All articles

How to Verify a User's Real Location (Past VPNs and Proxies)

IP geolocation is easy to fake with a VPN or proxy. Learn how to verify a user's real location by combining geolocation with anonymiser detection.

April 10, 20262 min read

Plenty of decisions depend on where a user really is — licensing, tax, compliance, fraud rules. The problem is that the easiest signal, IP geolocation, is also the easiest to fake. Here's how to verify location you can actually trust.

Why raw geolocation isn't enough

IP geolocation is accurate at country level — until someone puts a VPN or proxy in the way. Then the location you see belongs to the anonymiser's server, not the user. Since relocating your apparent location is the entire point of a VPN, you can't trust geolocation without first asking whether it's being masked.

Check whether a location is masked by a VPN

The two-step verification

  1. Look up the location with IP geolocation — country, region, ISP.
  2. Check for anonymisers with the VPN detection API and proxy detection API. If the IP is a VPN, proxy or Tor exit, the location is untrusted.

Only a location with no anonymiser present should be treated as the user's real location — and even then, trust country level over city.

Decision matrix

GeolocationAnonymiser?Verdict
Country XNoneTrust country X
Country XVPN/proxy/TorUntrusted — location likely masked
Mismatched signalsAnyInvestigate / challenge

Where this matters

  • Licensing & content — enforce regional rights; VPNs are the main bypass tool. See how to geo-restrict content.
  • Compliance / KYC — confirm a user's stated country isn't masked.
  • Fraud rules — a masked location on a payment is a risk signal worth scoring with an IP fraud score.

Handling masked locations

Don't necessarily block — decide by context. For content, you may block the bypass. For signups or payments, challenge or verify. Always log the anonymiser flag for audit.

Bottom line

To verify a user's real location, never trust geolocation on its own — first detect whether a VPN or proxy is masking it. A clean (non-anonymised) country-level location is reliable; a masked one should be treated as untrusted and routed into your fraud or compliance rules.

FAQ

Frequently asked questions

Only after ruling out anonymisers. A VPN or proxy relocates the apparent IP, so geolocation alone can be deliberately wrong. Check for VPN/proxy first, then trust the location at country level.

Related articles

How to Block VPN Users on Your Website (the Smart Way)ReadWhat Is IP Geolocation and How Accurate Is It?ReadHow to Detect VPN in Your Signup FlowRead
Die Suite entdecken

Unsere anderen Tools ausprobieren

VPN-ErkennungErkennen Sie IPs, die über verschlüsselte VPN-Tunnel geleitet werden, um ihren echten Standort zu verschleiern.Proxy-ErkennungErkennen Sie HTTP-, SOCKS-, Residential- und Rechenzentrums-Proxys sowie Tor-Exit-Nodes.IP-GeolokalisierungOrdnen Sie jede IP einem Land, einer Region und einer Stadt zu – mit ISP- und Zeitzonendaten.ASN-DatenErmitteln Sie die Autonomous-System-Nummer und die Organisation, der ein IP-Bereich gehört.WHOIS-InfosRufen Sie Registrierungs- und Eigentümerdaten für Domains und IP-Bereiche ab.