The nomenclature of the web is vast. But even though words become commonplace, people often don't know what they really mean.
But they should.
An IP address, for instance, is a ubiquitous part of the online experience, but few know what it is. And, even scarier, many don't know the kind of information IP addresses can reveal.
What is an IP address?
At its core, an IP address is an online unique identifier. Every computer has its own IP address, and it is through this naming system that computers can connect with each other and share data.
A standard IP address (using what's known as the IPv4 protocol) contains four individual numbers separated by a decimal.
While every computer is given its own IP address, the outside world rarely has access to it. Routers, instead, connect to individual computers, and it's the routers that then connect to the rest of the internet using their own individual IP address. Think of routers as the bridge between the network within your house (or business, library, coffee shop, etc.) and the outside world network (that is, the internet).
When you send an email or visit a website, the IP address being shared is that of your local router — provided by your Internet Service Provider (ISP) — and not the individual address assigned to your computer. All the same, whether someone knows the address of your computer or your network, these numbers are able to tell a bit about who you are and what kind of sites you surf.
What sort of personal information is shared with an IP address?
This most personal kind of information that can be shared in IP address itself is geolocation. But the good news is, because you are connected to a network and it's the network's IP address being shared, your precise location is not shared.
For instance, you may send an email from your home, and someone may be able to know the city from which it was sent, but it’s highly unlikely they’ll be able to access any other granular information about you.
Instead they'll probably see the information of your ISP. While this may give geolocation data about the general area of your router, it will not give a street address.
But there's a catch...
Alone, the IP address can't share much more about you than a generalized location of where you might be at a certain time.
The trouble is, onlookers can in some cases look at the online activity associated with a particular IP address. Then, they can stitch together a lot of information about the people or even a single person who's accessing the internet from that address.
The Canadian Privacy Commissioner’s Office (OPC) set out to see what sort of information it could dig up using the IP address of its own network. From there the researchers used a search engine to find details about the people who had used the internet via that network.
Here are some of the sites and services the people using the OPC IP address visited:
Legal advice related to insurance law and personal injury litigation
A specific religious group
Online photo sharing
The revision history of a Wikipedia entry
The OPC also did a second experiment where it looked up the IP address of a person that had edited a Wikipedia entry (these IP addresses are public), then entered that IP address into a search engine. It got all kinds of information back, such as all the other entries that person had edited, and the fact that the person had visited an online message board related to sexual preferences.
The report explained that using these tactics it was not hard to get a "glimpse into the kind of portrait that authorities could be able to paint of individuals without needing to obtain prior judicial authorization."
In other words, an employer can figure out a lot about the people who are using the internet from work. Or, in theory, your ISP could figure out a lot about the activities of its subscribers. Or, an online advertising network could associate a particular IP address with a lot of online activity over time and use that to target advertising.
What is the worst case scenario?
With the help of the authorities, it is possible to discover more than just hearsay information. For instance, the OPC cites a case in the US where the authorities, knowing only the IP address, contacted the ISP and were able to find the identity of a person sending harassing emails.
They did this by receiving the exact locations where the emails were sent from the ISP. Many of these places were hotels, and the FBI was able to find one common name on all of the hotels’ guest lists. Then, the FBI got a warrant to investigate that person's email account.
This does require a certain set of knowhow. While it's relatively easy to find out an IP address (you can look up your own by going to websites like IP Chicken), finding real actionable information from it takes some finesse.
But once you have that finesse, with a little bit of imagination, some creepy details may be discovered.