Could a hacker glean someone's IP address from a Facebook game?
February 7, 2016 1:34 PM Subscribe
Someone on Facebook told our thirteen year-old niece that he knows her IP address and plans to break in and assault her. Is there any way that even a sophisticated hacker could get this from play on one of the Facebook games? Dad says he contacted local police who told him there is nothing they can do and we've asked him to call our state police.
Whether or not it's possible to determine an IP address from a Facebook game, from my understanding, an IP address at best could show someone's general location, but I believe it's unlikely that it would pinpoint their exact address.
(On preview, what TheAdamist said)
Also, have you reported this person to Facebook? I don't know what if anything they could do, but it seems like this is something that should get this person's Facebook account banned. It would also probably be a good idea to see what kind of info your niece has made available on Facebook and on other social media accounts.
This is obviously a really scary threat, but if it makes you/your niece feel any better, I feel like most of the time if someone were actually able and willing to do something like break in and assault a person, they would just do it, not threaten to do it. With that being said, I think you're doing the right thing by reporting it to the police (even if they were unhelpful), and looking into the issue further.
posted by litera scripta manet at 1:52 PM on February 7, 2016 [3 favorites]
(On preview, what TheAdamist said)
Also, have you reported this person to Facebook? I don't know what if anything they could do, but it seems like this is something that should get this person's Facebook account banned. It would also probably be a good idea to see what kind of info your niece has made available on Facebook and on other social media accounts.
This is obviously a really scary threat, but if it makes you/your niece feel any better, I feel like most of the time if someone were actually able and willing to do something like break in and assault a person, they would just do it, not threaten to do it. With that being said, I think you're doing the right thing by reporting it to the police (even if they were unhelpful), and looking into the issue further.
posted by litera scripta manet at 1:52 PM on February 7, 2016 [3 favorites]
If she clicked on a link that passed through their control, or there was an embedded image viewed on a server they controlled, they might have the address, but that would only get you within perhaps tens of miles of a location, hardly even a zip code. Most ISP's (DSL / Cable) have a rotating pool of addresses given out.
posted by nickggully at 1:55 PM on February 7, 2016 [3 favorites]
posted by nickggully at 1:55 PM on February 7, 2016 [3 favorites]
This is among the more annoying lies propagated by TV. An IP address does not resolve to a physical address.
posted by DarlingBri at 1:55 PM on February 7, 2016 [11 favorites]
posted by DarlingBri at 1:55 PM on February 7, 2016 [11 favorites]
I agree with TheAdamist. Its difficult to get the IP address from a 3rd party, and even harder to turn that into a physical address without a court order. Even so, it might be a good time to have your niece check her Facebook profile and lock it down to make sure she's not making anything public.
posted by nalyd at 1:56 PM on February 7, 2016
posted by nalyd at 1:56 PM on February 7, 2016
Every single Web site/service you connect to knows your IP address. So, yes, someone can build a Facebook game and get it. But like others say, this isn't terribly helpful, because it will just resolve to the location of your ISP, not your house.
While the threat is scary, 99.9 percent of them are trolling. If you really want to be scared, realize that if someone were to attack her, she probably already knows them in real life.
Have her change her accounts and passwords. Use basic security precautions. Tell her to stop interacting with people online that she doesn't know.
posted by Cool Papa Bell at 1:57 PM on February 7, 2016 [8 favorites]
While the threat is scary, 99.9 percent of them are trolling. If you really want to be scared, realize that if someone were to attack her, she probably already knows them in real life.
Have her change her accounts and passwords. Use basic security precautions. Tell her to stop interacting with people online that she doesn't know.
posted by Cool Papa Bell at 1:57 PM on February 7, 2016 [8 favorites]
Someone on Facebook told our thirteen year-old niece that he knows her IP address and plans to break in and assault her
That is not a real thing that can happen.
Like everyone's saying, this is a good time to talk about precaution! Teenagers should be using strong passwords and a password manager, keeping their computers and browsers up to date, all the usual stuff. Know how to block people, report abuse and check your privacy settings. But this is an empty threat from an asshole who gets off on scaring women, not a real thing.
posted by mhoye at 2:05 PM on February 7, 2016 [3 favorites]
That is not a real thing that can happen.
Like everyone's saying, this is a good time to talk about precaution! Teenagers should be using strong passwords and a password manager, keeping their computers and browsers up to date, all the usual stuff. Know how to block people, report abuse and check your privacy settings. But this is an empty threat from an asshole who gets off on scaring women, not a real thing.
posted by mhoye at 2:05 PM on February 7, 2016 [3 favorites]
An IP address does not resolve to a physical address.
Correct. MetaFilter keeps IP addresses and we don't know where people live in less they tell us. At best you could get a loose radius and anything more specific than that would need to come from the ISP and they won't release it without a warrant. That person should be reported on Facebook and your niece should be reassured that this is not a thing that can happen.
posted by jessamyn at 2:29 PM on February 7, 2016 [5 favorites]
Correct. MetaFilter keeps IP addresses and we don't know where people live in less they tell us. At best you could get a loose radius and anything more specific than that would need to come from the ISP and they won't release it without a warrant. That person should be reported on Facebook and your niece should be reassured that this is not a thing that can happen.
posted by jessamyn at 2:29 PM on February 7, 2016 [5 favorites]
You can geolocate your own IP address, if you want to find out what location your IP address resolves to. Mine is the center of the nearest big city.
posted by BungaDunga at 2:50 PM on February 7, 2016 [8 favorites]
posted by BungaDunga at 2:50 PM on February 7, 2016 [8 favorites]
I guess if you want to get grimdark worst case scenario about this, the bad actor already works at the ISP which provides the niece's internet access which puts them in a position where they can look up which physical address corresponds to which assigned IP.
posted by juv3nal at 2:53 PM on February 7, 2016
posted by juv3nal at 2:53 PM on February 7, 2016
(On a side note, make sure she knows more than what she did was stupid--she knows that down to her core. Tell her explicitly that she did the right thing in letting everyone know what happened and asking for help.)
posted by eve harrington at 2:56 PM on February 7, 2016 [14 favorites]
posted by eve harrington at 2:56 PM on February 7, 2016 [14 favorites]
Agreed that if all he has is her IP address he doesn't have enough info to find her.
An honest-but-curious person can usually figure out more from our discourse than we think they can, but an IP address wouldn't be the first place they'd look.
posted by tel3path at 3:43 PM on February 7, 2016
An honest-but-curious person can usually figure out more from our discourse than we think they can, but an IP address wouldn't be the first place they'd look.
posted by tel3path at 3:43 PM on February 7, 2016
Response by poster: I forgot to say that we've closed our neice's Facebook account completely and she's getting thorough instruction in Internet safety. Thanks so much everyone!
posted by R2WeTwo at 4:05 PM on February 7, 2016
posted by R2WeTwo at 4:05 PM on February 7, 2016
It is 100% possible that a skilled hacker could glean your niece's home address from interacting with her on a facebook game. This would likely involve multiple steps including compromising the security of your niece's ISP (Or it might just involve extensive regular old googling, depending on how much info your niece's family has online).
That said, this sort of threat, particularly involving the "I have your IP" line, is classic internet tough guy behaviour. My default reaction would definitely be to ignore it.
posted by 256 at 4:19 PM on February 7, 2016 [2 favorites]
That said, this sort of threat, particularly involving the "I have your IP" line, is classic internet tough guy behaviour. My default reaction would definitely be to ignore it.
posted by 256 at 4:19 PM on February 7, 2016 [2 favorites]
(On a side note, make sure she knows more than what she did was stupid--she knows that down to her core. Tell her explicitly that she did the right thing in letting everyone know what happened and asking for help.)
I agree with your second sentence, but am I missing something regarding your first? There have been people speculating about what she might have done, but so far we have no confirmation that the girl has done anything, let alone anything stupid.
posted by Hypatia at 4:25 PM on February 7, 2016 [14 favorites]
I agree with your second sentence, but am I missing something regarding your first? There have been people speculating about what she might have done, but so far we have no confirmation that the girl has done anything, let alone anything stupid.
posted by Hypatia at 4:25 PM on February 7, 2016 [14 favorites]
It is 100% possible that a skilled hacker could glean your niece's home address from interacting with her on a facebook game.
I could probably answer this for sure with wireshark, were I so inclined, but I'm very confident that interactions with Facebook games go through Facebook's servers and come out very well-sanitized at the far side. What you're proposing here is that somebody who can _both_ compromise Facebook in some way, and then compromise an ISP's billing system and their network infrastructure separately, who is then using that information to harass a 13-year-old.
This is not impossible in the sense that there are no physical laws preventing that from happening, but come on. No. That is not happening. This is some badly-raised kid being a jerk.
For what it's worth, I think cancelling her facebook account was an overreaction.
posted by mhoye at 5:14 PM on February 7, 2016 [7 favorites]
I could probably answer this for sure with wireshark, were I so inclined, but I'm very confident that interactions with Facebook games go through Facebook's servers and come out very well-sanitized at the far side. What you're proposing here is that somebody who can _both_ compromise Facebook in some way, and then compromise an ISP's billing system and their network infrastructure separately, who is then using that information to harass a 13-year-old.
This is not impossible in the sense that there are no physical laws preventing that from happening, but come on. No. That is not happening. This is some badly-raised kid being a jerk.
For what it's worth, I think cancelling her facebook account was an overreaction.
posted by mhoye at 5:14 PM on February 7, 2016 [7 favorites]
For what it's worth, I think cancelling her facebook account was an overreaction.
Seconding this. Yeah, in theory someone could stalk your niece from information she revealed on facebook, (more likely from something she said than anything technical) but "I have your IP address and now I'm going to find you" is exactly the type of macho bullshit that idiots say online because it makes them feel big and scary. (And for reasons others have covered, this particular phrasing makes it less likely that this guy is a real threat. Anyone who could actually do this sort of thing would know that there is a long way between having an IP address and having a physical address. To make an analogy with identity theft, if having the physical address is having someone's bank account information, having the IP address is knowing which bank they bank with.)
From where I'm sitting it seems like you've sent your niece one message loud and clear: "When men behave badly toward you, it is your fault, and you deserve to be punished for it."
posted by firechicago at 7:04 PM on February 7, 2016 [19 favorites]
Seconding this. Yeah, in theory someone could stalk your niece from information she revealed on facebook, (more likely from something she said than anything technical) but "I have your IP address and now I'm going to find you" is exactly the type of macho bullshit that idiots say online because it makes them feel big and scary. (And for reasons others have covered, this particular phrasing makes it less likely that this guy is a real threat. Anyone who could actually do this sort of thing would know that there is a long way between having an IP address and having a physical address. To make an analogy with identity theft, if having the physical address is having someone's bank account information, having the IP address is knowing which bank they bank with.)
From where I'm sitting it seems like you've sent your niece one message loud and clear: "When men behave badly toward you, it is your fault, and you deserve to be punished for it."
posted by firechicago at 7:04 PM on February 7, 2016 [19 favorites]
I forgot to say that we've closed our neice's Facebook account completely and she's getting thorough instruction in Internet safety.
That instruction being that the authority figures in her life don't understand Internet safety, and are best kept out of the loop in the future?
posted by Shmuel510 at 7:28 PM on February 7, 2016 [17 favorites]
That instruction being that the authority figures in her life don't understand Internet safety, and are best kept out of the loop in the future?
posted by Shmuel510 at 7:28 PM on February 7, 2016 [17 favorites]
I forgot to say that we've closed our neice's Facebook account completely and she's getting thorough instruction in Internet safety.
This is like saying, after niece got rear-ended by another driver, "We've signed her up for lessons in driving safely and taken away the car."
She's a female on the Internet, she's going to deal with threats, some serious and some overblown. Taking away the account doesn't help her learn any of these lessons. It just teaches her to open a new account and not tell you about it.
posted by mmoncur at 8:17 PM on February 7, 2016 [19 favorites]
This is like saying, after niece got rear-ended by another driver, "We've signed her up for lessons in driving safely and taken away the car."
She's a female on the Internet, she's going to deal with threats, some serious and some overblown. Taking away the account doesn't help her learn any of these lessons. It just teaches her to open a new account and not tell you about it.
posted by mmoncur at 8:17 PM on February 7, 2016 [19 favorites]
Taking away her FB account is a massive over-reaction. Either this individual already has her details or they don’t. Cancelling the account wont change that. Fixing the FB privacy settings to not share any personal information & not playing FB games that demand access to all your personal data *would* be a good lesson to learn however.
If your internet connection is an ordinary consumer one then the address registration is that of your internet service provider - only someone with access to the ISP’s internal databases (or an officer with a warrant) can get access to the data that ties a particular ip address to a particular customer at a given time. (Some households do have static ip addresses. By way of example, you can look mine up in the whois database, get my full name & then look that up in any number of 'find this person in this town' services that will reveal my address for a small fee.)
posted by pharm at 1:48 AM on February 8, 2016 [3 favorites]
If your internet connection is an ordinary consumer one then the address registration is that of your internet service provider - only someone with access to the ISP’s internal databases (or an officer with a warrant) can get access to the data that ties a particular ip address to a particular customer at a given time. (Some households do have static ip addresses. By way of example, you can look mine up in the whois database, get my full name & then look that up in any number of 'find this person in this town' services that will reveal my address for a small fee.)
posted by pharm at 1:48 AM on February 8, 2016 [3 favorites]
Just to clarify, if you don't have a static IP address [most people don't unless they specifically ask for one], simply resetting your router will mean you pick up a different address. In the case of a non-static address 'your' address is only a temporary thing, so even if someone does have an IP address, it doesn't permanently resolve to you.
posted by HiroProtagonist at 8:15 PM on February 10, 2016 [1 favorite]
posted by HiroProtagonist at 8:15 PM on February 10, 2016 [1 favorite]
Response by poster: Just quick response to the very thoughtful reaction that we may be punishing a young girl inappropriately or unnecessarily. Closing the Facebook account was not at all a punishment. The family had a discussion and it was agreed that Dad is going through a period of increased stress at work and this might not be the best time to teach and model good Internet safety. Our niece is on the young side of her age and hadn't had an account very long PLUS, a newer iPad was part of the deal. She's very happy with the arrangement and I believe they plan to revisit Facebook in a few months.
posted by R2WeTwo at 6:43 PM on April 15, 2016 [1 favorite]
posted by R2WeTwo at 6:43 PM on April 15, 2016 [1 favorite]
That sounds very reasonable and I'm glad to hear it! Thanks for the update!
posted by mmoncur at 9:35 PM on April 15, 2016
posted by mmoncur at 9:35 PM on April 15, 2016
This thread is closed to new comments.
But depending on what she's posted to Facebook, the physical address could be figured out. This is the more likely scenario.
posted by TheAdamist at 1:43 PM on February 7, 2016 [11 favorites]