Question: Can I be identified by my IP address? Greg Newman <[email protected]> asks, "I have noticed a number of Web sites that display my IP address. As a member of CompuServe, can people use this address to identify me and add me to their mailing lists either directly using the IP address, or indirectly by asking CompuServe to identify the user of that IP address?"
Answer: The answer is "probably not." Here’s why. Every computer connected to the Internet, whether permanently or for just minutes or hours via a modem, has an IP number. Computers that are permanently connected to the Internet generally have "static" IP numbers, meaning they have the same IP number all the time. For example, www.netbits.net uses the static IP number 18.104.22.168.
Temporary dialup connections, such as an individual’s Internet connection through an ISP, use "dynamic" IP numbers. Each time you connect to the Internet, your computer is assigned a different IP number from a pool. For instance, I just looked at our Web server log and noticed this machine connecting: 1cust63.max19.philadelphia.pa.ms.uu.net, which is equivalent to the IP number 22.214.171.124. That IP number undoubtedly points to a specific individual. But, not only do I have no way of finding out who that person is, it would almost certainly be someone else were I to see it again.
Of course, the fact that I can’t do something doesn’t mean that it isn’t possible. The machine name has uu.net in it, which identifies the dialup connection as one run by UUNet, an ISP and network service company that rents its dial-up modem pool to other ISPs. With this knowledge, I could go to UUNet and tell them that I needed to know exactly who was using that IP number at 10:40 PST on 10-Dec-97. They would probably tell me to go jump in a lake. If I returned from my dip with police officers and a subpoena, assuming there was some seriously nefarious activity going on, they would provide the information I wanted by consulting their logs, which associate ISPs, accounts, modem phone numbers, and dynamic IP addresses.
However, without a court order, there’s no easy way to find out the connection between your email address and your computer’s IP number. Although the connection might exist somewhere, as in the above example, the mere fact that it exists doesn’t mean that anyone can automatically retrieve it. Since you’re using a CompuServe dialup account, it’s likely you have a dynamic IP number. That makes you pretty much untraceable.
All that said, there are other ways people can find your email address and add it to mailing lists. Most of them are relatively obvious (you post to a mailing list or a Usenet newsgroup or fill in a form on a Web site, for instance). There’s an insidious tendency for spammers to "spider" a Web site – to follow all links and analyze the pages retrieved – to suck out email addresses. Some folks defeat this technique by not putting their email address in a computer-readable form on their site, but instead explaining in a sentence how to reach them. (A spider would know <[email protected]> is an email address, but the phrase "put bilbo@ together with baggins.net to send me email" is only human readable.) There’s also a program called wpoison that generates an infinitely recursive series of fake email addresses and links, which gives spammers undeliverable addresses, but may trap their spider in your site.
If you enter your correct email address in your Web browser preferences, unethical sites can try to force your browser to send email from your machine without your knowledge. They use the incoming email sent to them to capture your address. Sometimes your browser can pick up your email address from other system preferences, so you may not even know that it’s available in this way. If your browser can send email, be sure you’ve enabled any security preferences that alert you whenever the browser tries to send a form via email; if this is unchecked, a site can still hijack your address.
If you don’t use your Web browser for email, you could consider setting your email address to a secondary or a fake address, which would solve any such problem. [ACE]