"Your IP address has been recorded to prevent fraud"

Just got this message when ordering a delivery from a small business. What does it mean? Should I avoid online ordering when I see this message? Is it happening all the time and I’m just not being alerted?

It’s meaningless. Your IP address is recorded by every website you visit, in the server logs.

I haven’t encountered that specific warning too much but it doesn’t matter because your IP address gets logged all over the place anyway. It is a standard piece of information in the computer world. IP stands for “Internet Protocol” (the real full name is Transmission Control Protocol/Internet Protocol or TCP/IP) although it used for a whole lot more things than internet or web transmissions these days (even things like elevators or industrial equipment often have IP addresses even if they only talk to a completely segregated controller).

I wouldn’t worry about it much because there isn’t anything you can do about it unless you burn all your computing devices and never use another one again. Even the SDMB tracks IP addresses to help identify sock accounts (two or more accounts coming from the same IP address are a tipoff that someone may be engaging in that transgression).

IP addresses aren’t usually personally identifiable for common consumer accounts. The most common type is handed out dynamically when you restart your computer or router and can change. They can generally indicate the general geographical area (usually to the town level) where the device is communicating from but that is about it. That is probably what this small business wants to warn about. It could be used as a clue in case of fraudulent orders.

You can check to see what this tool can tell about you based on your current IP address (legit).

https://whatismyipaddress.com/

Except [URL=“http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/”]when it doesn’t](https://whatismyipaddress.com/).

(I just checked with https://whatismyipaddress.com/--it was only one state off from the correct one, so there is that level of accuracy.)

I heard about the Kansas case you linked before and that is very unfortunate for the people affected. My own IP address doesn’t even list the right town in the identification tools but it is only a mile or two off because I live close to a border. I assume the neighboring town is where the closest core switches are.

That type of problem is what happens when you try to use fuzzy and flawed data for something it was never designed to be used for. All they can do is take a best guess based on the data available. It usually works to some degree but there are many ways to completely fool it intentionally or just because of inherent network design.

Sites that I access through my work computer assume that I am several hundred miles from where I really am because we have dedicated network lines to corporate headquarters where the IP routing flows through. I know way more than I should about places I will never go because website ad servers took a location guess for me and missed badly because of misleading IP data. No, I don’t want to meet women that are 300 miles away thank you very much and I don’t really believe that they are that interested.

Don’t sell yourself short :wink:

The delivery was a gift for a person in another state, so maybe that was why they took the trouble to “warn” me–in case I really was a fraudster, maybe I’d be scared off by what turns out to be common knowledge.

This is certainly not true with me and time warner (now spectrum). I have some scripts setup to monitor my network connection. I generally have the same IP address for for a couple of years.

It is still probably dynamic (DHCP) and not a true static IP address (the latter generally costs more). Just because you tend to get the same one every time doesn’t mean that it can’t change, just that you probably haven’t left your equipment off long enough to exceed the timeout period set on your provider’s routers.

If you wanted to try an experiment, turn off your router and computer the next time you go away for a few days. It is very likely that your IP address will exceed the IP address timeout period at the provider end, be released back into the general pool and get picked up by someone else. You will get a new one the next time you fire it back up.

While the general what’s my IP sites will only resolve down to maybe a town, your ISP will keep a log of what IP you were assigned when for an indeterminate amount of time.

It will take a subpoena to get that info from the ISP but for a sufficient level of fraudulent activity lawyers will rain subpoenas like a Wall Street ticker tape parade.

Summary.
The vendor has your IP and a time stamp of when you did what. Your ISP has a log of who had what IP when. Lawyers will lawyer and you can find yourself with your very own subpoena.

So it IS possible to detect fraud–by a dumb fraudster anyway–through these common practices. Right? A smart one would change IP addresses and maybe use public computers.

Yes. But it’s not as simple as “I have your IP and I’m going to prosecute you.” It’s also not likely to be cost effective for small scale stuff. And using public hotspots (Starbucks) makes it much more difficult.

It’s something businesses say in the hope that technologically unfamiliar people planning a prank or rip-off will be scared off. It’s meaningless at any pragmatic level, in the context of a minor retail order.

The OP doesn’t tell us much about the order or the business but IP addresses are sometimes screened to indicate fraud, as Shagnasty mentions. In another case, I used to work for a company that did a lot of credit card transactions online and we started denying orders from any IP address in Indonesia because there was so much fraud originating from there. I do work for the federal government right including an identity management system for public-facing systems and when multiple accounts are opened by the same IP address it is a fraud indicator (this type of account is limited to one per person).

“Your IP address has been recorded to prevent fraud” is benign. Should you avoid ordering online? No. Not unless you want to get off the grid and avoid doing *anything *online.

I am sure I have a dynamic address. My point is that IP addresses in the current paradigm of always on home internet connections generally do a very good job of picking out a specific household.

I wish my address was off by a town or two. Right now the Lat/Lon associated with my IP address is correct to the lot. At least they don’t have the exact room my computer is in…

just as a point of reference … used to be, there was difference between dsl and cable connection. cable connection provided a “static” (never changed) ip address … whereas, dsl offered a “dynamic” address (always changing). no idea if this is current directive or not.

A guaranteed static public IP address is something you need to pay for regardless of what kind of service you have. That has been true for a long time, even before the wide availability of broadband internet for consumers.

Think of an IP address as a parking space. Those spaces are owned by a business and they control who is allowed to park in them. Generally they are first-come, first-served. You might always park in the same spot every day but sometimes there is somebody else who parked there first and if so then you’ll park somewhere else.

You can have a static IP address just like having a reserved parking space, but you pay for it. Usually you don’t need a static address unless you are a business, because you need some justification for that cost. And most people won’t ever need one.

Lawyers know that IP addresses can only be mapped to home networks in general, or at best individual computers. Not people. The fact that your home’s (or computer’s) IP address was caught doing something illegal, does not mean that you did something illegal.

Getting to be a tangent here but you could make the same argument about cars, but some jurisdictions hold a car’s owner responsible if there is a camera ticket, regardless of who was actually driving. I have a friend whose son used BitTorrent to download some movies and my friend receiving a threatening letter from the company who owned the copyright on the movies. They settled out of court but I don’t know what proof would have been offered if the case had gone to court. I don’t know if the ISP was monitoring traffic, or just how that worked, but they were going after the owner of the account, not seeking to find out who was the actual individual with his hands on the keyboard.

Sure, but it’s like getting the license plate number for your car on video after a hit and run. Were you the guy behind the wheel? Maybe not, but once they’ve got your identity it’s a lot easier to work the case to establish that it was in fact you that were behind the wheel.