In Part 1, we looked at how information is able to be transferred from one computer to another because each computer has a unique identity which is called the "Internet Protocol address" or "IP address." Today, we'll see how users can be traced from their IP Addresses, and discuss the privacy implications that this raises:
How Can Users be Traced from their IP Address?
Once an IP address is captured several methods can be used to trace the user. These tools can be found at Network-Tools.com.
• Determine who owns the network: IP addresses are distributed in blocks to network providers or private companies. By searching IP registration databases it is possible to determine who owns an IP address block. Databases are available on the Internet for the Americas, Europe, and Asia-Pacific regions. Sophisticated computer break-ins sometimes include an attempt to erase the IP addresses captured by the log files to prevent this type of lookup.
• Perform a "reverse lookup:" This converts the IP address into a computer name [Example: convert 255.255.255.255 into www.domain.com]. This is used to determine if a computer is part of a registered Internet domain.
• Conduct a Traceroute: When information packets travel through the Internet they pass through several computers in a hierarchical fashion. Normally packets pass from the user to their Internet Service Provider (ISP) until it reaches the user's "backbone" provider. It then transfers to the destination "backbone " provider down to the ISP of the destination computer and finally to the intended recipient. It is often possible to determine an approximate physical location of an IP address in this fashion. It is also possible to determine the computer's ISP and/or network provider even if the computer itself is not part of a domain. This is usually how junk e-mail or "spam" is traced.
• Review domain registration information via the "WHOIS" databases: Domain registration information is available via the Internet by performing a WHOIS on the domain name portion of the computer name [Example: for www.domain.com perform WHOIS DOMAIN.COM to obtain the registration information].
• Search the Internet for the IP address and/or computer name: It is often possible to find matches from users making public postings on discussion boards or from web sites that leave their log files open to the Internet. Of course, web site owners and/or banner networks could have additional non-public information based on activities at their web sites.
Generally, users who have fixed Internet connections (cable modems, private companies, etc.) have fixed IP addresses. Dial-up Internet providers usually give addresses dynamically from a pool when a user dials in to connect (such as a pool of 100 IP addresses per 800 subscribers).
Internal network procedures also affect the amount of information that can be gleaned from an IP address. If a proxy sits between the users and the Internet all of the users appear to come from one computer. In these cases, users can only traced as far as the proxy unless additional information is known. The 'computer names' can also sometimes be used to gather additional information. One major provider's computer names usually include the nearest city of the user. Some networks simply use the e-mail address in the computer name [Example: joe.domain.com has e-mail address joe@domain.com].
Ambiguities in user identification by IP address are reduced by the use of "Internet cookies." These are text files that gives users a unique identity. Cookies would essentially become unnecessary if everyone had fixed IP addresses. A site's privacy policy must also be coordinated with the policies of third parties that capture IP addresses from their site visitors (such as banner ad networks).
Privacy Policy Implications
Today, many privacy policies, both in the public and private sectors, fail to properly explain IP address collection as the collection of personally identifiable information, and many sites have incorrect information concerning this issue. These policies indicate that only a domain name is captured. Some commercial web sites have copied this incorrect information and made it part of their own policy. Other industry privacy policy templates, such as those offered by the Direct Marketing Association and the Information Industry Association, overlook IP address collection.
A site's privacy policy must also be coordinated with the policies of third parties that capture IP addresses from their site visitors (such as banner ad networks). Sometimes the banner ad network's policy is more import since it has the potential to track users across several sites rather than activity at a single site.
Regardless of the implications or your level of vulnerability, understanding IP addresses is a key factor in your online security.
