Skip Links

Can your IP address give away your identity to hackers, stalkers and cybercrooks?

By Julie Sartain, Network World
July 16, 2013 10:04 AM ET

Network World - In today's world of hackers, stalkers and cybercriminals, not to mention government spy programs and commercial sites that collect information about you for advertising purposes, is there a way to surf the Web and keep your privacy intact? Or does that mere fact that you have an IP address mean that your identity is out there for the taking?

(7 ways to mask your Internet identity

Turns out, there’s no easy answer to this question. (Watch the slideshow version.)

Legally, an IP address does not constitute personal identifiable information, according to two recent court cases.

In July 2009, in a case involving Microsoft, the U.S. District Court for the Western District of Washington ruled that IP addresses do not constitute personal identifiable information (PII). And in a separate case in 2011, the Illinois Central District Court also ruled that an IP address does not — by itself — qualify as personal information that can accurately identify a specific Internet user.

Alan Webber, a research analyst at the Altimeter Group, agrees that "with the exception of law enforcement personnel who have other tools and methods to match IP addresses to a variety of sources (which provide additional information); at this time, an IP address, alone, cannot identify a specific person."

He adds, "However, when combined with other information, such as a user name, then yes, the IP address can reveal your identity."

Scott Crawford, managing research director at Enterprise Management Associates, explains that an IP address identifies a host on a specific network or subnet. That subnet may identify a set of logical addresses that can, in some cases, be associated with a physical location. For example, there could be an address range associated with ISP subscribers in a certain area.

Crawford emphasizes that when correlated to more specific information (such as address, browsing activity, or other data collected), during the course of online transactions; for example, the IP address can be associated with that activity or with a specific location. Although ISPs often assign addresses dynamically through protocols such as DHCP, it’s not uncommon for a single, physical location (such as a home) to retain the same IP address for a long period of time. "Once the specific personal data is linked to the IP address, the activity associated with that address can be correlated accordingly," adds Crawford.

It can be done

Andrew Lee, CEO of London Trust Media, Inc./PrivateInternetAccess.com (a VPN service that protects users' privacy and identity), says linking users to their IP address is not simple, but it can be done. Many email providers, some IRC networks, extreme tracking sites, poorly configured forums and design flaws in applications such as Skype and AOL (among others) have disclosed users' identities along with their IP addresses.

He adds that email providers have been known to leak IP addresses to advertisers, market researchers, and other such agencies and some emails (like those from mailing lists) are indexed by Google. "Thus, the IP becomes searchable," Lee says. "Programs such as skypegrab.info (now inactive), which reveals users' personal data are developed every day by programmers across the globe. Extreme tracking sites link IPs to Google searches and make them public. And business websites including, but not limited to, Facebook, Twitter, Google, etc. — in addition to ad targeting companies — already have your personal info linked to your IP address in their databases. Anyone with access to those databases, including those with legitimate or illegitimate access (such as hackers), can obtain any and all of that information."

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News