PDA

View Full Version : IP addresses and blogs



rosehips
05-10-2019, 07:35 AM
Can you trace an IP address on a blog? I need my mc to figure out the physical location of a blogger. Can he do it by tracing the IP address?

Auteur
05-10-2019, 07:58 AM
The system software usually logs visitors' IP addresses, and you can tell the general location of the user from a legitimate IP address.

But if the blogger is doing something nefarious, he's probably using the Tor network, in which case, you can't tell squat from the IP address. It could show the user's location as anywhere in the world.

Jason
05-10-2019, 07:59 AM
Not really - an IP address of a blog just tells which provider or host a blogger is using. For instance if I have a blog that resides at 8.8.8.8 (I don't, that's just the DNS servers for Google, but let's say it was a legit hosting provider), you could perform a lookup of who owns that IP address, but all you'll get is the name of the provider (Godaddy, Host Gator, BlueHost, etc.). Now if the blogger was dumb enough to announce their IP address that their ISP gives them at their house, then you might be able to decipher where they are based on the octets the ISP uses in different parts of the country, but even that is a stretch. The blogger would have to be solely self-hosted, and if they knew how to do that, they'd probably publish through an anonymized IP address to specifically enable some sort of security.

A better option for someone to track down a blogger would be more to look at their social media streams and monitor behaviors (which a lot of stalkers do now - check out their Instagram, Facebook and other "check-ins" people do...I see it all the time, and I just shake my head in dismay.) We reveal so much about ourselves to the world through social media, and I think most people don't even consider the consequences of that sort of stuff. Bloggers in general like attention and go out of their way to get it, so monitoring social media is probably the best way, not by IP addressing. At least, not easily.

That said, there are ways to reverse engineer someone's location by their IP addresses but you really would have to have some serious networking chops, and do some rather invasive digging, as well as engage in some questionable and unethical behavior to do it. So, with that in mind, it's not something I would feel comfortable writing a guide on :)

Another way if you want to see where a blogger is, you also (if they were posting through a mobile device) might be able to triangulate their approximate location over time. To do that you would need to get a court order that allowed you to track their cell phone GPS coordinates and said info was reported to you dutifully by LEA's. Even that gets dicey if you wanna read into the legalese (check out Carpenter v. U.S. (https://www.oyez.org/cases/2017/16-402) if you get a wild hair...:) ) because the Supreme Court ruled recently on this and spoke to who really owns that data about you (it's a question of whether it's you giving consent to the provider, or if the provider owns it, and cooperates with LEA's, and then whether or not if it's considered an invasion of privacy to release that info without informing you as the object the LEA is tracking...a fun read, and I had to brief it for work).

More than I wanted to write, but you hopefully get the idea that it's not really a realistic approach that any tech savvy person would buy into on the base premise for, despite what Hollywood says...

neandermagnon
05-10-2019, 09:37 PM
There are other ways to trace people online, for example if there are geotags on any photos they've taken, or info from within the blog that can narrow it down to a particular place. Basically like Jason says.

Things that might give someone's location away - especially if they do more than one of these things:

Geotags on photos: photos taken on mobile phones sometimes will record the location it's taken in the metadata on the photo. This isn't necessarily removed when you upload it (meaning you can download it and read the metadata). You can change your phone's settings to not do this and you can remove geotags from saved images but a lot of people don't do this, or even realise they're a thing. A geotag on a photo taken in someone's house could lead them to the address. This is quite scary as it's been known for paedophiles to use this to find children in their local area. (Parents are frequently warned about this sort of thing.)

Landmarks in the background of photos: if you can see the London Eye and/or Big Ben in the background, they're in London. Even if you can't immediately recognise the place from a distinctive landmark you can look up online. For example if there's a cathedral in the background you can google cathedrals in different cities and see which one it matches. Look for similar things in other photos and if they all appear to be taken in the same city, with no reference to "we got the train to London and here are the pics" (which obviously means they don't live in London) you can find out what city/town/region they live in.

Giving away info about the place they live: references to events that are specific to a certain town or city, or a district within a city, especially if they've posted it on the day of the event or said what date it occurred. Even if several towns have the same event, they probably won't all have it on that specific day.

Names of pubs or other local places - while you probably have hundreds of pubs with any particular name, if you've already figured out what town/city/general region it is, a pub name may enable you to narrow it down to a specific village or neighourhood within the town/city.

Pictures of children in school uniform: something else parents are frequently warned about. This may not be a thing if your story's set in a country that doesn't do school uniforms, but in the UK, each school has its own uniform. They're not that different in style but specific things like unique colour combinations and school logos can enable you to identify a specific school. A local school has a distinctively coloured uniform. I just google searched schools with this colour uniform and that school was the 3rd search result in the list.

Basically, the more stuff like this there is on the blog then the more you'd be able to narrow down the location with some online research. The less careful they are with their info and photos, the easier it will be.

rosehips
05-11-2019, 04:53 AM
Thank you all, you've really helped me.

Roxxsmom
05-11-2019, 06:35 AM
One thing I love about AW is the way I can learn things from threads, even if it's not something I had an immediate question about.

We definitely live in an age when it's easier to stalk and or track people than it used to be. It opens up so many possibilities for writers, though I also imagine it makes it harder than it once was for people writing certain kinds of fiction where the plot needs someone to hide or be anonymous. or assume a false identity (in a modern, or even harder, a futuristic setting).

Maryn
05-12-2019, 05:08 PM
In the late 1990s and early 2000s, I was a moderator at a chat. Like anything online, we had trolls and troublemakers, and we logged the IP address they used to register and the one(s) they used to connect to chat.

Many were traceable only to a region or area covered by their service provider (i.e., somewhere in the metro NYC area, or in India) or incorrectly traced to the headquarters city of the service provider. This was useless to us in trying to determine if a problem person was creating multiple or new accounts.

But we sometimes had quite surprising accuracy in knowing for sure this was Mister Trouble under a new name. Here are parts of a handout for moderators on tracing ISPs.

ISPs can appear as words (ipt.aol.com), strings of mixed letters and numbers (215-pool1.ras10.msgpt.Baltimore.net), or numerical groupings of 8 to 12 digits separated by three dots. Any ISP that includes letters can be directly associated to an all-number ISP, which is also called the IP (Internet Protocol) address.

All-number ISPs are called IP addresses. The IANA allocates blocks of IP address space to Regional Internet Registries (RIRs). RIRs allocate blocks of IP address space to Local Internet Registries that assign the addresses to End Users.

There are currently (this was in 1997 or so) four Regional Internet Registries:

RIPE NCC (Europe)
Réseaux IP Européens Network Coordination Centre
http://www.ripe.net

ARIN (America)
American Registry for Internet Numbers
http://www.arin.net

APNIC (Asia and the Pacific)
Asia Pacific Network Information Centre
http://www.apnic.net

LACNIC (Latin America and Caribbean)
Latin American and Caribbean IP address Regional Registry
http://lacnic.net

At each of these registries, anyone can type an ISP number into a search or who-is box and receive information about what internet provider (IP) that number is allocated to. The range of numbers given to the IP is shown. Example: you type in 12.249.136.191, and ARIN tells you that 12.0.0.0 through 12.255.255.255 are assigned to AT&T WorldNet.

Often the search stops there, at some big company like AT&T, MSN, Yahoo!, or AOL with so many users all over the world that further tracing isn’t possible without additional programs.

Sometimes your trace leads you to more: a small IP with few customers and therefore a small numerical range assigned. You’d want to search our registration lists for anything with the same first two groups of digits, then look very closely at any matches you find, and watch for new registrations from that ISP.

On lucky days, moderator searches based on ISPs have led to a place of business and a real name (redacted), a specific internet cafe (redacted), or even an address (redacted).

It was not unusual at the chat for a person who was trolling to be traceable to a university department or building, or a specific department or division in a place of business, using their work computer on company time. More than once I was able to identify the person by name and exact location. Other times, all we could determine was that the person connected from New England or Wales.

So depending on what your story needs, maybe this will be of some use.

Margrave86
05-12-2019, 05:51 PM
I just set up my own website, so I have a bit of insight:

There's an IP address, which is the cluster of 8-bit integers, and then there's the DNS, which is a giant table that correlates IP addresses to human-readable website addresses such as "https://absolutewrite.com". All DNS's are legally required by ICANN to be registered under a real person's name and address, so if your antagonist was dumb enough to register the website address under his or her real address, then the protagonist could simply use ICANN's WHOIS search to look them up. Even if they use a shell company or something, it's the start of a paper trail. That said, there are organizations (and even some DNS services) that put their own contact information into the ICANN database instead, to protect their owners' privacy.

Of course, that all depends on the antagonist owning their own website. If they're using a social media site like LiveJournal, then their IP address has nothing to do with it. They post updates to the website's central servers, and then the reader downloads it from the servers. There's no peer-to-peer contact whatsoever.

rosehips
05-17-2019, 04:44 PM
I just set up my own website, so I have a bit of insight:

There's an IP address, which is the cluster of 8-bit integers, and then there's the DNS, which is a giant table that correlates IP addresses to human-readable website addresses such as "https://absolutewrite.com". All DNS's are legally required by ICANN to be registered under a real person's name and address, so if your antagonist was dumb enough to register the website address under his or her real address, then the protagonist could simply use ICANN's WHOIS search to look them up. Even if they use a shell company or something, it's the start of a paper trail. That said, there are organizations (and even some DNS services) that put their own contact information into the ICANN database instead, to protect their owners' privacy.

Of course, that all depends on the antagonist owning their own website. If they're using a social media site like LiveJournal, then their IP address has nothing to do with it. They post updates to the website's central servers, and then the reader downloads it from the servers. There's no peer-to-peer contact whatsoever.

Thanks, I'm going to use a bit of this, too!