ip addresses – Techdirt (original) (raw)
Top EU Court Says There’s No Right To Online Anonymity, Because Copyright Is More Important
from the copyright-exceptionalism dept
A year ago, Walled Culture wrote about an extremely important case that was being considered by the Court of Justice of the European Union (CJEU), the EU’s top court. The central question was whether the judges considered that copyright was more important than privacy. The bad news is that the CJEU has just decided that it is:
The Court, sitting as the Full Court, holds that the general and indiscriminate retention of IP addresses does not necessarily constitute a serious interference with fundamental rights.
IP addresses refer to the identifying Internet number assigned to a user’s system when it is online. That may change each time someone uses the Internet, but if Internet Service Providers are required by law to retain information about who was assigned a particular address at a given time, then it is possible to carry out routine surveillance of people’s online activities. The CJEU has decided this is acceptable:
EU law does not preclude national legislation authorising the competent public authority, for the sole purpose of identifying the person suspected of having committed a criminal offence, to access the civil identity data associated with an IP address
The key problem is that copyright infringement by a private individual is regarded by the court as something so serious that it negates the right to privacy. It’s a sign of the twisted values that copyright has succeeded on imposing on many legal systems. It equates the mere copying of a digital file with serious crimes that merit a prison sentence, an evident absurdity.
As one of the groups that brought the original case, La Quadrature du Net, writes, this latest decision also has serious negative consequences for human rights in the EU:
Whereas in 2020, the CJEU considered that the retention of IP addresses constituted a serious interference with fundamental rights and that they could only be accessed, together with the civil identity of the Internet user, for the purpose of fighting serious crime or safeguarding national security, this is no longer true. The CJEU has reversed its reasoning: it now considers that the retention of IP addresses is, by default, no longer a serious interference with fundamental rights, and that it is only in certain cases that such access constitutes a serious interference that must be safeguarded with appropriate protection measures.
As a result, La Quadrature du Net says:
While in 2020 [the CJEU] stated that there was a right to online anonymity enshrined in the ePrivacy Directive, it is now abandoning it. Unfortunately, by giving the police broad access to the civil identity associated with an IP address and to the content of a communication, it puts a de facto end to online anonymity.
This is a good example of how copyright’s continuing obsession with ownership and control of digital material is warping the entire legal system in the EU. What was supposed to be simply a fair way of rewarding creators has resulted in a monstrous system of routine government surveillance carried out on hundreds of millions of innocent people just in case they copy a digital file.
Follow me @glynmoody on Mastodon and on Bluesky. Originally posted to Walled Culture.
Filed Under: cjeu, copyright, data retention, eprivacy directive, eu, ip addresses, privacy
LastPass Tries To Bury The Full Scope Of Its Disastrous Privacy Breach Behind The Christmas Holiday
from the dysfunction-junction dept
Wed, Dec 28th 2022 05:36am - Karl Bode
Back in August, password storage app LastPass vaguely admitted that hackers had accessed the company’s systems. In the company’s original August reveal, the company generally tap danced around the subject, claiming that while they had identified some “unusual activity,” consumer data had not been accessed.
By November, LastPass had begun shifting its story a bit, acknowledging that the unauthorized August access to its systems had allowed an unidentified third party to “gain access to certain elements” of customer info later on. Then, right before the Christmas holiday on December 22, LastPass finally revealed something closer to the full truth. And it’s not pretty:
The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.
That vault data included company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service. All of that information, including numerous IP address records allowing the tracking of user locations and movement, is now in the hands of an unknown third party.
The vaults also included copies of encrypted user passwords. And while those passwords might be safe for users with strong master passwords and updated default account settings, some users with older account settings and weaker master passwords may have had their entire password list exposed, meaning those folks are now spending the holiday updating potentially thousands of website and service passwords all across the internet.
Security researchers weren’t impressed for numerous reasons. For one, it took LastPass numerous months to fully reveal the full scope of the intrusion. And when they did reveal it, they not only buried it ahead of the big holiday in the hopes it would minimize attention, security researchers like Wladimir Palant argued the announcement was aggressively misleading from beginning to end:
LastPass is trying to present the August 2022 incident and the data leak now as two separate events. But using information gained in the initial access in order to access more assets is actually a typical technique used by threat actors. It is called lateral movement.
So the more correct interpretation of events is: we do not have a new breach now, LastPass rather failed to contain the August 2022 breach. And because of that failure people’s data is now gone. Yes, this interpretation is far less favorable of LastPass, which is why they likely try to avoid it.
That entire post is worth a read, as it outlines the numerous instances in which LastPass attempts to distort both event history and the scale of the breach. And again, this wasn’t just some fly by night shop selling garbage smart home doodads. This was a company purportedly dedicated to consumer security, and this is just one major event in a string of bad decisions and previous breaches.
Filed Under: encrypted data, ip addresses, location data, password managers, passwords, privacy, security
Companies: lastpass
German Court Fines Site Owner For Sharing User Data With Google To Access Web Fonts
from the getting-fined-the-odd-way dept
The European Union’s data privacy law, the GDPR (General Data Protection Regulation), has caused all sorts of problems since its debut. Its debut was itself a mess, something that immediately resulted in a whole lot of websites simply refusing to allow European users to connect with them.
Since it was unclear how to avoid running afoul of the law, it was easier to avoid potential fines by simply cutting European users out of the equation. For everyone else, it was being greeted with a new warning about cookies at nearly every website they visited — a small hassle to be sure, but a hassle nonetheless.
Then there were the truly unexpected consequences of the new law that imposed data-gathering and data-sharing restrictions on any business, whether they were internet-based or not. In some areas, GDPR was read as requiring retailers to notify purchasers of items when the items were returned — something that would make the exchange of unwanted Christmas gifts extremely awkward.
In another weird case, post offices in Ireland removed waste bins from their facilities because customers were throwing out unwanted mail and receipts, resulting the offices’ unintentional collection of personal data. When the waste bins went missing, customers resorted to throwing their trash on post office counters and floors, leaving it even more unregulated than it was when the waste bins were still in place.
Yet another side effect no one saw coming: the use of Google’s Font API was enough to get a website fined by a German court. (via Slashdot)
Earlier this month, a German court fined an unidentified website €100 ($110, £84) for violating EU privacy law by importing a Google-hosted web font.
The decision, by Landgericht München’s third civil chamber in Munich, found that the website, by including Google-Fonts-hosted font on its pages, passed the unidentified plaintiff’s IP address to Google without authorization and without a legitimate reason for doing so. And that violates Europe’s General Data Protection Regulation (GDPR).
The court says whether or not Google did anything with the forwarded IP address is beside the point. The fact is the website engaged in the unauthorized transmission of this IP address to Google by using its font API to access a font to render the text on the site. The court’s decision points out this can be avoided by self-hosting the font and notes that the website operator has chosen to do this going forward. That being said, the court still feels a fine is the only way to ensure future compliance with GDPR.
Risk of repetition is to be affirmed. It is undisputed that the plaintiff’s IP address was forwarded to Google when the plaintiff visited the defendant’s website. Previous unlawful impairments justify an actual assumption of the risk of repetition, which was not refuted by the defendant. The risk of repetition is not eliminated by the fact that the defendant now uses Google Fonts in such a way that the IP address of the website visitor is no longer disclosed to Google. The risk of repetition can only be eliminated by a declaration of discontinuance with a penalty.
The fine here may have been minimal, but the law allows a penalty of €250,000 ($286,000) per violation, which the court warns the website operator is not only possible, but probable, if the problem doesn’t go away. There’s also the (very slim) chance the improper use of Google Fonts could result in prison time, because that’s also a potential GDPR violation penalty.
While the solution here appears to be simple enough — self-host fonts — the reality of the situation is that this decision will lead to yet another pop-up asking for consent that will stand between site users and the content they’re trying to access, and that no one will read before clicking “accept.” It won’t make the web a better place and it won’t do much to limit the sharing of personal data with off-site entities. It will just make everything a little more annoying.
Filed Under: data protection, fonts, gdpr, germany, ip addresses, privacy, sharing, web fonts
Companies: google
It Happened Again: Antipiracy Outfit Asks Google To Delist 127.0.0.1 On Behalf Of Ukrainian TV Station
from the where-the-piracy-is dept
We’ve made this point before, but the moment you attempt to scale up copyright enforcement, you run into problems. Collateral damage from automated systems mistaking non-infringing content for infringing, the possibility of fraud and abuse, the blind eye towards Fair Use all become problems. But sometimes those problems are so silly that they expose what a pure fiasco this has become. Several years back, we discussed Universal Pictures asking Google to delist a bunch of supposedly infringing sites, listing one of them as 127.0.0.1. Depending on how computer savvy you are, you may recognize that this IP address is how a computer or system refers to itself. In other words, it essentially means “home.”
And, yet, despite how silly this all is, it just keeps happening. Most recently, the anti-piracy outfit used by a Ukrainian television broadcaster may have outed its own client by also asking Google to delist 127.0.0.1.
Ukrainian TV channel TRK has sent a rather bizarre takedown request to Google. The company’s anti-piracy partner Vindex asked the search engine to remove a search result that points to 127.0.0.1. Tech-savvy people will immediately recognize that the anti-piracy company apparently found copyright-infringing content on its own server.
The request was sent by TKR’s anti-piracy partner Vindex, which essentially flagged a file on its own machine. The ‘infringing’ link is 127.0.0.1:6878/ace/manifest.m3u. This points to a playlist file, possibly for the P2P streaming platform Ace Stream that’s often used to pirate content.
Now, a number of things here should be unsurprising to our regular readers. That an antipiracy outfit sucks at identifying proper sites for delisting is no surprise. Likewise, the idea that a company that is crying about copyright infringement might be guilty of infringement itself also fails to shock the mind. But what is surprising is that the antipiracy outfit may have accidentally outed its own client through its own stupidity as a party infringing copyrights so thoroughly.
Google obviously cannot delist the IP address, as there is nothing to delist. And, frankly, Vindex is known to suck at its one job.
Since 127.0.0.1 refers to the host computer, Google is technically asked to remove a file from its servers. A file that doesn’t exist. Needless to say, Google hasn’t taken any action in response.
The above suggests that Vindex may want to take a good look at its takedown bots. The company doesn’t have a stellar reputation when it comes to DMCA notices. Of all the links that were reported to Google, little more than 10% were removed by the search engine.
Adding to it that you imagine there are some uncomfortable conversations being had between Vindex and its client today and you’re left with the impression that there is a ton of egg on its face right now.
Filed Under: 127.0.0.1, antipiracy, copyright, home, ip addresses, piracy, ukraine
Companies: google, trk
In Trying To Ban Telegram, Russia Breaks The Internet
from the unintended-consequences dept
Wed, Apr 18th 2018 06:20am - Karl Bode
Russia’s war on encryption and privacy has reached an entirely new level of ridiculous. We’ve noted for a while how Putin’s government has been escalating its war on encrypted services and VPNs in the misguided hope of keeping citizens from dodging government surveillance. But things escalated dramatically when the Russian government demanded that encrypted messaging app Telegram hand over its encryption keys to the FSB. After Telegram refused, a Russian court banned the app entirely last Friday, and the Russian government began trying to actually implement it this week.
It’s not going particularly well.
Telegram tried to mitigate the ban by moving some of its essential infrastructure to third-party cloud services. But Russian telecom regulator Roskomnadzor responded by blocking upwards of 16 million IP addresses, many belonging to Amazon Web Services and Google Cloud. Not too surprisingly, the heavy-handed maneuver resulted in connectivity problems across massive swaths of the Russian internet:
Telegram started using Amazon's AWS to bypass Russian censorship. Now, if you were @roscomnadzor (highly unlikely because nobody's as dumb as these doorknobs), what would you do? Certainly not block 655352 IP addresses belonging to Amazon, right? That would be so stupid… oh pic.twitter.com/AxEHfRUGnU
— Manual (@CatVsHumanity) April 16, 2018
Some users say the ban has disrupted the functionality of unrelated online games and services:
Our officials are blocking Amazon IPs, hoping to block Telegram.
And they hit other unrelated services as well. There are reports that GuildWars2 and Trello are unavailable, for example— Omni H. Sable (@OmniSable) April 17, 2018
And even credit card terminals:
Telegram is routing traffic through Amazon and Google cloud services, which is forcing Russia's telecom regulator to block hundreds of thousands of IPs. People are reporting that some credit card terminals are not working as a result. https://t.co/7CO2roBJhJ
— Yasha Levine (@yashalevine) April 16, 2018
While the Russian government has been portrayed as a technological and hacking mastermind in the wake of its escalating global disinformation and hacking campaign, there’s nothing at all competent about this effort. The Russian government is demanding that both Apple and Google pull encrypted messaging apps from their app stores. They’ve also tried to pressure sideloading websites like APK Mirror into refusing to offer alternative access to the Telegram app. But it’s just another game of Whac-a-Mole, with VPN provider NordVPN saying it saw a 150% spike in Russian usage in the wake of the ban.
The Russian government is claiming that its ham-fisted blockade has resulted in a 30% dip in Telegram usage. But Telegram founder Pavel Durov has downplayed the ban’s impact on overall “user engagement”:
“For the last 24 hours Telegram has been under a ban by internet providers in Russia. The reason is our refusal to provide encryption keys to Russian security agencies. For us, this was an easy decision. We promised our users 100% privacy and would rather cease to exist than violate this promise.
“Despite the ban, we haven?t seen a significant drop in user engagement so far, since Russians tend to bypass the ban with VPNs and proxies. We also have been relying on third-party cloud services to remain partly available for our users there.”
Russian state media meanwhile continues to demonize Telegram as a haven for villains, and is directing users to alternatives like TamTam with alleged ties to the Russian government. All told, it’s another wonderful illustration of how filtering the internet doesn’t work (unless collateral damage and annoyance is your stated goal), and a war on fundamental security and privacy tools only makes everybody less secure. This is not a battle Russia can “win,” but it’s apparently too far down the rabbit hole of bad ideas to stop now.
Filed Under: banning, encryption, ip addresses, privacy, roskomnadzor, russia, surveillance
Companies: amazon, google, telegram
Telenor Looks To Lead The Anti-Troll Fight In Europe
from the to-arms dept
In what is beginning to look like a much-welcomed trend, it seems like copyright trolls are finally due to receive some pushback from powerful industry players. Whereas previous pushback has been both isolated and chiefly the province of smaller European government groups, the real curtailing of copyright trolling efforts was always going to come from a revolt by tangential corporate interests. It appears that the soldier on the front of that fight might be Telenor, an ISP that has previously pushed back against efforts for wholesale site-blocking in the name of copyright, and one that is is now looking to export its recent anti-troll win in Norway to the country of Denmark by gathering allies in the ISP industry to its side.
To stop the trolling efforts from getting out of hand, Telenor is now preparing to build a new case at the Frederiksberg Court, hoping to protect the identities of its subscribers. In Denmark, Telenor is supported by fellow Internet provider Telia, which says it will be more critical toward trolling efforts going forward.
The branch organization Telecommunications Industry in Denmark notes that other ISPs are backing Telenor’s efforts as well. The group’s director, Jakob Willer, describes the copyright trolling scheme as a “mafia-like” practice, which should be stopped.
“There is full support from the industry to Telenor to take this fight and protect customers against mafia-like practices,” Willer says.
This language choice is not remotely inappropriate. Copyright trolls rarely find themselves before an actual court against defendants, instead relying on well-crafted and often deceptive threat letters to generate settlement income for themselves and their clients. It should be immediately clear exactly what is going on here when a law firm so haphazardly threatens litigation yet never conducts it. Extortion is a word that leaps to mind, even if these wolves are garbed in the sheep’s clothing offered by the imprimatur of legal language and the status of being an otherwise valid law firm. What’s required to break these efforts is the unmasking of these tactics and the tenuous evidence on which they are based, as well as having the privacy erosion that these tactics require laid bare for all to see. ISPs are the perfect paladin for this, as they are the ones giving up customer information based typically on scant evidence.
Individuals will find themselves unable to compete with the legal teams of these copyright trolls. So much so, that the unmasking of account information is quickly getting out of control.
These so-called “copyright trolls” have also landed in Denmark, where the number of targeted Internet subscribers is growing at a rapid rate.
In 2015, rightsholders received permission from courts to obtain the personal details of 6,187 alleged BitTorrent pirates, based on their IP-addresses. A year later the number of accused subscribers increased by nearly 250 percent, to 21,163.
Why courts so often side with industry in this manner is a discussion for another day, but given that reality, ISPs too are an industry that can take up this fight. Seeing them begin to do so, and banding together to provide a more formidable legal defense of what is essentially their customers’ rights, is obviously a step in the right direction. And, while geography plays little role in internet-related questions of this kind, it strikes anyone looking at the map how Telenor appears to be surrounding Germany, the birthplace of copyright trolling, with its legal efforts.
All is not quiet on the copyright troll front, in other words, with ISPs now looking to ally against them.
Filed Under: copyright, copyright trolling, copyright trolls, denmark, ip addresses
Companies: telenor
Singapore Court Tosses Copyright Troll Cases Because IP Addresses Aren't Good Enough Evidence
from the preach dept
We’ve been saying this for years, but IP addresses are not good enough evidence on which to base copyright infringement lawsuits. At some level, everyone already knows this to be true. You can tell that’s the case because the typical pretenders stating otherwise are the copyright trolls with a business model that relies on gathering large numbers of supposedly infringing IP addresses, mailing out settlement demands to the supposed pirates that own the accounts of those IP addresses, and then collecting very real money from some percentage of the recipients. On top of that, even these trolls will often claim that the onus is on the account holder of an internet connection to police their own pipe, which is a delightful end-around to the common concept of punishing true infringers as opposed to innocent third parties.
There are places with legal systems that have had enough of this practice and we can now add Singapore’s to the list. The High Court in Singapore recently threw out requests from several copyright trolls made to ISPs there to produce account information for IP addresses they claim were used to infringe on two movies, Fathers & Daughters and Queen Of The Desert.
The oral decision delivered at a closed-door hearing on Monday was on the grounds of “insufficient evidence”, the Attorney-General’s Chambers (AGC) told The Straits Times yesterday. In a rare move, the AGC intervened in civil applications made in the High Court in July last year by Samuel Seow Law Corp (SSLC), the local law firm that represents the two studios.
Last year, SSLC again served papers on Singtel, StarHub and M1 to get details of alleged pirates of Fathers & Daughters and Queen Of The Desert, with a list of over 500 offending Internet Protocol (IP) addresses. The AGC and the Intellectual Property Office of Singapore (Ipos) said they highlighted to the court that SSLC did not submit “sufficient evidence” to show a link between the IP addresses and alleged illegal downloaders. It was on such grounds that the case was dismissed.
It’s an important decision in the country, with the High Court cementing the position that IP addresses are not sufficient evidence with which to demand account information over infringement issues. That the practical use for that account information would have been the type of sleazy settlement demands that have become the norm in copyright trolling circles may have played a role in the decision, but it need not have. Viewed solely on its merits, there are any number of ways an internet connection might be used for copyright infringement by someone other than the owner of the internet account: shared WiFi, brute force break-ins into the connection, etc. The simple fact is that knowing an IP address that was used for infringement doesn’t tell anyone who did the actual infringing. Viewed that way, compelling ISPs to turn over personal account information based solely on IP addresses is crazy.
Some IP attorneys are already whining about the decision.
Mr Lau Kok Keng, an IP lawyer at Rajah & Tann Singapore, said requiring the rights owner to link the IP address to the actual infringer is akin to “putting the cart before the horse” – copyright holders need to know who the account holder is to ascertain if he is the actual pirate.
“So it could mean that individuals who illegally download copyright content will be able to get off scot-free because their identities will never be known, short of being caught in the act,” said Mr Lau.
Which is much to do about nothing, given that, again, the infringing party might not be the IP address owner to begin with. What the copyright trolls are really looking for are essentially lead lists for settlement letters. They don’t really care if the recipient of those letters is the infringer or not, they care if they can scare enough people into paying settlements to make money.
In that light, it’s nice to see a government get it right on this question about IP addresses as evidence, even if we have to look all the way to Singapore to see it.
Filed Under: copyright, copyright trolls, ip addresses, singapore
How Bad Are Geolocation Tools? Really, Really Bad
from the what-a-mess dept
Fri, Apr 15th 2016 10:37am - Andrew
Geolocation is one of those tools that the less technically minded like to use to feel smart. At its core it’s a database, showing locations for IP addresses, but like most database-based tools, the old maxim of GIGO [Garbage In, Garbage Out] applies. Over the weekend Fusion’s Kashmir Hill wrote a great story about how one geolocation company has sent hundreds of people to one farm in Kansas for no reason other than laziness. And yes, it’s exactly as bad as it sounds.
Most people often aren’t the most technically minded, give them a tool, tell them it CAN produce an output, and they’ll assume that any output that looks like the best quality possible, IS the best one available. It’s extremely common with ‘forensic evidence’ and jurors in court cases, where it’s given weight well beyond its actual evidentiary value (to the point that they now distrust cases without it) ? there’s even a name for it, “the CSI effect“, named after one of the TV shows that uses it as a cornerstone.
One of the latest tools to get the blind trust of morons is IP Geolocation. At its basic level, it’s a database of IP addresses with latitude and longitude listed, so when you look up an IP address, you get a pair of coordinates you can associate as an ‘origin’ for that.
However, there’s a number of problems with that.:
- First, what about those that don’t have a lat/long listed?
- Secondly, how often are they updated?
- Third, how do they deal with cellular or ‘mobile’ devices?
So let’s quickly address them.
Those that don’t have a lat/long listed.
Well, there’s a few ways to do it, but the way some chose to do, is just to guess. In the article that started me on this, it points out that the company MaxMind decided to guess at the average closest place it could ? the geographical center of the US, except 39?50’N 98?35’W. is a messy decimal (39.8333333 N,98.585522W) so it rounded them to 38N, 97W. It’s the front yard of a farm in Kansas.
Other times they just guess and get a town and put it somewhere there, although even that can be off a bit. It can be a lot off, as you’ll see shortly.
How often are they updated?
There’s no telling. With the great shortage of IPv4 addresses now, but with an ever-expanding list of devices, from cell phones to thermostats and even fridges, IP addresses are shifting around everywhere. There’s also mergers and splits of companies, bankruptcies and so on. So unless the database is frequently updated, there’s no chance that anything it has to say will be accurate ? again we’ll see that directly.
Finally, how does it deal with cellular devices?
Simply put, they don’t. The handoff mechanism means that you’ll often carry one IP address from one tower to the next (otherwise you’d have to terminate and restart any data transfer as you shifted between towers. In addition most cellular providers hide their cell customers behind NAT, precisely because of the lack of discreet IPv4 addresses to give out (and their? slowness in migrating to IPv6)
Odds are you’re going to get a local network control center, or regional corporate office instead, which means it’s practically no use at all.
Oh dear….
This all assumes as well that entries are made in good faith. One of the more common uses of geolocation is for targeted adverts, especially with ‘adult websites’, where they promise there’s a horny woman (or man, if your browsing is detected as such, or the ‘content’ suggests you may be female) close by. Or you may have seen it in the scam adverts on news sites that should know better than to accept low-rate advertising based on scams (with easy to tell, clickbait headlines about insurance ‘tricks’ or similar).
This means that if you can ‘rig’ the database, you can expose the stupidity in parts of it, as was best demonstrated by Randall Munroe in his XKCD comic series.
So just how inaccurate are these systems? The easiest way to tell by far is to run some IP addresses where you know the location through these systems and see how far off they can be. So I did.
The most obvious one to start with is my own home connection’s IP address. So I tried the link in the story, and boy was it off! Just for the record, I live on the south side of Atlanta’s metro area, near Macon ? Walking Dead country in fact
That’s right, it put me in Ottawa, capital of Canada, roughly 1900km (1180 miles) and 1 whole country off. Part of that comes from the second question, how current the data is. It’s listing my IP as belonging to Nortel networks. Problem is, I’m not a subscriber to Nortel ? no-one is, the company was wound down years ago. Yet some databases still have them listed.
Cellphones don’t fare much better either. I used the same service on a 4G Verizon phone sitting at my computer. It’s location, San Diego. That’s 1900 miles (3050km) off. Others services gave locations of New York, Atlanta, and Macon.
Wondering if it’s just my semi-rural system that’s messed up, I called a few friends who live in the Atlanta suburbs (a few streets from each other) and asked for their IP addresses, one used Comcast, and the other AT&T. Maybe things will be better and more accurate in a big-city environment?
I ran a number of different GeoIP services, and it was a very mixed bag of results.. One thing’s certain though, none of the four set of coordinates gave an accurate location for the person (for obvious reasons I’m not going to give you their address, or mine for that matter)
Of them all, only one service ? IPCIM.com ? gave an error circle with a location, (twenty five mile radius), but it didn’t do it for all. To me that indicates knowledge of its inaccuracy, but it’s lack at other times seems to show it just doesn’t care.
The second and third locations are the same coordinates, but they’re less certain of the third than the second, despite both being off.
There’s also something specific to note. There’s 4 providers covered here. Two were done from the exact same location, yet their locations came nowhere near matching. Two more were IP addresses just streets away, but they also didn’t match that well, although many went to the same default locations, including two which went to the ‘lazy US Center’ investigated in the Fusion piece.
More importantly, of the 30+ geolocating attempts made here, not a single one managed to be within a mile of the actual location (although one location was within a mile and a half, while another was within 3 miles ? again, I’m not going to give out specifics). So for those who want to rely on them as being a source of where something is, the simple answer is “don’t“. This applies as much to those tracking down people who are leaving spammy comments, as it does to police officers and lawyers seeking to use them for court actions criminal or civil.
In fact lawyers and the police have absolutely NO excuse to use these kinds of databases in litigation at all as there are better, more accurate tools at their disposal ? the courts themselves. In criminal cases a warrant is the preferred method, obtaining subscriber information from the ISP (fixed or cellular) which is far more accurate than any geolocation service because it’s data coming from the entity actually providing the connection. In a civil trial you have a discovery subpoena to do pretty much the same thing and for the same reasons.
If you’re doing it ‘on your own’, remember that these tools are as accurate as taking a dart and throwing it not at a map on the wall, but at a Google map display on your computer screen. Sure you’ll be out a display, but you won’t be potentially facing criminal charges when you go to act on what it basically bullshit data. At the very best, it can be used to advise, but it can be INCREDIBLY off, sometimes thousands of miles.
Data
The following services were used
- Checkip.org
- IP2location (Product: DB6, updated on 2016-4-1)
- IpInfo.io (Product: API, real-time)
- EurekAPI (Product: API, real-time)
- DB-IP (Product: Full, 2016-4-2)
- IPCIM.com
- MaxMind (Product: GeoLiteCity, updated on 2016-4-5)
- MaxMind (Product GeoIP2)
There were 4 IP addresses used, three residential and one cellular comprising four of the biggest ISP’s in the US.
IP addresses
- 32.99.122 (Charter fixed line cable internet connection ? K`Tetch)
- 193.166.88 (Verizon 4G cellular connection ? K`Tetch )
- 137.147.28 (Comcast fixed line cable internet connection ? James)
- 172.126.144.9 (AT&T gigapower fixed line internet connection, less than 6 months old ? David)
The first two were located in south metro Atlanta, near Macon. David and James are located approximately half a mile apart in north Cobb county, Georgia.
Raw coordinates
| Service | Charter | Verizon | Comcast | AT&T |
|---|---|---|---|---|
| checkIP.org | 45.4167, -84.3246 | 32.7977, -117.1322 | NOT TESTED | BLANK RESULT |
| IP2Location | 33.95621, -83.98796 | 32.55376, -83.88741 | 34.02342, -84.61549 | 34.02342, -84.61549 |
| IPinfo.io | 32.8685, -84.3246 | 32.8975, -83.7536 | 34.0247, -84.5033 | 38.0000, -97.0000 |
| EurekAPI | 32.8685, -84.3246 | 33.7981, -84.3877 | 34.1015, -84.5194 | 34.0247, -84.5033 |
| DB-IP | 33.9562, -83.988 | 40.7128, -74.0059 | 33.9413, -84.5177 (“Marietta (bedroom)”) | 33.8545, -84.2171 |
| IPCIM.com | 32.8685, -84.3246 (? 25 mile) | NOT TESTED | 34.0247, -84.5033 | 34.0247, -84.5033 (? 25 mile) |
| MaxMind (geoLiteCity) | 32.8685, -84.3246 | 32.8975, -83.7536 | 34.0247, -84.5033 | 38, -97 |
| MaxMind (GeoIP2) | 32.8685, -84.3246 | 33.7844, -84.2135 | 34.0247, -84.5033 | 34.0247, -84.5033 |
If you’d rather see them on a map, they’re here. (Legend Charter in green, Verizon in red, Comcast in blue, AT&T in yellow)
NOTE: One data source was extremely interesting in its provision of 11+ decimal places in its results. While this might seek to imply accuracy, it actually underscores how inaccurate it actually is. Eight decimal places gives a resolution of 1.1 millimeters ? half the thickness of a CD/DVD. 11 decimal places as given in all their results is going to extremes, with locations given to less than a hair’s thickness. It has been rounded down.
The “Marietta (bedroom)” label was actually on the output from their database.
I would like to thank David and James for their help with this. And for obvious reasons, we have forced changes in IP addresses for all our connections (and the release of this article was delayed to ensure that).
This is a repost from Andrew Norton’s Politics & P2P blog
Filed Under: errors, geolocation tools, ip addresses
Australian Tribunal Says User's IP Address And URLs Visited Are Not Personal Information
from the too-remote dept
Techdirt has been writing about the question of what constitutes personal information in an online context for over half a decade. A recent decision in Australia, reported by the Guardian, suggests that the matter is far from settled around the world. The case concerns a journalist, Ben Grubb, who has been trying to get his personal data from the mobile phone company he uses, Telstra. Initially, the Australian privacy commissioner ruled that Telstra had failed to comply with local privacy laws when it refused to hand over the data, but that decision was overturned on appeal by an administrative appeals tribunal (AAT) on the following grounds:
> In the AAT decision deputy president Stephanie Forgie took a narrow approach to defining personal information. She said that information such as IP and URL data were too remote to be considered personal information. > > “That data is no longer about Mr Grubb or the fact that he made a call or sent a message or about the number or address to which he sent it. It is not about the content of the call or the message. The data is all about the way in which Telstra delivers the call or the message. That is not about Mr Grubb,” she wrote.
That ignores just how much information even a single URL reveals about the visitor to the site and page in question. Moreover, putting all those URLs together can create an extremely detailed picture of the person concerned — from things like their general character and beliefs to current concerns. It’s an extension of the incorrect argument trotted out by governments that gathering and storing metadata isn’t as intrusive as retaining content, when exactly the opposite is true. Since metadata is pre-sorted into handy conceptual categories, analysing and aggregating the information is extremely easy, even on a huge scale — just ask the NSA and GCHQ.
However, the Australian privacy commissioner is not taking things lying down:
> The privacy commissioner, Timothy Pilgrim, has launched a federal court challenge to a ruling that a journalist was not entitled to access parts of his personal mobile phone data. > > The landmark challenge is believed to be the first time the Office of the Australian Information Commissioner has sought to appeal a case before the federal court.
As the Guardian rightly notes, the outcome of the case is likely to have important ramifications for future requests involving personal information under the country’s privacy laws.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: australia, ben grubb, ip addresses, metadata, personal information, urls
Companies: telstra
Irony Alert: John Steele Denies Uploading Anything Ever Despite Growing IP Evidence
from the irony-alert dept
Well, well. We recently wrote about a new filing in the Paul Oppold case in Florida, in which lawyer Graham Syfert presents very, very detailed and compelling evidence, as put together by Delvan Neville, that many of the films that Prenda sued people over were initially uploaded by John Steele. The folks over at The Pirate Bay added to this by presenting evidence that the sharkmp4 user who uploaded the works came from the very same IP address that Neville had found (among other evidence) in his findings. Basically, there’s a ton of evidence that, at the very least, whoever controlled the Prenda Law domain name, also uploaded the torrent, ran a website “releasing” the movies, controlled John Steele’s confirmed email account and commented on various blogs with clear insider knowledge of Prenda Law’s actions.
John Steele’s response? Deny, deny, deny. Here’s him talking to Ars Technica:
“I have never uploaded a torrent in my life, I have never instructed anyone to do so, and I am not aware of anyone I have worked with in any capacity whatsoever (other than pirates of course). I am not sure how much more unequivocal about it I can be. I have no involvement with any case in Florida, including Mr. Oppold’s case. I have not read a single document in that case. I don’t intend to. As far as Mr. Syfert, you will have to ask him why he is hiring experts to try to connect me to a case I have no involvement with.”
For what it’s worth, Syfert didn’t actually hire an expert to try to connect one to the other, but merely to investigate who did what. That a tremendous amount of evidence then poured out all pointing to John Steele is the result.
That said, here’s the really ironic bit: In all of the John Steele cases of copyright trolling, in which he and his partners have been accusing people of copyright infringement and hacking computers, their “evidence” tends to be a single IP address involved in a single action, which they argue is enough information to accurately identify the person and the actions they did. Here, we not only have a single IP address, but a ton of additional information, including that identical IP address showing up in multiple places, while a variety of other evidence directly links Steele to the IP address, yet he insists it’s not true. Fascinating.
One of our commenters put it all together in a single image.
At this point, not only is the evidence that John Steele was directly involved in uploading the files pretty overwhelming, but on its own it’s orders of magnitude more compelling than the evidence that Steele and Prenda have been using against people in court.
Filed Under: delvan neville, evidence, graham syfert, ip addresses, john steele, paul oppold
Companies: prenda, prenda law