What can I glean from an IP address?
January 29, 2015 8:21 AM   Subscribe

I use Statcounter to track who visits my Tumblr, and a couple of IP addresses in a couple of towns are giving me some concern.

I try to keep my account relatively anonymous because of various workplace bitching, etc. (nothing super illegal or racy), and it seems like I might be "out" to some people IRL based on the locations named in their IP addresses. Is there any way to more precisely determine who or where the user is, based on IP address, city/state/nation, browser, and/or OS? Or is this a futile exercise and I'd be better off scrubbing the blog and changing my URL?
posted by witchen to Technology (2 answers total) 5 users marked this as a favorite
You can get an idea of where people are but not too specifically. For example, go to this page and see where it shows that you are based on a few different databases. None of the locations it shows for me are correct and a few are actually in other states. Depending on how various people's ISPs are configured you might get as close as the business they works for (remember the whole "People from Congress are editing Wikipedia pages of rival Congresspeople thing?) or you might just get the address for a central router somewhere (you see a lot of these winding up in Kansas for example). So it depends on a lot of things. This article breaks it out a bit more and might be worth a read.
posted by jessamyn at 9:18 AM on January 29, 2015

There are quite a few free and commercial IP-to-location databases out there, but they're not generally much more accurate than whatever Statcounter would be using. Which is to say somewhat accurate, but not generally with much better granularity than town/city.

If you have suspicions about specific individuals and want to see if their IPs match up, there are couple of fairly easy ways to check, although they aren't foolproof.

Examining the headers (and here's a neat tool to analyse the header text) of any emails they've sent you may reveal the IP of the computer the email was sent from, although if they're not using an email client that's sending directly from their machine to an SMTP server then their actual IP may not appear in the delivery chain. Webmail users, for example, probably won't have their IP included in the headers, Exchange accounts may or may not include the originating IP, mobile devices are hit or miss and also move around to other networks frequently. Basically, there are a lot of reasons why examining email headers might not work, but it can be worth a try.

The second is a bit more technically difficult, but was used effectively by the Toronto Star to reveal the IP of an anonymous political Twitter poster. You would need access to the hosting of some other website. The gist of it is, you send them a link that looks innocuous but that you have crafted specifically for them and that is not easily reachable by normal visitors. After that, you check the IPs that visit that address and compare them with the ones that worry you. If you can induce someone to visit anywhere where you have access to visitor information, under whatever pretense, that should give you enough to cross reference. And there are also reasons why this approach might not work (proxies, visiting from work vs. home, a dynamic home IP that frequently changes, mobile devices, etc.) but again it might be effective.

But yes, you may be better off changing URLs if you're worried.
posted by figurant at 9:38 AM on January 29, 2015 [1 favorite]

« Older recommend a Memphis realtor?   |   Are There Contingency Plans in the Event of a... Newer »
This thread is closed to new comments.