- The Internet needs a new, reliable solution that restores user control over location data while still supporting the services that depend on it.
- Researchers have proposed a new approach that relies on a trusted third-party authority to verify and attest both a user’s location and the accuracy requirements declared by the service.
- The team is working on building a functioning prototype of this system and is actively seeking collaboration with researchers and industry partners.
On today’s Internet, geolocation is so pervasive that most users forget they are constantly being tracked online. It extends far beyond navigation apps: countless websites and applications rely on location data to personalize search results, enforce regional compliance, and generate analytics. This creates a fundamental dilemma for users, who must choose between accessing services that work properly and preserving their privacy.
Online services rely on two main methods to geolocate users,
- The device’s built-in geolocation system, which is highly reliable but requires explicit user permission and reveals information far more precise than most services need.
- IP-based geolocation, which is less accurate but requires no user consent.
Growing privacy awareness has led users to increasingly adopt tools that hide their IP address behind servers often located far from their actual position. This trend builds upon long-standing issues such as cellular networks, which are already known for distorting a user’s apparent location.
Commercial VPNs have exacerbated the situation by building entire business models around allowing users to appear as if they are somewhere else on the Internet, effectively breaking IP geolocation. More recently, browsers have introduced privacy features such as iCloud Private Relay and Chrome IP Protection, which hide the user’s IP address while attempting to preserve a coarse, privacy-preserving notion of location. Our study shows that even with these mitigation efforts, their impact on geolocation accuracy remains significant.
This situation continues to worsen, putting the long-term viability of IP geolocation at risk. Instead of adding yet another temporary fix, my colleagues and I argue in our recent HotNets 2025 paper that it’s time to rethink the system entirely. The Internet needs a new, reliable solution that restores user control over location data while still supporting the services that depend on it.
A Path Forward
Addressing these limitations requires a new architecture that is both scalable and compatible with today’s Internet.
Our team proposes an approach that provides users with meaningful control over their location data while maintaining sufficient precision for services to function effectively. The core idea relies on a trusted third-party authority that can verify and attest both a user’s location and the accuracy requirements declared by the service.
This allows users to disclose only the granularity a service truly needs while controlling which categories of services may access their location information at all. Instead of all-or-nothing location sharing, users can choose precisely what they share and with whom.
The system operates similarly to how HTTPS secures the web, following a simple sequence of exchanges (Figure 1).
1) The device periodically obtains location tokens from the third-party authority, derived from reliable signals provided by the user.
2) When a user connects, the service presents a signed certificate describing the level of location accuracy it requires.
3) The user’s device verifies this certificate, determines the appropriate granularity to disclose, and returns the suitable token.
All these exchanges can be integrated directly into existing security protocols, ensuring a seamless and frictionless user experience.
Such a system naturally lends itself to a hierarchical model, similar to the existing web public-key infrastructure. Root authorities would certify regional or specialized authorities that interact directly with users and services. This architecture also creates an opportunity for countries to retain sovereignty over their citizens’ location data. By operating their own authorities, nations can ensure that precise location information remains under domestic control and is not exposed to external actors.
By aligning privacy protection with service functionality, this approach could lay the foundation for a more trustworthy, sustainable, and user-centric geolocation ecosystem for the Internet.
A Win-Win Solution
This system creates benefits for all actors involved. Users gain meaningful control over their location data. Services receive more reliable and accurate information without sacrificing the frictionless experience their operations require. Browsers and operating systems also benefit from integrating this approach, as it allows them to position themselves as platforms that genuinely respect user privacy.
One major question remains: Who will operate these third-party authorities?
Maintaining such an architecture provides strong incentives, as it allows operators to retain control over their users’ location data. This is particularly appealing for governments, which have a vested interest in preserving sovereignty over sensitive data, as well as for private actors such as content delivery networks.
Our team is currently working to address the many research challenges required to build a functioning prototype of this system and is actively seeking collaboration with researchers and industry partners to move toward prototyping and standardization.
Read our paper for further details.
Augustin Laouar is a first-year PhD student advised by Francesco Bronzino and Loïc Desgeorges at École Normale Supérieure de Lyon (France). His research focuses on network performance and privacy concerns in Internet systems.
Contributors: Francesco Bronzino, Paul Schmitt, and Loïc Desgeorges.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of the Internet Society.