need to immediately remove that information. As a result MaxMind now has a more restrictive license which makes it illegal for us to disseminate their database with our software and makes it impossible to provide an automatic way to update it. Moreover, it puts you on the line for some rather large fines if you use an outdated version of the database.

Even before that, spoofing the IP-based location has always been trivial. Anyone can use a VPS (some browsers such as Opera and Firefox even have a VPS built-in), a free proxy or –in the case of nefarious actors– a compromised computer in a different country. This means that IP-based geolocation is not a serious deterrent, even for the less technical visitors.

To this end we decided to remove all GeoIP related features from our software and discontinue the availability of the Akeeba GeoIP plugin starting January 2020.

The only publicly available, mass distributed software which will be affected is Admin Tools. We will be removing the Geographic IP Blocking feature and we will no longer report the country and continent in security exception and login emails.

Regarding the Geographic IP Blocking feature we had been warning you for a very long time that it is NOT a security feature because of how easy it is for an attacker to spoof their IP address. Moreover, we had warned against using it even as a convenience feature because of the accuracy problems of IP geolocation and the fact that where a computer is connected from does not reflect the country of origin of the person using it. Regarding the accuracy, someone going from Manchester to London, connecting to the (satellite-provided) WiFi service on the train, would appear to be hailing from Sweden because of the way IP geolocation works. The same Britton would appear to be coming from the USA if they traveled there on business. Therefore blocking non-Brittons with GeoIP would result in this person being blocked anyway.

With the new restrictions in place this problem is exacerbated. Every IP address removed from the database decreases the accuracy and can result in more false positives (blocking people who shouldn't be blocked) or false negatives (allowing people who should be blocked). As a result the Geographic IP Blocking feature will become even less useful over time.

Even if we were to replace MaxMind GeoLite2 Country database with a different solution or service the problem would remain. All of these services have to obey the data privacy laws and, as a result, remove IPs when they are asked to do so. Putting resources into replacing one problem with an identical one makes no sense to nobody.

Therefore the decision was made to completely remove this feature, since it was already apparent to us (based on support requests) that it was being incorrectly used as a security feature by people who didn't understand how IP geolocation works and who did not read our documentation which explained how it really does work. In any case, if you have a particular use case for it, you are free to employ a different solution for geographic IP blocking. Please be advised that the inherent problem is not the people at Akeeba removing a feature you used, it's in the legal limitations imposed on IP geolocation as a whole. Also note that by using an IP geolocation library or service at your site you are subject to the provisions of the aforementioned privacy legislations even if your business or site does not nominally operate in the affected countries (the law applies to citizens of these territories regardless of their permanent or temporary residence, yet another reason why geographic IP blocking doesn't work as a "shortcut" to avoid dealing with GDPR and CCPA).

The aforementioned changes will take effect with Admin Tools Professional for Joomla 5.5.0 and Admin Tools Professional for WordPress 1.1.0 to be released January 2020.

At the same time the Akeeba GeoIP plugin for Joomla will be removed from our download page since the licensing of the MaxMind database changed in a way that prohibits its dissemination through third parties, including our own plugin.

We will continue reviewing our software for any forgotten IP geolocation features and remove them by the end of February 2020 at the latest.