Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Does your IP address betray you to data-harvesters?

Julie Sartain | July 22, 2013
In today's world of hackers, stalkers, and cybercriminals, not to mention government spy programs and commercial sites that collect data about you in order to target ads, does your IP address rat you out to these information-gatherers?

He adds that email providers have been known to leak IP addresses to advertisers, market researchers, and other such agencies and some emails (like those from mailing lists) are indexed by Google. "Thus, the IP becomes searchable," Lee says. "Programs such as skypegrab.info (now inactive), which reveals users' personal data are developed every day by programmers across the globe. Extreme tracking sites link IPs to Google searches and make them public. And business websites including, but not limited to, Facebook, Twitter, Google, and others-in addition to ad targeting companies-already have your personal info linked to your IP address in their databases. Anyone with access to those databases, including those with legitimate or illegitimate access (such as hackers), can obtain any and all of that information."

David Gorodyansky, CEO of AnchorFree's HotspotShield (an Internet security solution that includes anonymous browsing) agrees the IP address can be linked to a specific individual's name, address, and other personally identifiable information. According to Gorodyansky, hackers and malware programs attempt to compromise user identities by gaining access to their IP address and then tracking them on the web.  

"An IP is like your digital address," Gorodyansky says. "It provides intel on the city and state of the ISP location, which can be linked back to a residential address if accessing a Wi-Fi hotspot from home. Based on the IP address, companies and hackers collect information about individuals without knowing specific details such as their name. Third party websites and hackers can collect this data and, for example, use it to identify your name and steal or resell your identity and/or track your web browsing habits."

Surfers, beware
John Kindervag, a security and risk analyst at Forrester, says that the IP address can be tracked, but with some limitations. The IP header should not have any personal information in it. The mapping of the IP address is performed at the ISP level and, since there is no real user information in the headers, the assumption is that since person A lives at the location where the IP address is assigned, then person A created the traffic.

"This is a flawed assumption," Kindervag says. "Person A's network could be compromised, especially if it's wireless, to hide the identity of an attacker. Attackers always spoof their IP address, sometimes by using someone else's network and sometimes by going through a proxy server located in some other country. The attacker could live next door, but make his/her traffic look like it came from Eastern Europe."

According to Andrew Lewman, executive director at the Tor Project (a free anonymity online service), lots of companies use GeoIP databases to determine where a potential or actual customer is located in the world and then directs the marketing pitches appropriately. "Criminals also use GeoIP databases to target geographic areas for various malware attacks (English vs. French vs. Spanish languages, donation scams based on localized events). Child molesters and kidnappers can also use the IP address to track where a potential victim is located and further convince the victim that they are local and friendly," Lewman says.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.