Question About ISP Addresses

Factual Questions
1

My friend and I were talking about this, and we know nothing, so I said I would ask here.

In a nutshell, she is interested in a guy who has a blog. She has anti-spyware software on her computer, from which she knows that his blog collects cookies. Thus, when she has the urge to check his blog to see if he mentions her, or anything else interesting, she tries to use the library computer.

Is this really necessary? What does it mean that he collects cookies? Does every particular computer have an ISP address? If she deletes all cookies, does that erase it? She has DSL, does that mean that every time she logs on, she has a different ISP address? Does it make a difference if she goes from her Yahoo account or a school one? Does the ISP address show a string of numbers, her e-mail address, her name, or what?

In short, how obvious is it to him that she is keeping an eye on what he’s up to?

2

First off, I don’t think it’s ever appropriate to say that a website ‘collects cookies’. A website sends out cookies, and asks the browsers that visit the site to keep them. Based on privacy settings, the browser can either keep the cookie and send it back to the website with every page request until it expires, or reject it, in which case, presumably, the website will keep offering a different cookie every time and the browser will continue to throw every one away. A cookie generally contains some kind of identifying information the website is trying to use to keep track of you. If you have your website set up to throw away (or ‘block’) the cookies, it means you aren’t sending any of those cookies back to the website, so if it’s relying only on cookies, it will think you’re a new visitor each time.

Cookies have nothing to do with IP addresses… a website can always tell (if it’s been programmed to keep track of the information) what IP address the request has come from… that’s a part of the way the internet works. You can try to use a proxy server to camoflage yourself, but you have to send SOME address to the website along with your request for whatever page.

An IP address is a number that, among other things, refers to one particular ‘location’ in cyberspace - one bit of the internet. Computers that are always on the internet… webservers and home computers with broadband for instance, always have an IP address, which can change weekly, yearly, or not at all. People who use dial-up generally get a new IP address assigned from their local ISP stations address pool every time they dial in. I thought that DSL was like other broadband connections in that it was always on, but if your friend has to log in, maybe she’s getting a dynamic address.
Getting a new IP address does not mean squat about your computer’s collection of cookies… if the cookies have been accepted to be sent back to websites, the website will still be able to tell that it’s the same computer from the cookie, even though the address is different.

An IP address is a string of numbers seperated by dots… like 34.156.77.3 There are certain databases that can be used to help track down information about an IP address… who owns control of it and what they use it for, basically. A cookie, on the other hand, can only have information in it that the website puts into it. It won’t hold your name or email address unless you type those into the site, for instance. But it may hold your usage habits at the site, for instance, or it may just have an ID number that corresponds to a file in a database at the website that contains all the info the website has been able to find out about you so far.
If your friend really doesn’t want this guy to know she’s been looking at his blog, I’d advise that she should block cookies as often as possible, and not go there from any machine that can be physically linked to her. That’s getting a little paranoid though.

Hope this info helps.

3

Warning! Your computer is broadcasting an IP address!

Heh, heh. I’ve been wanting to say that for ages, now.

Seriously, though. Every computer connected to the Internet has an Internet Protocol, or IP, address. (An ISP is an Internet Service Provider.) An IP address is analogous to the street address of your house, with some caveats. See below.

Depending on this person’s blog, they may or may not have access to the logs which record who visits their site. If it’s something cheap or free, or if the person is not very technically inclined, it’s likely that the logs are ignored or unaccessible, in which case there’s not much need to worry. However, it can generally be expected that every visit to any site is recorded somewhere, mostly in the line of “IP address 12.34.56.78 requested foo and bar”. It is a little less trivial to associate a specific IP address with a specific person. (See the caveats below, mentioned above.)

Cookies can simplify this issue. They’re an identifying piece of data placed on the user’s computer that allow the website to track visits. For example, the Straight Dope places a cookie on your computer which allows it to remember who you are and if you’ve already logged in, so you don’t have to login every time you return to the site. However, even if you have your computer set to reject cookies, the Straight Dope’s server logs will still have a record of your visit.

Now, IP addresses aren’t necessarily set in stone. Static IP addresses are just that - static, and unchanging - and so the address 12.34.56.78 will always be the same computer. Dynamic addresses are much more common. An example would be an AOL user dialing into AOL. When they’re connected, they are dynamically assigned an IP address for their session. This address may be different each time they reconnect. However (even more caveats!) this isn’t guaranteed anonyminity – someone who uses dynamic addresses from the same provider will always get an address from that provider, so a pattern can be seen there if is someone from, say, AOL coming to the website repeatedly. If they needed to actually find out who that user was, they’d have to contact the adminstrators of AOL to get them to reveal who the actual user was behind that dynamic address.

Now, all of that being said, to answer the actual questions that you had:[list][li]Is all of this really necessary? It depends. Probably not.[]What does it mean that he collects cookies? It means that his website tries to track users. This is not necessarily bad or evil! See the Straight Dope example above. Many cookies are completely innocuous and give no personally-identifiable information. It’s also possible that his website itself is not setting a cookie, but rather an advertising banner on the page.[]Does every particular computer have an ISP address? Yes, see above.[]If she deletes all cookies, does that erase it? That deletes the cookies but it does not erase the IP address.[]She has DSL, does that mean that every time she logs on, she has a different ISP address? I don’t know enough about her situation to answer that question specifically, but see above regarding static and dynamic addresses.*Does it make a difference if she goes from her Yahoo account or a school one?Does she connect to the Internet the same way for both? It sounds like her DSL connection is the only way she connects, so her Yahoo or school email accounts would likely be irrelevant.[]*Does the ISP address show a string of numbers, her e-mail address, her name, or what?*An IP address is just a string of numbers separated by dots, like the 12.34.56.78 example above.[/li]
Now, I skimmed a lot and simplified some others, so there’s a lot for other people to clarify or expand upon. And I didn’t really answer your question of whether she’s overly paranoid or not, but that’s something that really depends on the circumstances.

4

Cookies are used to maintain “state” on a website, which means the server can link a bunch of queries together as coming from the same visitor for the purpose of things like logins, shopping carts, etc. Many servers set a cookie containing a session ID as a matter of course, so it may be that the creator of the blog is not even intentionally setting a cookie, just that his server software is set up to track sessions.

Even without cookies and sessions, the blog’s server is logging the IP address of every query it gets, so your friend’s visits are tracked and recorded. Whether he bothers to check these logs and whether he bothers to look up the IP addresses to see who they might be is another matter.

Every computer on the Internet has an IP address (except in very rare exceptions where a non-TCP/IP network is hidden behind a proxy). When your friend connects to her ISP (internet service provider) her DSL router is assigned an IP (internet protocol) address which is usually represented by four numbers like 111.222.333.444. It’s likely she has a dynamic IP which means she’s assigned a new one every time she connects, but that can be a relatively infrequent change for always-on connections like DSL.

If the blogger knows her, he could probably find a way to learn her IP address (or at least the range which her ISP typically assigns). The IP is often included in email headers, etc. Once he knows her IP, it would be trivial to check his server logs to see when she visits from her home computer whether or not cookies are involved.

5

Umm, try something like “111.222.133.244” as an example next time. It’s hard to count past 255 with 8 bits.

6

You’re right as usual, blunder on my part. I was just typing digits to make the octets clear and ended up deleting a long-winded pointless explanation of IP address structure on preview.

7

Oh, come on. Yes, her personal information is stored somewhere - but if this is just some dude with a LiveJournal somewhere, there’s no risk of it because he doesn’t have access to that information. Heck, even if he’s serving it from his house, there’s still zero risk because I guarantee he won’t pore over his server logs enough to notice that one particular range of IP addresses seems to access it a lot, especially since your friend’s provider is probably also the provider for other folks who know him. So her IP address may not be distinct from those of any number of other folks who know him.

She doesn’t need to worry, unless he’s both far more technically adept than anyone who normally attracts female attention, and paranoid enough to monitor every access to his blog.