Confusion about the concept of IP address

Toggle sidebar Toggle sidebar
B

brannsiu

Distinguished
Apr 20, 2013
1,064
3
19,285
Some said IP is used to determine the uniqueness of somebody or a location.

Some other said the same IP could be assigned to different locations / people at the same time. In that case how can we determine the uniqueness of somebody or a location with IP address? (In case of fraud or police investigation)

Regardless of the money spent, considering only the feasible technology, is it possible for a very high-tech website to be 100% bullet proof that any of two traffic/logins are actually from the same LOCATION?

In other words, is it technically possible for a very high-tech website to flawlessly determine if the traffics accesses the website with two different logins, at the same time or different time, are actually coming from the same computer and in the same physical location?


 
Solution
H
most of the time a website doesnt get a whole lot of information about the user. it doesnt get a login information from the pc. it just gets an ip and a browser client and the o.s brand and version.
to get more information it would have to reverse look up your system and even then the request will most likely be rejected a the firewall.
again leaving them with just your ip and browser client info.

to get information on who is actually logged on to the system they would have to have done 1 of 2 things. injected personally identifiable information into your browser cookies such as with google analitics/flash settings or hack there way in.

the cookie method only works if both users use are logged in with different accounts as only then...
Sort by date Sort by votes
M

maxwellmelon

Splendid
Oct 2, 2013
2,511
0
24,010
Ip can be traced down to a house sometimes. Most modems are dynamic so they change ip address every time they connect or in other cases. Your ISP assigns you an ip on there network to your modem and most the time they keep a log of when that number was assigned (date/time). Your modem number is registered with your isp when you set up service. (so now your isp knows your address and what ip you were assigned at what time). so when you request data from the internet your isp sends a req for what ever data and then when there routers get the data back they send it down to your modem for your modem. Now your ISP computers have Fixed ip address (they don't change and ususally because there large companys they will have there area subdivided to different Fixed ip address) so Comcast for lets say florida will have a fixed connection to the internet backbone using 1.2.3.4 and for Alabama will have 1.2.3.5. so people who know this basic info can know what general area your in, but to get ur exact location they have to get ur ISP to tell them or your device itself to tell them. a VPN is a good way to trick tracking as it sends it to a computer lets say in calforina then that computer realays it back to florida but trust me VPN will not slow down FBI much in finding you.
 
Upvote 0 Downvote
L

little_me

Splendid
May 9, 2015
1,672
40
21,740
there are public IP's and private IP's
most common private ip ranges are 192.168.0.0 and 10.0.0.0, these ALWAYS sit behind a NAT/router.
Thus, yes, more than two computers can have IP 192.168.12.76
The problem with that is, it is not really visible to the website server, since they see the modem/router's external IP, which is usually given with DHCP by the ISP from the pool of IP's they have.
These IP's are public. at one point of time, only ONE router/modem (or computer, if the connection is bridged) can have that IP.
as soon as IP is renewed or computer is restarted or... similar, said IP can and usually will be given to someone else.
so at 10:25am, it could be person A and at 10:26am, person B (in theory)

So.. unless you have paid for static IP, IP address is not anywhere certain method of identifying a person/computer.
Yes, ISP IP's can be traced to the ISP and thus general area where you are.


What can the website see of visitor? Following site gives decent example, which by far is not everything possible.
http://www.whatsmyip.org/more-info-about-you/

Short answer, if they wanted, they could in theory pool up all kinds of data to determine if computer is same. Most of the extra things rely on javascript and/or flash to scan the installed fonts (and their order) making the installation pretty unique, according to some.
http://superuser.com/questions/470348/how-much-information-can-websites-get-about-your-browser-pc

Most websites don't really care about that since what would they gain by being 50 to 80% certain of it? (at least publicly, they might still gather said statistics internally)

To determine if it is indeed different person on same PC, it gets tricky since without separate app installed on computer, they can't determine much more than that besides login/password (and possibly 2-factor authentication through phone/phone app)
 
Upvote 0 Downvote
B

brannsiu

Distinguished
Apr 20, 2013
1,064
3
19,285
To maxwellmelon and All,

First I want to be clear to you guys that I am by no means doing anything that violates law or avoiding FBI

I can see there are a lot of technical replies, but first I wish to be exactly clear about something--- Assume that my ISP will not provide any information or co-operation to the third party website (because they are NOT the Police) . Could a website with the most sophisticated and expensive system be able to determine that any two logins are actually from the SAME computer at the SAME exact locations?

Sorry I do not speak English very well. I hope you guy get what I mean. Just an example, a high-tech website who does not worry about money wants to develop a website with system that seriously prohibits one person or one family in a flat/location using two or more of their accounts.

Their policies and assumption - The same computer at a particular location will only be used by one person. If it's used by more than one person, it's also considered to be used by one person.

As I said before, Assume ISP and the Police will not give them any information or help on investigation. Assume they have the best system, when I login with two accounts with the same computer at the same location, is it technically possible for their great system to detect that they are from the SAME computer at the SAME precise location? Or could they the best only know that both logins are from computers with the same configuration (but unable to bullet prove that they are the same) and at a nearby location (not precise location)????

In other words, to put it more simply, without the help of ISP or the Police, Is it technically impossible to bullet prove that any two logins are actually from the same computer at the same location???
 
Upvote 1 Downvote
Ralston18

Ralston18

Titan
Moderator
Oct 11, 2014
34,905
3,325
146,290
Yes, as a matter of forensics and analysis, it is probably technically possible to prove that two logins are coming from the same computer at the same time.

1) the same computer cannot be at two locations at the same time but the geolocation information could be spoofed.

2) the same computer could be spoofing MAC addresses as well.

However, any website seriously concerned about such spoofing would probably require some sort of client, cookie, or algorithm be installed to prevent "double" or "dual" use in the manner you describe.

Much like software can be tied to hardware nowadays to prevent software piracy. Or perhaps a physical USB key that would be required and only permit or otherwise allow only one logon.

And over some time there could be collection and analysis of electronic forensics that could demonstrate simultaneous use.

Many things have unique electronic signatures, machines, aircraft, ships. Telegraph operators could be identified by their "hand" if I remember the terminology correctly.

Why not computers? Could be a bit more difficult to determine and prove but I think that it is doable.

And if necessary - someone will do it.....

Just my thoughts.







 
Upvote 1 Downvote
B

brannsiu

Distinguished
Apr 20, 2013
1,064
3
19,285



Hi, did you actually mean 'browser fingerprinting...??

At your last few lines you said..
-------------
Why not computers? Could be a bit more difficult to determine and prove but I think that it is doable.

And if necessary - someone will do it.
-------------


Excuse me I do not read English very well. Did you mean that it's quite unlikely for a system to automatically determine if two logins are actually from the same computer at the same locations but it's still possible to spot out the fact (two logins are actually from the same locations) by large number of data analysis with help of human?
 
Upvote 0 Downvote
Ralston18

Ralston18

Titan
Moderator
Oct 11, 2014
34,905
3,325
146,290
No problem. You are doing okay with the English.

I would not say "quite unlikely". Difficult to do perhaps but not unlikely.

And yes with some data analysis and human insight two logins from the same location can be spotted. (You could use the word detected instead of the word spotted.)

It would be similar to browser fingerprinting but include more information with respect to other software, hardware, communication components.

Would not be surprised if such detection is not already being done somewhere or at least being worked on for cybersecurity purposes.
 
Upvote 0 Downvote
H

HEXiT

Champion
Mar 13, 2011
10,957
13
51,965
most of the time a website doesnt get a whole lot of information about the user. it doesnt get a login information from the pc. it just gets an ip and a browser client and the o.s brand and version.
to get more information it would have to reverse look up your system and even then the request will most likely be rejected a the firewall.
again leaving them with just your ip and browser client info.

to get information on who is actually logged on to the system they would have to have done 1 of 2 things. injected personally identifiable information into your browser cookies such as with google analitics/flash settings or hack there way in.

the cookie method only works if both users use are logged in with different accounts as only then would 2 different cookie requests be made by said users. as cookies aren't shared by the browser across logins.

as for flash it would be something similar to the cookies, as flash can store personally identifiable info.
but again has to be sent from the site and accepted to be stored on your machine.
so as long as you remove that stored info at log off they wouldnt be able to tell which account is being use unless they actually attack your machine and basically hack you which is illegal.

anything more than that then its called hacking. they would litrally have to get past your firewall and monitor your network for logins. without a court order/warrant to do this, it would be illegal. the only otherl way some 1 can get your personal info attached to an ip is to approach your isp as said earlier but again this would just identify the person paying for the account and not the person using the computer.

i have heard of people being sent letters from supposed legal reps of content creators claiming they have login information proving you personally downloaded a file illegally.
they then threaten the person with 2 options pay a small fee to them directly or be taken to court and face potentially much much larger fines.
most of these are actually scams
there only intention is to get you to pay the small fee which is a mistake for 2 reasons.
if you accept to pay you just potentially admitted guilt and 2 they are just fishing in the hope you bite.
im guessing this is why your asking?

 
Upvote 1 Downvote
Solution
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom