Previously I suggested not letting children receive email from Gmail because they hide the source IP address making it easier for bad guys to hide. In contrast, the free webmail services from Yahoo and Hotmail do not hide the source IP address.
In response, Google pointed me to an item at the Gmail help center called Harassment from a Gmail user. Below is what Google has to say regarding harassing emails from a Gmail user.
"... if you feel that you are in danger, we suggest contacting your local authorities.
Because message headers and senders can be spoofed using a variety of means, we're unable to take action on any user without further verification. In accordance with state and federal law, it is Google's policy only to provide information about a specific Gmail user pursuant to a valid third party subpoena or other appropriate legal process.
We apologize for any inconvenience, and we're sorry that you're receiving such messages."
Google won't take complaints directly from harassment victims and they omit contact information for law enforcement agencies. Not particularly comforting.
Judge for yourself, but I think this validates my prior suggestion not to let children receive email from Gmail users. The source IP address can not directly identify someone, (for more about this see What does your IP address say about you?) but victims of harassment are far better off with it than without it.
See a summary of all my Defensive Computing postings.
When it comes to the question of whether an IP address is personal or not, Google seems to swing both ways.
In February, Google software engineer Alma Whitten wrote Are IP addresses personal? on the Google Public Policy blog. In the posting she said "... in most cases, an IP address without additional information cannot [identify you]."
But someone commenting on the posting pointed out that Gmail goes out of its way to hide the IP address of the sender of a Gmail-originated message. The item User IP addresses from the Gmail help says:
"Protecting our users' privacy is something we take very seriously. Personal information, including someone's exact location, can be gathered from someone's IP address, so Gmail doesn't reveal this information in outgoing mail headers. This prevents recipients from being able to track our users, or uncover what may be potentially sensitive personal information."
I verified this by examining the headers of a Gmail-originated message. The source IP address was 74.125.46.31 which, according to ip-adress.com is Google in Mountain View, California. In other places the email header identified the source computer as yw-out-2324.google.com. Nothing pointed to the actual IP address of the sender.
As someone pointed out, this anonymity makes Gmail a haven for bad guys. Anyone interested in sending threatening email messages or perhaps inappropriate messages to children, can hide behind Gmail.
If I was the parent of a small child, I wouldn't want them to receive any email from Gmail. Period.
Earthlink, my ISP, does let their customers define spam filters that can reject all messages from a domain such as gmail.com or google.com.
Yahoo Mail does not hide the originating IP address. If and when I do, I'll update this posting.
Someone I know in New York City recently said they were going on a trip to Switzerland. After a few days, they sent a Yahoo email message claiming to be from Switzerland. I had no reason to doubt them, but just for fun, I looked into the email header, got the source IP address and ran it through the services I wrote about last time. Sure enough, the message came from Switzerland.
I didn't test if Hotmail hides the true source IP address. If and when I do, I'll update this posting.
Update. September 16, 2008: According to Leo Notenboom Hotmail is inconsistent when it comes to including the source IP address, sometimes it does, sometimes it doesn't. He was nice enough to test it again today (thanks Leo) and reported that the true source IP address did appear in the email header of a message that originated from Hotmail.
Update. September 16, 2008: For more on this topic, see Harassment from a Gmail user.
See a summary of all my Defensive Computing postings.
Last week Google announced that they were protecting user privacy (their words not mine) by modifying IP addresses in their activity logs after 9 months. Fellow CNET blogger Chris Soghoian felt this was a sham because it ignored cookies, but it brings up an interesting point, just what does your IP address say about you? Or, in other words, does your IP address point to you?
In some ways, an IP address does identify you or else there would be no need for Google to "anonymize IP addresses" in order to "address regulatory concerns" (again, their words not mine).
What's an IP address?
Every computer on a network has a unique number. On networks such as the Internet that use the TCP/IP protocol stack (which is most networks nowadays), the unique number is called an IP address. When computers on a TCP/IP network talk to each other, they address themselves by IP address.
To techies, IP addresses are 32 bit binary numbers, but to normal people they consist of four decimal numbers, each between zero and 255, separated by periods. As I write this, the IP address for the cnet.com website is 216.239.122.102. For more on IP addresses see my posting OpenDNS provides added safety for free from December of last year.
In the old days, individual computers on the Internet were directly addressable by their IP address, but now it is much more common for a router to have an IP address and for the router to act as the front man for bunch of computers on a Local Area Network.
In this scenario, the only thing that directly connects to the outside world is the router, each individual computer on the LAN goes through the router to get to the Internet. Thus, a single IP address, assigned to the router, is shared by many computers. And that means, there is no way for the outside world to identify one computer on the LAN from another. The outside world only communicates with the router.
Some people gladly share their wireless network with their neighbors. If a bad guy gets on to your wireless network and does something illegal, law enforcement may knock on your door. To the outside world, the bad guy seems to be you. All the computers on the LAN have the same public IP address, that of the router.
This brings up two points:
- Yes, law enforcement officials can trace your IP address back to your exact physical address
- What IP addresses are being used on the LAN?
To answer the second question, there are three groups of IP addresses that have been reserved for internal use only. That is, the TCP/IP rules state that these IP addresses will never be used on the public Internet. They are referred to as private IP addresses.
The most common private IP group starts with 192.168.x.x. So, for example, there can be millions of computers accessing the Internet, each using an IP address of 192.168.1.2. But, because each resides on a different Local Area Network there are no conflicts. Another group of private IP addresses starts with 10.x.x.x and the third starts with 172.x.x.x.
Your operating system deals with private IP addresses as does your router. When data moves between a Local Area Network and the Internet, the router serves as a translator between the IP addressing scheme on the inside (LAN) and the outside (Internet).* On a Windows computer, the command "ipconfig" will display the private IP address.
View From The Outside
Since all communication on the Internet (or any TCP/IP based network) is from an IP address to an IP address, every website that you visit knows the public IP address of your router. None of them know the private IP address of your computer.
Many websites will display your public IP address, my favorite is www.ipchicken.com (see above) because it also displays the name of your computer (purposely omitted from the screen shot). I find the computer name very handy for identifying the Internet Service Provider (ISP) connecting the computer to the Internet. Some sample computer names are shown below, the numbers in the name are typically the public IP address:
- adsl-99-99-99-99.sip.asm.bellsouth.net
- c-99-99-99-99.hsd1.nj.comcast.net
- ppp-99-99-99-99.dsl.hstntx.swbell.net
- user-99xxxxx.cable.mindspring.com
- 99-99-99-99.static.reno.nv.charter.com
- static-99-99-99-99-primus-india.net
- adsl-99-99-99-99.dsl.sfldmi.sbcglobal.net
Where Is An IP Address
Just as websites know your public IP address, so too, you know theirs.
Previously, I wrote about Flagfox, a Firefox extension that takes the public IP address of the website you are visiting, looks it up in a table to learn the country it is in and displays the flag for the country. This can be useful in insuring you are actually at the website you think you are.
There are a number of websites that, given an IP address, will tell you not only the country, but also the city where that IP address resides. I have found them to be hit or miss when it comes to pinpointing the city, but they always seem to be accurate in identifying the country and the ISP.
- Geotool is the service used by Flagfox.
- The good stuff at ip-adress.com requires your clicking on the small text at the bottom of the page.
- The other sites auto-detect your current IP address, but at IP2Location you have to provide the IP address.
- Geobytes seems to be least accurate, but in fairness, I haven't done detailed testing.
Currently I am in New York City. Geobytes says I am in Newburgh, New York and IP2Location says I am in Atlanta, Georgia. Geotools and ip-adress.com got it right.
This may be the best that normal people can do in terms of tracking an IP address to a physical location, but your ISP certainly knows where you are. Your public IP address is one that is assigned, technically, to your ISP rather than to you. Only your ISP knows which of their assigned IP addresses they assigned to you and when you were using it. Businesses often have a permanent IP address while consumers can get a different IP address every day.
The good news is that ISPs keep this information to themselves, normally. In some circumstances, however, they will tell law enforcement agencies the exact physical location associated with an IP address.
This cuts both ways. If, for example, a fellow customer of your ISP did something horribly bad and illegal last week while using IP address 1.2.3.4 (for example) then when law enforcement officials see that you have that address today, they won't think you're the bad guy. Your ISP would know that IP address 1.2.3.4 was given out to someone else last week.
Note again that nothing points to an individual computer on the LAN. Even your ISP is only aware of your router. And speaking of your router, be sure to change the default password.
For more about tracing an IP address see The Myth and the Truth of the IP Address Tracing by Leo Notenboom.
Update: September 16, 2008. For more on the issue of whether IP addresses are personal or not, see my next posting Don't let children receive email messages from Gmail.
*If you have a single computer directly connected to the Internet without a router, then the IP address the operating system knows about is the public IP address.
See a summary of all my Defensive Computing postings.
Warning of a new scam targeting non-profits comes from Alex Eckelberry of Sunbelt Software, the company behind the anti-Spyware program CounterSpy.
The scam starts out with an email message that seems to be from Barbara Moratek Vice President, Director of Grant Programs at Ivete Foundation. The come-on in the body of the message is:
"Would you have additional information for prospective donors or volunteers other than what is on your website? Thank you in advance."
I've said before, you can never trust the FROM address of an email message. According to the email header from one of the messages, it originated in Brazil, in the city of Curitiba from a computer with a name of virtua-cwbas189-4-7-26ctb.virtua.com.br.
But, there is a new twist to this scam, the bad guys have set up traps for someone doing a Google search for "Barbara Moratek". Alex provides a screen shot of this Google search from Thursday January 10th showing "... a bunch of links pushing fake codec Trojans and other junk sites (many on Blogger)." So, the process of checking whether the email is legitimate can result in your computer getting infested with malicious software. Fortunately this scam has gotten enough attention that the top links on Google are now warnings about Barbara Moratek.
Yet another wrinkle to this scam is that the malicious web pages Google offered up were from sites that are not obviously suspicious. For example, Digg and Lycos both served up phony Barbara Moratek web pages as did Blogspot and Celebrity-pictures-gossip.com. User contributed content has to always be consumed with a grain of salt.
One thing strikes me as inexcusable. The alert about this first went up on January 10th, Brian Krebs picked up on it and wrote about it at WashingtonPost.com on the 11th. Both the Sunbelt blog and Brian's Security Fix column are well known and popular, which begs the question:
Why are there still malicious Barbara Moratek web pages showing up in Google?
As I write this on January 13th, three of the scam Barbara Moratek pages still show up on the first page of search results at Google. Is anyone minding the store? Yahoo's search is clean, the first two pages of results of a search for "Barbara Moratek" turn up nothing but warnings about the scam. No actual malicious pages are shown. Google should do better, it can't be a big deal for them to remove known malicious web pages from their database.
For more on deciding whether an email message is on the level see a couple earlier postings of mine:
-- Defending against a phishing email message October 27, 2007
-- Is that e-mail message legit? How a computer nerd analyzes it November 11, 2007
Always be skeptical on the Internet.
Update: You can report a web site that you suspect contains malicious software to Google at google.com/safebrowsing/report_badware/. The trailing slash is required. January 14, 2008.
See a summary of all my Defensive Computing postings.
- prev
- 1
- next
