30

22 comments

I'm always so confused by this. Keffals was threatening to release IP addresses, but realistically how likely is someone to ID someone else through that alone? An IP address is a vague geolocation of where someone's internet is pinging off of. Wouldn't it be a hell of a task to try to locate someone who lived in even a small sized town armed with only that information?

very few people have fixed IPs but work places do so if you work in a bank and use the internet during your lunch break its posible to pin you down, Internet providers buy IPs in packets they get allocated to users at random, turn your router off and on again later and you will get a different one.

I remember years ago some idiot on a forum tried to threaten me by showing my IP address claiming he could hunt me down (all for the crime of playing video games while being female), I showed him his, turned my router on and off and asked him to check mine again, that shut him up.

Internet forum for games... Could it be... GameFaqs? I know that forum is VERY toxic and some users there claim they can hack people... How did he manage to grab your IP and how did you grab his by the way?

Nope it was a small forum for a TV show years ago on the TV channels website, I had Linux at the time on my big beige box of a pc, very nice OS it was, had a lot of interesting features. I once had a program that spoofed the details of whomever was trying to hack me so they just saw themselves, no idea what it was called, we are talking like 20 years ago, I remember having a program that watched all the ports and constantly updated about attacks and their origins so I could potentially attack them back if they annoyed me too much, all kinds of interesting things, I think you could just see it in source back in those days, as I said can't remember.

from the further description though it sounds like they probably didn't manage to get any data after all. Hmm

(Just turned on my vpn after reading your headline). I have a question, because I'm very ignorant about this stuff.

I assume from what you write, together with the link, that you're not talking about just usernames and passwords being vulnerable in a breach, but that those with evil intent getting hold of the IP you're browsing from and from there IDing you, somehow? Is that right?

Here's my related dumbo question no. 2, if I have no 1 right: can IPs only be 'got' WHILE one is, say, on/using Ovarit (or whatever site), or can the evils find them historically, e.g. looking through one's past use? Thanks for any clarification.

What the other person said. Unless law enforcement is after you IPs are useless most of the time though since you can't do shit with them and can just reconnect and get a different one.

[–] SlowCollapse 10 points Edited

There's a small risk that an IP could be used to match an account on one site with an account on another.

A data leak (or activist insider) at somewhere like Twitter, Facebook, or LinkedIn could match IP addresses to accounts with real identities - which could then be matched against those obtained from a hack of a controversial site.

It's not solid evidence of a link, as many home IP addresses aren't static (and mobile phone IPs are unlikely to be), and most IP addresses are shared across a whole organisation or household. But since when do vicious activist mobs require solid evidence?...

It depends on the site. I'm not sure what Ovarit's policy is, but the New Zealand fruit farms keep a one-month log of when you logged on and what IP address you logged on from. This is a pretty common policy because it allows administrators to identify sockpuppets and account abuse.

those with evil intent getting hold of the IP you're browsing from and from there IDing you, somehow?

IP addresses can be used as a rough form of geolocation depending on if they are residential or belong to a mobile carrier, and can also be forwarded to the ISP that owns them in an abuse complaint (this is how the RIAA sends people copyright letters)

can the evils find them historically, e.g. looking through one's past use?

It depends on whether or not the Ovarit admins have access logging enabled or not. If a hacker could access those logs, they could theoretically correlate browsing activity to individual users. Even easier would be if there was an admin-only dashboard that showed which IPs a user had used in the past, eg. for detecting sockpuppet accounts

The whole kiwifarms drama led me to downloading and installing Tor browser on my phone. I suppose I could use that while on Ovarit.

I’ve had to use it for Ovarit sometimes, anyway, because some wifi (like in hotels) quietly won’t connect, even though it’s happy to serve you Reddit.

There is also Tor window on Brave...

Brave's Tor Tabs are generally considered less secure than Tor Browser proper and should not be used for sensitive or potentially illegal activity