Comments on: What’s the big fuss about IP addresses?

By: CPCcurmudgeon

CPCcurmudgeon — Sun, 05 Feb 2006 21:35:34 +0000

The AV privacy policy notes that IP addresses can potentially be personally identifying when they are linked to information that is stored in other places, such as RIRs (Regional Internet Registries) or domain name registrars.

I would also like to point out that Google’s example of what’s in a typical web server log is just that — an example. A lot more information can be collected. Potentially, anything that is sent in an HTTP request can be collected.

By: Sioen

Sioen — Sun, 05 Feb 2006 08:21:22 +0000

thanks for the great discussion. this needs changing.

But CPCcurmudgeon, I’m curious as to what comparison you were making with Altavista’s privacy policy. I have always used Altavista, just cuz I like it the best, but when I read the privacy policy, it doesn’t seem to be any different from others.

They, too, explicitly say that anonymous information includes IP addresses. Curious.

But is there something in it I missed?

By: CPCcurmudgeon

CPCcurmudgeon — Fri, 03 Feb 2006 20:38:18 +0000

For comparison purposes, you may be interested in the privacy policy of a once-famous search engine (now owned by Yahoo).

http://www.altavista.com/about/priv_details

By: /pd

/pd — Tue, 31 Jan 2006 15:37:59 +0000

what happens when you are tuneling 6over4 natted addresses ? wont this make it more
difficult to find out who was actually at the terminal ??

By: Robert

Robert — Tue, 31 Jan 2006 14:58:26 +0000

This is an interesting topic, and something that could be very scary, especially for those that have been searching for things they really shouldn’t have been searching for. For me, there may be a little embarassment involved, but other than that, I have no worries. It does, however upset me that there is even the most remote possibility someone could be tracking my surfing habits legally, without warrant. The internet has evolved so quickly, laws have not had a chance to keep up with this evolution. There should be some standard in place that will protect our right to privacy. If you want to see what I’ve been up to, first determine if I’ve possibly broken any laws, then obtain a warrant. In my opinion, this would be acceptable.

By: Kip Patterson

Kip Patterson — Tue, 31 Jan 2006 13:44:39 +0000

Your information about “standard case 2″ is totally incorrect. If your computer is connected to a cable or DSL modem without a router, your computer will be assigned a public IP address and this address is what is seen by the sites you visit. The IP address assigned to your modem is a private address for the use of your ISP and is not part of the browsing process ever.

By: Matt

Matt — Mon, 30 Jan 2006 16:52:31 +0000

Tor can give browsing sppeds simmilar to dial up or more up to about 20kbps currently and the more people that install TOR and operate servers the faster it will get .The slowdowns on TOR have been caused by peer to peer filesharers abuseing the service.

TOR used to be cumbersome to use but now TOR distribute a bundle with TOR,the TOR controll Pannel and privoxy already configured its quite easy to use .

By: Chris

Chris — Mon, 30 Jan 2006 15:45:03 +0000

The problem with raising this sort of issue is that it brings to light the reality that anonymity on the web is largely illusory. Politically, privacy has far fewer constituents today than “responsibility.” If lawmakers came to realize that by mandating the keeping and publishing of a few keys by all ISPs that citizens could be made “responsible” for their web use, we could kiss all net privacy goodbye. Lots of people see anonymity as antithetical to responsibility. It would be technically simple to create a distributed DNS-like database that links IP not to domain name, but instead to real name. If a law was passed mandating that ISPs make DHCP allocations searchable, voila: instant responsiblity and zero privacy.

Given the lobbying power of the content owners and folks who would love to be able to target advertisments, and the security spin that could be put on such a policy, it seems very very dangerous to bring such idead to the attention of policians who might get try to get the Internet Responsibility and Terrorist Catching Act passed. Looking at the way the courts are going, it would probably be constitutional too. Yay democracy!

By: adam

adam — Mon, 30 Jan 2006 15:22:20 +0000

TOR is, in my view, a partial solution. For one thing, it can be almost unusably slow. For some people, this is an acceptable tradeoff, but most people will get frustrated when web pages start taking 15-30 seconds to load and require several reloads before the DNS request goes through. It’s a good start, and people should use it, but the user experience is hardly ready for the general public. And it’s two more things that people have to install, on every computer that they use.

But, as I pointed out, this problem isn’t limited to IP addresses, and it’s representative of a deeper issue – that the quality of “personally identifiable” is cumulative when you start putting databases together. Once two pieces of data have been linked, it’s hard to separate them out again.

Understanding that is a prerequisite to understanding why things like TOR are useful. I think the public dialogue on this has been lacking.

By: Matt

Matt — Mon, 30 Jan 2006 13:35:40 +0000

If you use TOR to view websites the whole debate about IP adresses is pretty much thrown out the window .

http://tor.eff.org/

By: Westar

Westar — Mon, 30 Jan 2006 07:59:54 +0000

The infatuation with warrants and subpoenas does seem to totally miss the point. The issue is private companies *have* this vast Person->IP->URL info, and sleazy employees or the companies themselves can do whatever they want with the information. The assumption that since we don’t know who works at flickr, google, msn, yahoo, doubleclick, or webhit, that they therefore are not trading and coallating this information seems sort of wrong. It’s not even illegal for them to quietly give the info away to the US govt.

Note the recent case where private investigators were selling a list of calls made from anyone’s cellphone. These idiot cellphone companies can not even figure out which employees/affiliates are giving out the information. Not that URLs are as interesting as who someone calls, but how much would it cost to get the list of URLs referenced from a given IP? sitemeter.com and technorati have some pretty good databases.

Adam’s post shining light on this is excellent and fresh. I don’t see much knowledge elsewhere on this topic.

By: adam

adam — Mon, 30 Jan 2006 01:53:00 +0000

Yes, I’m aware of that. I do think this discussion goes beyond this particular subpoena.

By: Alex Barnett

Alex Barnett — Mon, 30 Jan 2006 01:32:50 +0000

Interesting post. You are aware that IP addresses were not handed over last week, yes?

http://blogs.msdn.com/alexbarn/archive/2006/01/26/517791.aspx

By: adam

adam — Mon, 30 Jan 2006 01:23:25 +0000

On a similar note, while I don’t have any ads on the site, I do have embedded flickr pictures. So, here’s a question – is flickr just a cover for a huge web bug operation used to track visits to sites that have embedded flickr pictures, or is that being overly paranoid?

By: adam

adam — Mon, 30 Jan 2006 00:52:37 +0000

Thanks for commenting, Jason. Given who your email provider is, I think you have bigger things to worry about than whether I’m storing your email address.

But still, good question. I’ve never really thought about a formal privacy policy before, because this is a personal blog. For the record, I don’t think I’ve ever rejected a comment because it had a non-working or obviously fake email address, but I have on occasion contacted a poster to explain why I rejected a comment or to get further information before approving it.

I will consider this. In the meantime, please feel free to use a bogus email address, but bear in mind that I may simply reject your comment out of hand if I have no way to get in touch with you.

By: Jason

Jason — Sun, 29 Jan 2006 23:45:22 +0000

Why is it that you rail against the retention of personal data yet your blog comment box requires me to give you my email address? Do you have a privacy policy other than it “will not be published”? Are you storing this address securely?

By: vlidi

vlidi — Sun, 29 Jan 2006 22:41:06 +0000

“Any key information associated with personally identifiable information must also be considered personally identifiable.”

OK, should be the standard.

once the definition of the “key information” is being agreed upon, as well as how deep the warrants can dig, and for what reasons, that is…
as we know it will not happen anytime soon, and as we talk about web 2.0 while internet 2.0 is still just a vision (my favourite recepy is
new & more detailed version of TCP/IP on-the-fly AND “advanced” strings, or cookies on steroids, if you like, able to be transfered from hardware to harware
or activated per session online from remote server), not much else to work with if you really want to be “untreceable” but to mask your IP, with (still) a suspicious amount
of sucess and willingness to step back on the speed and once again join another “the-success-is-in-our-(possible)-multitude” group of activists (eg TOR) or similar…

they still do not use it like they could, and we can not presume that they are not aware of the possibillity, and we saw them cross-referencing before.

is a fundamental restructure of protocol a possible solution, or is it a solution at all?

great post, I am curious about the “multitude inteligence” answering the challenge…

By: James Wetterau

James Wetterau — Sun, 29 Jan 2006 22:21:26 +0000

Other important factors – DHCP assigned addresses are typically assigned from small pools. Thus if you get a new one, it’s likely to be “close to” your old address, according to some measure.

When using the web, browser specific information (the type of browser, version number, and operating system version number), is almost always available, too, and commonly recorded. This is sometimes called the “browser fingerprint”. It’s not a true fingerprint — millions of other people likely have the same browser fingerprint as you do, but it can help distinguish you as participating in one or other comparatively small group, such as Mac users, or Windows 98 users, or Windows XP users with the Opera browser. Browser fingerprints vary pretty widely, so at the point at which a DHCP IP address changes, the browser fingerprint can be the clue that ties the old address to the new one.

This would be done by putting three facts put together: IP address A used to visit a paricular site regularly, with browser fingerprint B. As of a certain time, IP address A stopped visiting the site but now a “close” address IP address C that never showed up before starts regularly visiting the site. The visits share athe browser fingerprint, B, and the two IP addresses are fairly close.

Obviously this is not proof beyond any possibility of doubt that IP addr C is the new IP address assigned to a DHCP service user who formerly had IP addr A, but it can be good evidence for a statistical analysis. This is especially true if most users have cookies. If 10,000 people are regular visitors of a web site in any given month, and 9,800 use cookies that successfully identify them, then there are only 200 quasi-anonymous site visitors. Of those 200, piecing together a story based on IP addresses and browser fingerprints may be no big data-mining chore.

This gets even easier if big popular sites share their weblogs for combined statistical analysis. Each site can figure out who its regular visitors are and then share the info with the others to build up a shared profile. This may not be as unlikely as it sounds, since many web sites have hosted advertisements from other companies (i.e. when you hit the web page for a site you may also pull down an ad from another site). If these ads are widely distributed, the ad companies are in a good position to cross-correlate the actions of web browsers across a wide diversity of sites. Access to more data makes the statistical determination of who’s who even easier.

By: adam

adam — Sun, 29 Jan 2006 22:20:14 +0000

Setting aside the other conclusions, as I said, for you, it may be the case that your IP address doesn’t identify you in any meaningful way. But the fact remains that it is the case now that for many users, that’s not true anymore, and we need to deal with that.

By: Westar

Westar — Sun, 29 Jan 2006 22:10:24 +0000

My ISP gives me a new IP address every few weeks. Without much trouble, correlation would be used to determine my IP address history. There are a few blogs where I explicitely check the Remember-Me option, so when I return it knows my handle. The IP logs would clearly show when my handle has switched IPs.

Pretty much all websites that enable cookies to remember when you return (or ones that ask for your email) get to know when your IP switches, and activity from those other IPs can be pinned to you.

The little centralized webpage hit counters and embedded ads from big advertisers have the best IP logs, and comprehensive logs of which IPs reference which URLs, do what searches, and do what IP drifting.

By: Dick Davies

Dick Davies — Sun, 29 Jan 2006 21:52:50 +0000

Not treating an IP as a personally identifiable piece of information isn’t a contentious position to take (I’m not paying for your powerbook just because we share a http proxy server/ shell server).

Yes, your IP appears in many logs, because you’re not going to be doing much online without one.
Unless someone has access to all those logs, so what?

If anyone cares that much about your activity they’ll pull your ISP into court, it’s much easier.