Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can You Really Be Traced From an IP Address?

Posted by CmdrTaco on from the who-are-you-who-who-who-who dept.

Barence writes "Identifying individuals using nothing more than their IP address has become a key part of anti-piracy and criminal investigations. But a PC Pro investigation casts serious doubt on the validity of IP-based evidence. 'In general, the accuracy of IP address tracing varies depending on the type of user behind the IP address,' Tom Colvin, chief technology officer with security vendor Conseal told PC Pro. 'Whilst big businesses can be traceable right back to their datacenters, standard family broadband connections are often hard to locate, even to county-level accuracy.'"

9 of 246 comments (clear)

  1. Sure. Don't be paranoid! by Chas · · Score: 5, Insightful

    Depending on what data is being captured by the ISP for management purposes, this COULD be true.

    But, if they can track you well enough to meter you (Comcast, AT&T, etc), they can track you down to your IP too.

    --


    Chas - The one, the only.
    THANK GOD!!!
  2. WTF? by YodasEvilTwin · · Score: 4, Insightful

    This is not the problem with IP tracking. In most instances the ISP will have logs linking IPs to customers, and people can be easily traced. The real problem is that AN IP IS NOT A PERSON. You cannot trace a person through an ISP (except through strong circumstantial evidence such as someone using their email account from that IP). If all the info you have is that someone/something at IP 12.34.56.78 downloaded kiddie porn, that's no evidence at all. Was it the suspect? Was it a family member or friend? Was it some random on the street who cracked the WEP key or accessed an open network? You have no idea and you never will unless you can find 1) evidence on a computer and 2) evidence that the suspect was using said computer at the time.

  3. reverse dns + office workers = trouble by jaymz2k4 · · Score: 5, Insightful

    I'm often having to remind users in the office that a simple reverse lookup on our IP and there's the company name sat right there, a few clicks and you've got the building address. Go onto linked in and you've probably got half the employees full names. A lot of people forget just how much information you can get from work IP's. It's not CSI style VB GUI interface level but if you're about to go make some stupid edits on wikipedia don't do it from your office connection.

    --
    jaymz
  4. Depends if someone... by mario_grgic · · Score: 4, Funny

    has written a Visual Basic application to track your IP.

    --
    As the island of our knowledge grows, so does the shore of our ignorance.
    1. Re:Depends if someone... by danhuby · · Score: 5, Informative

      I had no idea what you meant until I saw this: http://www.youtube.com/watch?v=hkDD03yeLnU

      Made me cringe!

  5. Re:Sure. Don't be paranoid! by rolfwind · · Score: 4, Informative

    Apparently they can't meter you too well.

    http://www.digitaltrends.com/computing/att-vows-to-improve-inaccurate-broadband-metering/

    As to the tracking, I'm sure it can be done, however, unlike DNA, spoofing is completely trivial, so I would never be comfortable having it as the only evidence in some type of trial.

  6. No they can not by Charliemopps · · Score: 5, Informative

    Having worked for several large ISPs in their "Copyright infringement" department (ironic I know) I can tell you that no, tracing an IP address back to its original user is not likely and shouldn't be admissible in court.

    The way the system works is this:
    The ISP gets an email claiming copyright infringement on a certain date and time by a paticular IP.
    It's important to note, the ISP has no way of verifying any of the following:
              The email came from the person it's claiming to come from
              That person is the copyright holder
              There is even a copyright on the file in question
              The person sending the email did anything to confirm what they were downloading was a copyrighted file (is batman.zip the new or fan fiction?)
              The ISP can not even confirm that anything at all was downloaded.
    The ISP then takes the IP address provided and the time claimed and compares this to their DHCP server and looks for lease statements before and after the time the file was claimed to be downloaded. So if the complaint was at 10pm and we had that IP time stamps at 9:30pm and 11:00pm for Jim, then Jim gets a letter.

    As you can imagine there are all kinds of holes in this. There are a zillion and one ways that could be inaccurate inside the ISP alone. This doesn't even include all the failures on the part of the copyright holders. We had one that was so inaccurate they were sending us multiple complaints on a daily basis against IPs we hadn't had leased out to anyone for days surrounding the times of their complaints. We made repeated inquiries with the "Company" to try and clarify their problem. But in the end just blacklisted their email accounts. We had other incidents in which the complaint was that the user downloaded a dozen or so movies... but a quick check of their usage logs showed they were using less than a couple hundred meg a month.

    It was clear that the copyright holders were using automated scripting software to flood us with complaints with no real checks and balance on their part and then expected the ISP to do the heavy lifting when it came to investigation.

    1. Re:No they can not by Charliemopps · · Score: 4, Informative

      They are not "helping" the copyright holder, no information is returned to the copyright holder. In every case that I'm aware of they did not even acknowledge receipt of the emails.

      OCILLA (part of the DMCA) gives ISPs safe harbor against litigation for copyright infringement if they take "some action" to prevent the copyright violations. What that "action" is, isn't really defined by the act. In most cases, ISPs send a letter to the customer informing them of the complaint, request that they desist and threaten to disconnect them if they do not. I think disconnections are ebcoming increasingly rare. Most companies do not want to lose customers over this. The entire process is a waste of resources and money to them... and they certainly don't want to be disconnecting paying customers when they really have very little proof that the customer had done anything that would put the ISP in legal jeopardy. Add to that the fact that no lawsuit has been filed against an ISP much less won... and you have a situation in which ISPs are doing the very bare minimum to comply with the law. I've seen this at 2 major ISPs and have a friend working at a 3rd that confirms the same things happen there. Yes, if you're using some antiquated service like limewire, are hosting 50 of the most popular movies in release atm, have a 20mb connection and are uploading gigs and gigs of data a night... Your ISP is probobly going to get a FLOOD of complaints about you and will likely have to do something. But that's your own dumb fault.

  7. You wouldn't like the answers.... by Dcnjoe60 · · Score: 4, Interesting

    ...which of the 4 people living here and on which of the 9 computers (7 physical, 2 virtual) behind my NAT firewall committed the act based on the evidence you have already? Which subnet of my internal network were they using (the virtual machines are subnetted away from the rest of the network)? Is it possible that someone outside my home cracked my wireless security, joined my network, and committed the act in question?

    If you have 9 computers in your possession, the authorities really don't care which is infringing, they are still in your possession. Subnets don't really matter, nor does your NAT firewall, as all they have to do is show that the content in question was transmitted to whatever device you have that is connected to your ISP (usually a router). That is enough to give probable cause for a search warrant (at least in the US). From there, they can confiscate said computers and analyze them looking for signs of the data in question.

    It may be possible that somebody outside your home cracked your security. You could try to use that as a defense, it wouldn't be up to the prosecutor to show that it didn't happen, anymore than they would need to show that somebody broke into your home or business and used your computer. That would be your burden to disprove the prosecutor's case. Besides, a good prosecutor would point out that if you have the smarts to create the network you have described, then you have the smarts to adequately protect it. Negligence usually is not a good defense at a trial.

    Here is an analogy for you. If you loan your car to somebody and they commit a crime with it, the authorities are coming after you. If you have an alibi, that is great, otherwise, you'd better be ready and willing to turn over who borrowed your car. Even with an alibi, if you don't want to be an accomplace, you'd better be ready and willing to turn over who borrowed your car.

    So, back to your 9 computers. If it wasn't you who did whatever, which of your family or users (depending on whether this is a home or work system) did? That is the information they will find out when they confiscate your equipment. Happens every day, all the time.