I'm a little confused

Started by stiffman2, December 26, 2013, 07:53:31 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

BC_Programmer

Quote from: MichaelNyby on May 10, 2022, 01:08:22 AM
Let us take the last first. Some folks most definitely have IP addresses that do not change.

Having an IP Address that does not change requires expensive business accounts with your ISP. Typically, you need to pay extra fore the static assignment as well.

QuoteNow, are you trying to state here that they just don't count? There are too few of them/us to have any concerns so, "Oh your IP address will change, so no need to worry." is a rightful piece of information to display on a site that is supposed to be providing expert advice to Net Citizens. I simply don't get that. Most folks don't have static addresses, so those that do just ain't worth any effort to even think about? I mean, really, what in the heck is that telling us? The majority counts on the Net, and to heck with you who aren't in the majority.

The "most IPs change periodically." is likely there to explain why the IP Address, which you can see for your own posts, might change. I don't think that is a CH thing; I think it's just a SMF (the forum software) thing.

Quote

Then we go back to the first paragraph and ... What in the heck!?

That IP address provides more information than would otherwise be available if it weren't known. That is a fact! Why in the heck's name would you want to be downplaying that!?
Only you can see your own IP Address. The IP address is logged in the database I assume. An IP Address is absolutely 100% required to use the web. If the forum didn't know your IP address it wouldn't be able to send you HTTP data.

Every single website you connect to "knows" your IP Address. And so do other sites, just by virtue of things like images or other data being loaded from them. Pretty much everything you do on the Internet requires your IP Address in order to function. the idea that it's some sort of identifying information that should be guarded carefully is silly simply because of how pervasive it has to be. There's no reason for a forum site like this one to go publishing users IP Addresses on their posts of course, but it is pretty easy to figure out a persons IP Address.

For example: I could upload an image on my website and send you a PM with that image in it.

Simply by opening your PMs, the image would load. That would connect to my website to get the image and... drumroll please... I would know your IP address (or at least the IP address you are using the access the Internet at that time). That is how "private" it is. I could do that for any member of the forum. The image doesn't even need to be visible. could be say a 1x1 transparent gif or something, embedded as some otherwise normal message.

I could do the same in this forum post- and by so doing I would know (or be able to know, if I wanted) the IP address of every single person that viewed my post.

However, it's not particularly useful information. Aside from being something that could be used to try to IP-ban a visitor from a site or service, the only realistic usage for having somebody's IP Address is trying to gain illicit access to their network which is both illegal and not particularly interesting (To me, anyway).

Of course, for something like Law enforcement, it is possible to contact the relevant ISP and with the appropriate warrants and such find out who the associated subscriber for an IP Address was for a particular time; the ISP, of course, knows which subscriber used which IP Address. But that information is not public, and the association between the non-private IP Address and the private subscriber information requires legal intervention to actually get. Even at that point it doesn't directly indicate some activity on the IP Address was done by the subscriber, as any number of people can access internet through the same connection through a NAT (Router).




I was trying to dereference Null Pointers before it was cool.

MichaelNyby

It is good that you have gone to so much trouble to explain all those things you did about an IP address, BUT it does not explain your loose attitude about security.

Your first post on this subject I raised about the IP address started with the quote below I am doing from that post:

QuoteThe idea that IP Addresses are a form of identifying information is a piece of misinformation ...

That is just plain hogwash! Somebody who knows your IP address knows more about you than if they did not know your IP address. It can very well be the first step in a security breach.

And my civic duty here in this Online Community is to make sure that the new people on this Internet do not see all those designations of a "Thank you" under your avatar and see that "Programmer" in your account ID and fall victim to your extremely loose attitude about security.

Plain and simple, a civic duty. That's all.

And why you want to set aside the thousands of people who DO have static IP addresses, as if they are just manure out in the farmer's field; - - - well, that's your business. I haven't a clue what you have against the people who have static IP addresses, but it is clear you have some sort of chip on your shoulder on that topic. Too bad for you. Not for me.

I've done my civic duty here to help the new folks on the Net to understand that the IP address is a possible security breach, if the wrong person knows what it is.

Sure, there are all sorts of ways somebody could find out what your IP address is, but that was not the point of my first post on this particular topic. And it is not the point now. The point is that somebody that knows your IP address knows more than they should about you, IF they are bad people.

It is very commendable that the writer of the code for the software of this forum platform wrote the code in such a way that the administration here has that tool so your IP address is hidden, but that popup you see is full of hogwash. BC_Programmer is defending that language used in that popup for reasons only BC_Programmer knows, but I would suggest you go get a third opinion, if you doubt either of us. Go use Google or Bing and enter "IP address""security" and see what the results are.

Now I have done my civic duty and I am washing my hands of this matter. Sayonara.