Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Does your IP address betray you to data-harvesters?

Julie Sartain | July 22, 2013
In today's world of hackers, stalkers, and cybercriminals, not to mention government spy programs and commercial sites that collect data about you in order to target ads, does your IP address rat you out to these information-gatherers?

IP tracking

In today's world of hackers, stalkers, and cybercriminals, not to mention government spy programs and commercial sites that collect information about you for advertising purposes, is there a way to surf the Web and keep your privacy intact? Or does that mere fact that you have an IP address mean that your identity is out there for the taking?

Turns out, there's no easy answer to this question. 

Legally, an IP address does not constitute personal identifiable information, according to two recent court cases.

In July 2009, in a case involving Microsoft, the U.S. District Court for the Western District of Washington ruled that IP addresses do not constitute personal identifiable information (PII). And in a separate case in 2011, the Illinois Central District Court also ruled that an IP address does not — by itself — qualify as personal information that can accurately identify a specific Internet user.


SHUTTERSTOCK

Alan Webber, a research analyst at the Altimeter Group, agrees that "with the exception of law enforcement personnel who have other tools and methods to match IP addresses to a variety of sources (which provide additional information); at this time, an IP address, alone, cannot identify a specific person."

He adds, "However, when combined with other information, such as a user name, then yes, the IP address can reveal your identity."

Scott Crawford, managing research director at Enterprise Management Associates, explains that an IP address identifies a host on a specific network or subnet. That subnet may identify a set of logical addresses that can, in some cases, be associated with a physical location. For example, there could be an address range associated with ISP subscribers in a certain area.

Crawford emphasizes that when correlated to more specific information (such as address, browsing activity, or other data collected), during the course of online transactions; for example, the IP address can be associated with that activity or with a specific location. Although ISPs often assign addresses dynamically through protocols such as DHCP, it's not uncommon for a single, physical location (such as a home) to retain the same IP address for a long period of time. "Once the specific personal data is linked to the IP address, the activity associated with that address can be correlated accordingly," Crawford adds. 

Path to protection
Andrew Lee, CEO of London Trust Media, Inc./PrivateInternetAccess.com (a VPN service that protects users' privacy and identity), says linking users to their IP address is not simple, but it can be done. Many email providers, some IRC networks, extreme tracking sites, poorly configured forums, and design flaws in applications such as Skype and AOL (among others) have disclosed users' identities along with their IP addresses.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.