Good evening everybody. I am building a website that provides services based on user's location (country). Now I am looking for a solution that is commonly used by other websites. There are 2 options – one is that I let the user specify his/her country at the time of registration and other is that use an IP database to automatically determine user’s country. Now both these options have drawbacks. If I provide a country selectbox in the registration form, some users may select wrong country to misuse the service. And if I use some IP database then some users may complain about wrong country being assigned to their profile as all IP databases are not 100% accurate. So I need to know the best practice for determining user's country. Should I ask them to specify their country manually or should I use some IP database for this? Please suggest. Thank you.
Thanks logic_earth and Pullo for your comments. I understand that allowing a user to select his/her country is the simple solution but a user can specify a different country to misuse the system. E.g. somebody from China can select US and get details that are meant for US users. I do have an IP database subscription (monthly) but am not sure if it is 100% accurate and it may be possible that it generates a different country (say Canada instead of US) for some IPs. Anyhow thanks for your reply.
Why not do both? That is, let the user pick the country, but default to the country that you have detected. Or, tell the user that you have detected that they are in the relevant country, but give them the chance to change it.
Neither of these methods will deal with the problem of abuse. But I don't see why that's an issue. You say that, for example, "somebody from China can select US and get details that are meant for US users". Why should that be a problem? Is the US information sensitive in some way? If so, then that could point to a bigger security issue with the site.
Or you are a US user who happens to be in china at the moment.
The IP databases can be interesting -- they are just databases, there is not a numbering scheme somewhere that states what IP is in what locale. Country is probably more accurate, but if you happen to get a random class C for an event you can bet it is not in the "right" location according to the databases.