How to find the IP address of someone who CREATED an email address?
December 23, 2016 8:16 PM   Subscribe

Is it possible for someone to find out the IP address and location of someone who set up a GMail account? If so, how?

I'm pretty much obsessed with the recent kidnapping case of Sherri Papini, and active on some of the boards and Reddit discussing it. She was kidnapped in early November, then released on Thanksgiving day. Nobody knows who did it.

People working with an "anonymous donor" (using an anonymous email address) are taking credit for her release, by claiming the $100,000+ reward used to solicit info scared her abductors.

A common theory is that the anonymous donor was part of the kidnapping in some way. As a result, one supposed web sleuth claims to have solicited the help of three seperate IT professionals, each who determined the same geolocation of where the email was created (in the same town as where the girl was abducted).

Anyway, many are calling bullshit (like me). But, she insists this is true.

I imagine someone working at Google could possibly look this up, but three people? This seems like highly confidential info.

Alas, looking for any insight if this is possible, if so, how it would be done both technically, and personally the ramifications for someone searching and releasing this info.
posted by Unsomnambulist to Computers & Internet (15 answers total) 1 user marked this as a favorite
 
If you send gmail through a desktop client such as Outlook, your IP address is usually embedded in the email headers.
posted by TestamentToGrace at 9:11 PM on December 23, 2016


I'll start off by saying that the whole conspiracy they've spun on that site sounds like bullshit to me.

If you directly received a message from a Gmail account, the originating IP address is in the message, which tells you who owns the IP address block. Let's say you got another message from a known person near the same time from the same IP address. You could make an educated guess that the two accounts are connected. However, it's easy to fake email headers, so that's not at all ironclad evidence. I have doubts that this anonymous donor replied to a bunch of conspiracy nuts after the victim was found.

If you knew someone who worked at the ISP who owns the IP address and had access to their logs, or someone in the right law enforcement agency, you could connect the IP to an individual at a specific time. Both of the above scenarios seem very unlikely.

Again, the whole conspiracy angle is pretty disgusting, and people really ought to leave that poor couple alone.
posted by cnc at 9:13 PM on December 23, 2016 [3 favorites]


cnc, you still wouldn't know the ip of the computer that created the Gmail address. That is only with Google.
posted by durandal at 9:19 PM on December 23, 2016 [6 favorites]


The only way I could think this would work is if

1. Gmail acct created recently
2. Whatever emails sent from account
3. Someone be gets into the accounts (hack) and looks at up history
4. Assumes the first/earliest entry in the history is the originating

I had to create a bunch of gmails for someone and I think the original ip was in the history. Too brain dead to replicate ATM
posted by tilde at 9:23 PM on December 23, 2016


Oh shit this has led me to this excellent tool though.

Google header analysis
posted by durandal at 9:43 PM on December 23, 2016 [3 favorites]


@durandal - Whether or not your personal IP is in a GMail message depends on how the ISP has their network setup. I sent a Gmail message via webmail to another provider, and *my* external IP address is in the header of the message. I'm a Comcast customer. If your ISP is using a NAT firewall or something then it would show that IP and not yours. In my case, it's the IP of my external firewall/router in the message - my IP address.

To be clear, this is the computer that sent the email, not that created the address. You're right that only Google (and the ISP and the NSA) have that information. So you could theoretically find a computer that sent a message from that address, but not the computer that created it.
posted by cnc at 10:20 PM on December 23, 2016 [1 favorite]


The ISP won't have that info, they'll just see an 443 connection to mail.google.com. No way to know if the first one is a signup or if it's a visitor to the house accessing mail.
posted by jaduncan at 12:14 AM on December 24, 2016 [1 favorite]


That's assuming the person concerned isn't smart enough to go to a different town before sending emails regarding their FBI-policed crime, too. The whole thing sounds like 100%, Grade A, copper bottomed bullshit.
posted by jaduncan at 12:21 AM on December 24, 2016 [1 favorite]


For what it's worth, the Umbrella guy claims that one of the IT people works for Google, so that's one way they definitely could have that info.

On the other hand most people who "work for Google" don't have access to arbitrary Gmail accounts, and Google's not exactly known for cooperating with people who randomly ask them for info without warrants.
posted by mmoncur at 4:17 AM on December 24, 2016 [5 favorites]


*Worked* for Google if they outed an account holder's information without authorization.

Sign me up for grade-A, pure-D, copper-bottomed bullshit too. The whole case is obviously a social media driven scam and these are opportunistic con artists.
posted by spitbull at 4:53 AM on December 24, 2016 [2 favorites]


Three different professionals given the same IP could link it to a similar location because they will all be using the same geolocation databases which have varying degrees of accuracy. Many of these DBs are aggregates that will provide multiple results. I would find it highly suspect that three unrelated IT professionals would all supply this blogger with a single identical result. For instance, I just checked my current IP and the four geolocation data results were all reasonably close to each other in terms of lat/longitude but about 9-10 miles away from my actual physical location. To link my current IP to my exact physical address would require a warrant for my ISP or hacking.

Google anonymizes IPs of searchers after 9 months, but I don't know what their policy is on google account creators.

I noticed in the linked thread that "Umbrella" didn't provide answers to pertinent and easily answerable questions--how did they communicate with the IT professionals, what was the content of those emails/communications (with identifying info hidden, of course), and what were the methods used to source this data.

So, no, this doesn't pass the smell test for me. I mean, the kidnapping may be part of a grand conspiracy, but Umbrella's evidence is useless without the ability to scrutinize sources and methods. If the IT professionals were part of some well-respected and identified forensics group I would be willing to trust their expertise, but anonymous IT people doing black box stuff reported through the lens of a tech-illiterate blogger? Nope.
posted by xyzzy at 4:59 AM on December 24, 2016 [1 favorite]


All decent tech companies strictly control customer data and make it near impossible for anyone to look at it without an immediate need and audit trail. Seems incredibly unlikely that one of Google 60,000+ employees would have access and risk their career on looking up sensitive data.
posted by JonB at 5:42 AM on December 24, 2016 [8 favorites]


Geo-location databases routinely mark me as being in Indiana when I actually live in Chicago. They are only as accurate as their inaccurate data and depend on inaccurate things like how major national ISPs assign addresses.
posted by srboisvert at 2:57 PM on December 24, 2016


I was once intimately acquainted with a case discussed at length on websleuths and I can confirm that site is a hotbed of bullshit. They don't usually let people post direct untruths but the interpretation and extrapolation of the few nuggets they have to work with is all wrong. I think most of the people who post there know that and don't care, it's just a fun hobby for them to speculate, so they don't make much effort to conform their theories to fact either. There are a couple true believers but it's mostly bored people who are stuck at home for some reason spinning wild tales.
posted by fshgrl at 6:06 PM on December 24, 2016


Best answer: While there is the remotest possibility that given the perfect circumstances and access to just the right NSA-level tools you could do this... no. It's literally the easiest thing in the world to fake this sort of thing - nearly anything is possible. Magic doesn't exist, but confirmation bias does.
posted by HannoverFist at 11:50 PM on December 24, 2016


« Older Lamb Shanks + Sous Vide = ?   |   I live on a busy street. What kinds of plants or... Newer »
This thread is closed to new comments.