IP Addresses (forum posts) confidential??

Discussion in 'Networking and Security' started by gotta_trade, Nov 11, 2010.

  1. Hi,

    If someone makes a post on a forum, is it possible to identify who they are where they live, (by their IP address or any other means)?

    Or is it basically 100% confidential?

  2. Neither nor.

    it is like asking whether you can identify someone you meet on the streeet or whether his address is confidential.

    IP Addresses are assigned to ASN's - autonomous networks. If you look up an IP address mostly you look up the address of the ASN or a registered address for a part of the network.

    Most addresses are assigned dynamically (end user providers), but the one I post from HERE for example is static (server at a provider).

    The PROVIDER knows who was assigned an address at a specific time ,but he will not tell you. He may tell under a court order, but under normal contractual obligations he does not run around and publish this info.

    So, the reality is somewhere in between. Do a terrorist threat and the chance is the FBI or other authority CAN find out where and who you are (same with file downloading). Own a forum and you can NOT regularly do it. Not down to the user, maybe down to a city.
  3. Do you trust everyone along the internet chain to defy a subpoena and face pound-me-in-the-ass prison for you? The site / forum owner, their hosting colo, the backbone, your isp? I do not.

    Do not post anything on the internet that you wouldn't want your mother to see, or to be read against you in court in the worst possible context.

    The 1st Amendment guarantees us the right to free speech, not anonymous speech. It is not OK to yell Fire! in a crowded theater even if no one knows who yelled it.
  4. wrbtrader


    Yes...it's possible to identify someone via there IP address.

    However, you can give a false IP address if you knew how to do it. In fact, most hard core spammers, auto spam bots or trouble makers are most likely to use a false IP address hide their true identity.

    Yet, for serious crimes via the internet, big brother can easily find you if they wanted too (check out google for latest news about spammers, folks caught sharing copyright protected music et cetera)...all were using false IP address and other tools to hide their identities.

    Lets put it this way, if you're going to commit a crime via the internet that could land you in jail or a huge litigation fine...if someone wants you bad enough...they can find you. :D

  5. jprad


    There's no such thing as a "false" IP address. Spammers are most often charged with theft of service because they've hijacked someone's server via a vulnerability and used that server, and their internet connection, to distribute their spam.

    And, no, there are ways you can access the internet in a completely anonymous fashion.

    Any free, open access, WiFi is a potential entry point. Slap a virtual machine running a Linux distribution that only runs in memory along with a network card that allows the MAC address to be changed and you're good to go.

    However, all that only gives you anonymous internet access. It's not going to help you one whit if you're already under surveillance by the authorities nor will it help you with access to a particular site, like this one, that requires a login that's authenticated via an initial email that contains a verification URL.

    For that layer you'd need to get a truly anonymous email account, which isn't all that easy these days.
  6. The website administrator has a lot of information about you such as the computer system you are using, the city you are online from, the web browser you are using, the operating system you are using, and the resolution of your screen. In some instances, the website administrator can figure out the exact name of the business you are logging in from. For example, if you are working at Goldman Sachs then on their screen it would show that you are logging in from there. They also have the exact time/dates and also may implant a cookie on your computer which gathers other information.

    While all this information does not identify you exactly, it can be combined with other information to reasonably identify you. For example, they know you live in Springfield, Michigan, use a PC with Windows XP and a high resolution screen and its coming from ABC Inc. That should be enough information to take a reasonable guess as to who is posting. Someone like Baron could easily use that information to contact your company and make a complaint.

    In order to exactly identify you, then that would require a court order of some type. Keep in mind though that a company doesnt need a court order to conduct surveillance on their own property and you dont have a reasonable expectation at work. Lets say Baron wants to give you some trouble or there is an uptight mod on here that is a crazy and they decide to call ABC Inc giving them all the information above. A company can fire you for any or no reason at all.

    Also keep in mind that in your 1000s of posts there might be other information you have provided to further identify you such as writing style or statements about your personal situation.

    I have used in the past commercial proxy services when posting on message boards like this, but have since utilized The Onion Router which is free, but a little slow. All of these services are very good and the website operator does not have access to the usual information.

    I am not going to let any website operator have any of my information. I know the mods on this website have abused their authority in the past by revealing a person's location in the forums. They have also shared ip information with non-moderators who they be-friended through this board. I also know they have edited (added and deleted) to posts. One of the reasons why Ivanovich was given the boot was because he would reveal a poster's locations in order to intimidate. He would also share information about certain posters with other non-moderators and edit posts without anyone's permission or knowledge. So there is abuse on here of your personal and private information.

  7. wrbtrader


    You know my use of the word false doesn't imply "non existence". It implies someone hiding their actual IP address via hijacking someones else IP address or using an IP address to intentionally hide their identity to remain anonymous.

    Hopefully that clarifies my use of the word FALSE.

    As for spammers, many known cases where they were caught without hijacking someone's server and many cases caught using someones server.

    As for your last statement about remaining anonymous...of course their are ways to initially be anonymous. However, if someone like the FBI or any other agency wanted to track you down...they can according to many that believed they wouldn't be caught and had ways to remain anonymous. :D

    Here's a simply test...post a terrorist message online at any popular social network about your plans to blow up something or send an email or have someone forward your email to the Whitehouse via hijacking someone's server...lets see if you can keep big brother from finding you.

    Prior to posting your message...post it here at EliteTrader.com and then post your message online via any of the above and then return back to ET to tell us where you've posted your message. You can use any anonymous methods you want to remain anonymous. :cool:

    Make sure you move out of your home or apartment the day you do such and tell nobody where you've gone because you'll be a "wanted" person.

  8. Posting in a forum that requires a cookie (sign-in) can lock on that true IP address thru any proxy IP service, which is not worth much in reality.

    If someone is harrassing online or otherwise subject to some sort of litigation procedures, it's not a big deal to subpeona the true IP address = location of the sender and handle things locally (or in person, face to face) from there.

    No need to be concerned about any of that if you are just straight-up posting somewhere in honorable fashion. Nothing to worry about... so no need to worry at all :)
  9. Can you give an example of such a distribution ?
  10. jokepie


    Yes, Check ET's privacy policy - if they collect the Information.
    Anyhow answer is Yes.
    #10     Nov 11, 2010