by Lan Huang and David Barnett
Geotargeting is a well-established online technique for delivering tailored web content based on a user's geographic location. From an Internet technology point of view, this is usually based on the user's IP address, which is converted to a physical location through a standard look-up process performed by network infrastructure.
Geotargeting is commonly used by websites for several legitimate reasons, including providing users with relevant advertising and other content, or restricting the distribution of content to particular countries or regions in compliance with IP rights restrictions. However, geotargeting (or geoblocking) is increasingly being used by bad actors with their infringing websites. The sites may be configured so the infringing content (e.g. counterfeit goods sales) is only accessible in certain countries. Similarly, sites may be configured such that the content is visible only at certain times, on certain days, or can vary dependent on the web browser used.
Outside those locations (or times), sites may resolve to unrelated content, like gambling-related or adult material, or websites for third-party companies. In some cases, affiliate links on these pages can be sources of additional revenue for their owners beyond their core purpose, i.e. the distribution of the infringing content. Generally, the main purpose of the geotargeting technique is to circumvent detection by the real brand owner, their brand protection service provider, or to frustrate enforcement efforts.
Common geotargeting implementation methods
There are several ways to implement geotargeting, the most common of which include:
- Use of a .htaccess configuration file on the webserver of the site in question to restrict access to the content by certain IP addresses
- Use of Javascript in the website source code specifying that access from certain countries should be restricted
- In this case, the geoblocking takes place on the client side (in the web browser); this type of blocking can be implemented using a suitable plug-in when the site is constructed without requiring any specific technical knowledge
Most often these tools are used for legitimate purposes, including security (e.g. blocking traffic from suspected automated bots), search-engine optimisation (e.g. customisation of site content by location), or compliance (e.g. where content may be illegal in certain jurisdictions). However, as discussed previously, use of these techniques has become increasingly popular with fraudsters who use them to avoid detection and thereby increase the uptime for their infringing content.
Enforcement implications
Enforcement action against geotargeted content can be difficult because the Internet service providers (ISPs) through which the takedowns are made may not be able to see the offending content. A successful takedown is generally reliant on the brand owner being able to provide the ISP with information relating to the IP address(es) or geographic regions from which the infringing content is accessible and the screenshot of the said content.
At times, it may be not possible for users who first accessed the infringing content to provide the required information - such as the IP address(es) mentioned above, or the screenshot of the infringing site. This is not uncommon, and there are investigation tools that can be used to support evidence preservation for takedown as described below.
Investigation of geotargeted content: A case study of an infringing website
Investigating a site using geotargeted content requires the investigator to bypass the geoblocking, which is generally most easily achieved using tools to mask their location (i.e. their IP address, or the location from where their web queries are originating). This can be done by using a virtual private network (VPN), a proxy server, or SmartDNS (domain name system).
However, if it is possible to establish that the geoblocking or content re-direction has been implemented using Javascript - which can be confirmed using any of a range of free, third-party tools - the geoblocking can usually at least partially be circumvented by disabling Javascript in the browser.
To illustrate, the following example shows a geotargeted counterfeit site identified by CSC as infringing against a luxury goods brand. The website - [brand]-store.org - appears to be tailored to the Japanese market, and the Google abstract for the site shows what appears to be the intended content, with Japanese text translated as 'Fall / Winter New Down Women's / Men's Cheap Mail Order' (Figure 1).
Figure 1: Google abstract for the geotargeted counterfeit site
Conversely, when the site is viewed from the UK, the user is instead re-directed to a restricted access page on a third-party domain (Figure 2).
Figure 2: Re-direction destination page for the geotargeted counterfeit site when viewed from the UK
However, if Javascript is disabled in the browser, the re-direction no longer takes effect. In this case, the blocking of Javascript meant that the website content did not display properly; however, by viewing the webpage source code, we were able to verify the presence of the counterfeit site content. An extract is shown in Figure 3, where the Japanese page title translates as '[Brand] Outlet Store Official Site - 2021 New Fall / Winter Down Women's / Men’s Cheap Online Store - [Brand] Outlet Store Official Site'.
Figure 3: Extract of the HTML source code of the geotargeted counterfeit site
Completing the investigation, the content of the site can be viewed by modifying the HTML to remove the Javascript command causing the re-direct and opening the resulting document in a browser (Figure 4).
Figure 4: Content of the geotargeted counterfeit site shown by rendering the edited HTML source code directly in a browser
This article was first published on 24 May 2022 at:
https://www.cscdbs.com/blog/do-you-see-what-i-see-geotargeting-in-brand-infringements/
Also published at:
https://circleid.com/posts/20220531-do-you-see-what-i-see-geotargeting-in-brand-infringements
.jpg)
No comments:
Post a Comment