What Does an IP Address Tell You

You should use a VPN every time you use the internet, but there are instances when you can’t risk not using one:

What can you tell from an ip address

Об этой странице

Мы зарегистрировали подозрительный трафик, исходящий из вашей сети. С помощью этой страницы мы сможем определить, что запросы отправляете именно вы, а не робот. Почему это могло произойти?

Эта страница отображается в тех случаях, когда автоматическими системами Google регистрируются исходящие из вашей сети запросы, которые нарушают Условия использования. Страница перестанет отображаться после того, как эти запросы прекратятся. До этого момента для использования служб Google необходимо проходить проверку по слову.

Источником запросов может служить вредоносное ПО, подключаемые модули браузера или скрипт, настроенный на автоматических рассылку запросов. Если вы используете общий доступ в Интернет, проблема может быть с компьютером с таким же IP-адресом, как у вас. Обратитесь к своему системному администратору. Подробнее.

Проверка по слову может также появляться, если вы вводите сложные запросы, обычно распространяемые автоматизированными системами, или же вводите запросы очень часто.

What Does an IP Address Tell You?

We’ve all been cautioned against revealing too much information — or any at all — about ourselves on the internet. Maybe you’ve cautioned your teens against it yourself. But have you considered what information an IP address could reveal? Clario’s VPN protects your personal information by masking your true IP address. This allows you to browse the internet safely without worrying about getting hacked. Clario’s reliable VPN tool is a must-have.

Table of contents

• What is an IP address?
• Types of IP addresses
• Consumer IP addresses
• Private IP addresses
• Public IP addresses
• Shared IP address
• Dedicated IP addresses
• Why is an IP address necessary?
• What information can you get from an IP address?
• How to protect your IP address
• Use a VPN
• Use a proxy server
• Protect your IP address at all costs

What is an IP address?

An Internet Protocol (IP) address is a digital footprint consisting of a series of numbers, separated by periods, that can be used to identify you on the internet. The numbers usually range between 0 and 255, although this isn’t always the case.

What does an IP address do? It sets the rules of how the format of data is transmitted on the internet or a local network. An IP address usually looks like this: 123.245.78.9

It is used to identify devices that connect you to the internet, so every device of this kind has an IP address. The following devices are examples:

• Routers
• Laptops and computers
• Smartphones
• Smark TVs
• Tablets
• Blootooth-enabled devices, like your smartwatch or speakers
• Printers, etc.

IP addresses make these devices, which are used to browse the internet, accessible for communication. They also make them identifiable online, as an IP address is specific to a device. This makes it possible to differentiate between devices and websites on the internet.

Types of IP addresses

IP addresses can fall under different categories. Within each of the categories are different types of IP addresses.

Categories include consumer IP addresses, private IP addresses, public IP addresses, shared IP addresses, and dedicated IP addresses. Let’s have a look at each one below.

Consumer IP addresses

Consumer IP addresses are those IP addresses assigned for home/personal and business use. They can be both private or public IP addresses, as we’ll soon see below.

Private IP addresses

Otherwise known as internal or local IP addresses, private IP addresses are unique IP addresses that are assigned to each device used to connect to the internet.

Devices like your smartphone, computer, tablet, smart TV, smart speakers, printers, and more all have their own private IP address. If you have multiple devices connected to the internet in your home, which most people do, your router needs to be able to identify each device.

That’s the purpose that private IP addresses serve — they make your devices identifiable on the network. As such, they’re only visible to other devices on your private network. They can’t be identified from outside on the public internet.

Public IP addresses

Over and above the private IP addresses assigned to private devices on your home network, there exists an overall IP address associated with your home network. That’s what a public IP address is. It’s also known as an external or global IP address.

Public addresses are assigned to your router by your internet service provider (ISP), which is responsible for assigning IP addresses to its customers. For example, if you buy a router from AT&T, they’ll assign a public IP address to that router as they do to others.

All the devices outside your network on the public internet will be able to see your router’s public IP address to identify it online. Public IP addresses can be broken down into two categories:

These are ever-changing IP addresses assigned by ISPs. The whole process of assigning and re-assigning IP addresses is automated and happens occasionally. This process allows customers of ISPs, like you, to keep their information safe and protected, as it makes it difficult to track and hack them. To that end, ISPs may re-assign your old IP address to another customer when they change yours. It’s also a cost-saving measure for ISPs, as manually assigning IP addresses can be taxing.

Static IP addresses are different from dynamic IP addresses in that they remain the same throughout. This means you keep the same IP address assigned to you by your ISP. Individuals and businesses don’t have to have static IP addresses — they need dynamic ones for security purposes. However, businesses that want to host their own servers must have static IP addresses to ensure that other devices on the internet can find their websites and email addresses.

You can also learn how to find your IP address in our guide on the differences between private and public IP addresses.

Shared IP address

Websites have IP addresses, too, as internet devices do. There are two types of website IP addresses: shared IP addresses and dedicated IP addresses.

Web hosting providers host many websites on the same server. In such cases, those websites are on what is called a shared hosting plan and therefore have shared IP addresses.

This is typically the case for small websites or websites belonging to small businesses, with a minimal number of pages. Those websites tend to be easier to manage due to low traffic volumes.

Dedicated IP addresses

On the contrary, businesses can choose to pay for IP addresses that are dedicated solely to their websites.

A dedicated IP address comes in handy when building your own website. It allows you to test the website before registering the domain by accessing the website using the IP address instead of the domain name.

Why is an IP address necessary?

An IP address makes it possible for you to access and use the internet. Without it, this would be impossible.

That’s because an IP address acts as the middleman or point of contact in a communication path on the internet.

It transmits data, known as packets (of information), between the device where the information stems from and the destination device or where the information is being sent to.

In essence, it channels packets of information to their intended recipient, which is a crucial part of the internet. All of this happens behind the scenes, but it’s what allows you to open and use a website when you click on it.

But this also means that you can find some information from an IP address.

What information can you get from an IP address?

Anytime you use the internet, you’re sharing your IP address. Below are some examples of activities that share your IP address:

• Streaming a TV show or movie online
• Participating in a live stream
• Gaming
• Sending an email
• Shopping
• Visiting a website.

These are everyday activities that you probably undertake without thinking twice. And while you may be using the internet innocently, there may be repercussions.

Not everyone uses the internet in goodwill. There are hackers and bad actors who prey on unsuspecting internet users, like yourself, who unknowingly share their IP addresses as they navigate the internet.

They hack your devices using your IP address, and access — and sometimes steal — your private information. So, what does an IP address tell you? Let’s look at some examples of what you can tell from an IP address:

• Home address
• Work addresses
• Email addresses
• Online passwords
• The media files on your mobile phone, tablet, or computer, like personal photos
• Confidential files that are saved on your computer or laptop.

The information your IP address gives would then be sold on the dark web, used to blackmail you, or used to steal your identity. There’s no telling how far hackers and bad actors could go in these instances. They could even open up credit cards in your name and defraud innocent people.

Does your IP address show your exact location? No, however, it shows the general location you’re in based on your router’s coordinates. Additionally, your IP address can reveal information related to your browsing habits. These include:

• The websites you visit, which can reveal your interests
• The places you visit
• Your workplace address
• Your online shopping habits
• Your streaming habits.

Same as you don’t post your home address and your passwords on social media, you shouldn’t make this information available with your IP address. Consider encrypting your IP address as soon as possible.

You wouldn’t want to fall victim to hacking or have your personal information exposed, that’s why you must protect your IP address at all costs.

How to protect your IP address

Now that you know how an IP address can put you at risk by revealing your private information, you’re probably wondering how to protect it. Let’s look at all the ways to achieve that.

Use a VPN

As we’ve established, using the internet exposes your IP address, which can be obtained and abused by bad actors. So, if you want to protect it, you must use a VPN.

Here’s how a VPN works: it protects your real IP address by giving you a new one and allowing you to change your VPN location to connect to a different server. This keeps your IP address anonymous. It allows you to browse the internet confidently, knowing that your personal information is protected. But don’t just use any VPN — go for one that gets the job done.

A good VPN should offer the following benefits:

• A wide range of server locations to choose from
• Server locations around the world, not focused in one area
• Fast speeds
• Ease of use, allowing you to connect quickly and easily.

Clario’s VPN ticks all the boxes. It is the safe, secure, and reliable VPN service you need to keep your data safe. It protects it by masking your true IP address, allowing you to browse the internet anonymously and keep hackers off your trail.

The VPN service forms part of a suite of cybersecurity tools that are geared towards protecting your personal information, all in one app. See for yourself.

1. Download the Clario app on your computer or mobile phone
2. Select Browsingand enable Browsing protection
3. On the pop-up window, select Allowto let Clario add VPN Configurations to your phone
4. Clario will choose the fastest server at the time. However, if you prefer a different server, simply click on the country and choose one from the list.

If you’re new to using VPNs, learn how to set up and use a VPN. It would help to also educate yourself about the best VPN server locations, so you know how they work.

You should use a VPN every time you use the internet, but there are instances when you can’t risk not using one:

• While traveling
• When using public Wi-Fi (hackers can access your data if they’re on the same Wi-Fi network you’re on)
• If you are working remotely.

Use a proxy server

Your second option is to use a proxy server, which can also hide your IP address. A proxy server helps protect your personal information by making its own IP addresses visible to internet servers in place of yours.

Proxy servers route your internet traffic so that whatever data is sent by internet servers is first routed through them before it reaches you.

While this sounds great, proxy servers have their drawbacks. Unfortunately, they allow some servers to spy on you, which is counterproductive and not ideal for anyone trying to protect their information. They sometimes allow ads, too.

If you want peace of mind, make sure you use a proxy server you absolutely trust. If you’re apprehensive, your best bet is to use a VPN, as mentioned above.

Protect your IP address at all costs

The internet has many benefits, but it can cause problems if you don’t take the necessary steps to protect your personal information. It can reveal information like the websites you visit, your Netflix history, and even where you live!

The consequences can be dire, like your information ending up on the dark web or someone using it for their own sinister purposes. That’s why you must be proactive in protecting your personal information. We won’t tell you to stop using the internet. So, as an internet user, your first step in protecting your personal information should be to protect your IP address.

The most important way to achieve this is by using a VPN. Clario’s VPN is the go-to VPN service if you want to browse the internet anonymously. This allows you to have peace of mind.

What an IP Address Can Reveal About You

Over the past decade, the Government of Canada has tabled various iterations of so called lawful access legislation.

The latest one identified six specific elements of subscriber information which would be made available to law enforcement and national security authorities without prior judicial authorization; specifically, one’s:

• name;
• address;
• telephone number;
• electronic mail address;
• Internet protocol address; and
• local service provider identifier.

(A brief description of some of these elements (i.e., IP address, e-mail address and local service provider identifier) appears in Annex A.)

Proponents of previous attempts at such legislation have described such subscriber data as being similar to “phone book” information. Footnote 1 This document presents findings from a technical analysis conducted by the Office of the Privacy Commissioner of Canada (OPC) examining the privacy implications of subscriber information elements which are not found in a phone book: email address, mobile phone number and Internet Protocol (or IP) address.

Research associated with this analysis concluded December 19, 2012. It was performed in accordance with the Office’s mandate to support, undertake and publish research into privacy issues and to promote public awareness through the preparation and dissemination of research findings for use by the general public, federal government institutions and private sector organizations.

Further, the analysis was conducted in order to provide OPC staff the ability to speak to the issues raised by previously proposed legislation, and advise Parliament accordingly on the basis of firsthand knowledge. It is not intended to be a commentary on, or reflect, current or future law enforcement practices or procedures. It is simply intended as an example of the “state of the possible”.

In general, the findings lead to the conclusion that, unlike simple phone book information, the elements examined can be used to develop very detailed portraits of individuals providing insight into one’s activities, tastes, leanings and lives.

Acknowledgement

This analysis is not the first of its kind. Prior to this work by the OPC, which began as the latest incarnation of federal lawful access legislation, Bill C-30, was still on the Parliamentary agenda, a similar analysis was performed by Christopher Parsons, a PhD candidate in the Department of Political Science at the University of Victoria.

His analysis, done in the face of a former version of lawful access legislation, was posted to his blog – Technology, Thoughts and Trinkets – under the title “The Anatomy of Lawful Access Phone Records” on November 21, 2011. Footnote 2 It looked at what International Mobile Subscriber Identification and International Mobile Equipment Identification numbers could uncover about individuals.

While these data elements were proposed to be made available to authorities without prior judicial authorization in previously proposed bills, they were not among those included in the definition of basic subscriber information posed by Bill C-30.

Methodology – How we carried out our work

Our research involved carrying out the straightforward task to conduct a simple test to determine what information can be found when starting with an IP address (a similar process can be followed when starting with an e-mail address or phone number). We:

1. used the IP address of the OPC web proxy as well as the IP address of an active contributor to Wikipedia;
2. looked-up the owner of the IP address, including any registration entries, using tools such as WHOIS (an online service used for activities including querying databases that store the registered users or assignees of domain names or IP address blocks);
3. conducted geolocation and network location searches using the IP address; and
4. used the IP address as a search term in various search engines (e.g., Google, Bing) and examined the web pages returned in the search results looking for examples of web activities (e.g., entries in web server logs, contributions to online forums).

By combining the results of all of these steps, it was possible to build a detailed profile of a person or group associated with the IP address. Some examples are outlined in the sections that follow.

Once the IP address, email address or phone number have been disclosed by the service provider or the subscriber, no special equipment or software is needed to conduct these tests. A variety of services are available on the web for obtaining information about IP addresses, email addresses, and phone numbers. There are also services that allow individuals to look up information about these items, including ownership and geolocation information. Finally, services, such as Google and Bing, can be very powerful when using these pieces of information as search terms.

What can Basic Subscriber Information elements unlock?

The following examples illustrate the types of additional information about an individual that can be discovered starting from knowledge of some element of subscriber information.

As shown, this information can reveal real world locations (in addition to civic addresses), elements of an individual’s online activity and possibly lifestyle preferences.

1. Phone number and email address

A phone number (landline and/or mobile) can be used to obtain a variety of other information about an individual, such as:

• names and addresses associated with that phone number (using reverse lookup tools such as www.411.com);
• using open source searches, any public Internet activity or publicly accessible document that includes that phone number, including blog posts, discussion forums, financial or medical records Footnote 3 , etc.; and
• using domain registration records, any Internet domains associated with the phone number.

Similar to a phone number, an email address can lead to a variety of information about an individual, including:

• the real name, if used in the email address or otherwise associated with the address;
• registration for services using the e-mail address. For some services (e.g., LinkedIn), the e-mail address acts as the username;
• any domains that were registered using the e-mail address;
• Internet activities or documents, including e-mails, that contain the e-mail address and that are subsequently indexed by search engines;
• friends on social network services; and
• previous employers (e.g., if the e-mail address is included in a resume posted online).

What we found …

NOTE: The results of the tests conducted during this analysis were quite revealing and had the potential to lead to the identification of an individual. In order to protect privacy, and reduce the risk of identification or misidentification of an individual, the results presented in the examples that follow were generalized to remove as much identifying information (e.g., IP addresses, website names, specific search subjects, URLs and so on) as possible.

Indeed, as a demonstration, the mobile phone number of an Office of the Privacy Commissioner of Canada staff member was used, with consent, to conduct online searches.

The results revealed:

• the individual’s full, real name;
• the individual’s mobile telecommunications service provider;
• two personal web sites and their domain registrations;
• an affiliation with a university;
• contributions to online discussion forums concerning Internet broadcasting, security and professional conferences; and
• participation in a local interest group on technical issues.

2. IP Address – General remarks on IP address functionality

Knowledge of an IP address allows a searcher to obtain other information about a network, device or service. Specifically, one can:

• determine who owns and operates the network. Searching the WHOIS database using an IP address can provide a range of information about the individual Footnote 4 (which could, in turn, reveal organizational affiliations) or organization to which the address is assigned, including a name, phone number, and civic address Footnote 5 ;
• perform a reverse lookup (the resolution of an IP address to its associated domain name) to obtain a computer name Footnote 6 , which often contains clues to logical and physical location;
• conduct a traceroute (a computer diagnostic tool for displaying the route (path) of packets across an IP network) to find the logical path to the computer, which often contains clues to logical and physical location;
• determine the geolocation of the computer, with varying degrees of accuracy. Depending on the lookup tool used Footnote 7 , this could include country, region/state, city, latitude/longitude, telephone area code and a location-specific map;
• search the Internet using the IP address or computer names. The results of these searches might reveal peer-to-peer (P2P) activities (e.g., file sharing), records in web server log files, or glimpses of the individual’s web activities (e.g., Wikipedia edits). These bits of individuals’ online history may reveal their political inclinations, state of health, sexuality, religious sentiments and a range of other personal characteristics, preoccupations and individual interests; and/or
• seek information on any e-mail addresses used from a particular IP address which, in turn, could be the subject of further requests for subscriber information.

According to Electronic Frontier Canada Footnote 8 , even non-commercial Internet activity, such as reading documents on web pages, invariably requires the transmission of IP address information that can identify what one reads online.

What we found …

To illustrate the process, a simple test was conducted using, as a starting point, the IP address of the web proxy of the Office of the Privacy Commissioner of Canada.

A WHOIS lookup revealed that the IP address was assigned to Public Works and Government Services (PWGSC), with an address of 350 KEDC (this is the King Edward Avenue Data Centre), Ottawa, ON, K1A 0S5. The technical point of contact is listed in this entry, including full name, email address, and phone number.

Using the IP address as a search term yielded more than 240 ”hits.” The results revealed that individuals working behind the IP address had visited sites dealing with, for example:

• search engine optimization training;
• Canada’s advertising and marketing community;
• web governance;
• identity management;
• privacy issues;
• legal advice related to insurance law and personal injury litigation;
• a specific religious group;
• fitness;
• online photo sharing;
• the revision history of a Wikipedia entry; and
• specific entertainers which, in turn, exposed a variety of usernames.

3. IP Address – Information about individuals

It should be noted that the above information was based on the online activity of a group of computers, not an individual work station. Having said that, the process used to derive these results applies equally well to the case of a residential subscriber. The specific information that can be retrieved however depends on how active the subscriber is online and how the websites he/she visits treat IP addresses (i.e., do they expose them to indexing by search engines).

To show what an IP address can unlock about an individual, a similar analysis was undertaken using IP addresses more representative of an individual subscriber.

What we found …

Starting with people who were active contributors to Wikipedia, we found that conducting searches using the IP address shown by this site often reveals a detailed profile of an individual’s activities.

For example, the IP address of one individual Wikipedia contributor Footnote 9 revealed that the person has:

• Edited hundreds of pages on Wikipedia about television shows, both North American and international. The interest in TV shows was extensive and specific, but the details are not included here for privacy reasons;
• Edited dozens of pages on Wikipedia related to history topics;
• Participated in a discussion board about a television channel; and
• Visited a site devoted to sexual preferences following an online search for a specific type of person.

For the purposes of the research undertaken by the OPC, the above traits were gained only by looking at one IP address. These examples, however, give a glimpse into the kind of portrait that authorities could be able to paint of individuals without needing to obtain prior judicial authorization as has been proposed in previous legislation introduced at various points over the last decade.

The Petraeus Incident – Demonstrating what Basic Subscriber Information has unlocked and led to

Another example of the information that can be determined using an IP address as the starting point for an investigation is the widely-publicized Petraeus case in the U.S. This case started as an investigation into harassing emails but eventually resulted in the revelation of an extramarital affair by the Director of the CIA, David Petraeus, and other compromising details, which resulted in his resignation. Footnote 10

As best as can be determined from publicly available media sources, the following appears to be the sequence of events:

1. An individual received a number of “anonymous” harassing e-mails and asked the FBI to investigate. Copies of the e-mails were made available to the FBI;
2. Although the messages were sent from an anonymizing service, the IP addresses from which they were sent were available in the e-mail headers;
3. From knowledge of the source IP address(es), the FBI was able to identify the organization to which the IP address(es) had been allocated (typically a telecommunications service provider(s);
4. Upon receipt of administrative subpoenas Footnote 11 , which are issued by law enforcement authorities without judicial oversight, the telecommunications service provider(s) then provided subscriber information about the IP addresses used to access the originating e-mail account, as well as any other e-mail accounts that were accessed from the same IP address(es). It has been reported that Google gave the FBI information about every IP address used when accessing that account Footnote 12 ;
5. The ISP associated the IP addresses with various locations, including hotels;
6. Knowing the physical locations from which the e-mails were sent, the FBI was able to obtain lists of people who were at those locations when the messages were sent through the use of administrative subpoenas Footnote 13 ;
7. One name kept appearing in guest lists during the times the messages were sent, so this individual was considered the most likely suspect; and
8. It was at this point that the FBI sought and obtained a warrant to get access to the contents of the anonymous email account.

The FBI was able to obtain the following information without having to obtain a warrant:

1. The IP address(es) from which the harassing e-mails were sent;
2. The names of the telecommunications service providers to whom those address(es) were assigned;
3. The subscriber information associated with the e-mail account used to send the e-mails, along with information about other e-mail accounts that were accessed from the same IP address(es);
4. The organizations – in this case hotels – to whom the telecommunications service provider had assigned the IP address(es); and
5. Lists of guests who were registered at those hotels at the time the emails were sent.

According to several public sources Footnote 14 , the FBI was able to obtain this information using administrative subpoenas Footnote 15 , or they may have been able to use National Security Letters, neither of which require prior independent judicial approval. Similar information could be obtained without prior independent judicial approval under previously introduced Canadian federal legislative proposals.

Summary – What this all means

As demonstrated in the above case studies, knowledge of subscriber information, such as phone numbers and IP addresses, can provide a starting point to compile a picture of an individual’s online activities, including:

• Online services for which an individual has registered;
• Personal interests, based on websites visited; and
• Organizational affiliations.

It can also provide a sense of where the individual has been physically (e.g., mapping IP addresses to hotel locations, as in the Petraeus case).

This information can be sensitive in nature in that it can be used to determine a person’s leanings, with whom they associate, and where they travel, among other things. What’s more, each of these pieces of information can be used to uncover further information about an individual.

As information technologies become more and more common in our lives, and the more they become an extension of our very selves, the more sensitive and revealing subscriber identification information becomes.

Referring to such data as being on par with what one would find in the white pages of a phone book grossly misconstrues and underestimates what can ultimately be gleaned from such information.

As such, it is truly more than just “phone book” information.

Annex A

Internet Protocol Address

An Internet Protocol (IP) address is a numerical identification and logical address that is assigned to devices participating in a computer network utilizing the Internet Protocol. Although IP addresses are stored as binary numbers, they are usually displayed in a more human-readable notation, such as 208.77.188.166. The Internet Protocol also has the task of routing data packets between networks, and IP addresses specify the locations of the source and destination nodes in the topology of the routing system.

The IP address is assigned, or leased, to an individual by an Internet service provider and is an essential element to accessing the Internet itself. IP addresses identify where data originates from and where it should be sent towards. IP addresses can either be static or dynamic. A static IP address is one that is assigned to a network-connected device that needs to have a permanently assigned address (e.g., a server, firewall or router). Alternatively, a dynamic IP address is one that is assigned to a network-connected device on a temporary basis, which is typically the case in the consumer space. It should be noted that the duration of an IP address assignment can vary from a few days to a few months, depending on a number of factors such as the size of the pool of IP addresses available to the ISP, the number of subscribers and the relative stability of the network.

Most telecommunications service providers impose limits on the amount of data a subscriber can download in a given period of time, depending on the plan that a subscriber purchases (e.g., Rogers permits 20 GB of data per month for their “Lite” Internet access package) and levy surcharges for any amounts in excess of the plan limit. In order to do this, telecommunications service providers must be able to accurately associate download traffic with a subscriber and this can be done by keeping a record of the IP address or addresses assigned to that subscriber during that time period. How long a particular Telecommunications Service Provider keeps these records depends on relevant legislative or regulatory requirements or their particular business practices. Footnote 16

E-mail Address

An e-mail address identifies an e-mail box to which e-mail messages are delivered. The general format of an e-mail address is [email protected]. It consists of two parts: the part before the @ sign is the local-part of the address and the part after the @ sign is a domain name to which the e-mail message will be sent.

The local part of the address is often the username of the recipient (jsmith). This is certainly true in the Government of Canada and in most enterprises, which typically adopt a standard convention for e-mail addresses (i.e., FirstName.LastName@).

However, the local part of the address could also be a pseudonym. Although some web-based e-mail service providers (e.g., Google’s Gmail, and Microsoft’s Hotmail) require that the subscriber enter a name, address and so on when creating an e-mail account, they do not necessarily verify that the information is real. The domain name portion of the address will reveal the user’s organizational affiliation (e.g., @priv.gc.ca) or it will identify the e-mail service provider (e.g., @rogers.com, @gmail.com).

E-mail addresses may be tied to particular accounts, or they may be general-purpose addresses. Individuals may also have more than one e-mail address, perhaps one e-mail address for a web forum, another for purchases online, and yet another for personal correspondence. In fact, this is considered good practice from a security and privacy perspective.

Local Service Provider Identifier

The Local Service Provider Identifier, sometimes referred to as Local Service Provider Identification (LSPID), is a unique number assigned to service providers so that telecommunications switch owners and service providers can enter financial relationships for the purposes of carrying traffic. The number identifies the company that ‘owns’ the account associated with the traffic. This helps to identify the subscriber using a particular service (e.g., a Rogers subscriber using a Rogers mobile phone on the AT&T network) in order to ensure that the use of the service (in this case, the AT&T network) will be billed to the proper individual.

Endnotes

Footnote 1

Parsons, Christopher, “The Anatomy of Lawful Access Phone Records”, posted to the “Technology, Thoughts and Trinkets” blog on 21 November 2011. See also: “The Issues Surrounding Subscriber Information in Bill C-30”, posted 28 February 2012.

A search based on an element of the basic subscriber information, such as phone number or e-mail address, can return financial or medical records if those records contain the search string and have been indexed by a search engine.

As more and more individuals register their own domain names (e.g., johnsmith.com), an IP address lookup in WHOIS could directly reveal the individual’s name, address, etc. – without having to go through a service provider.

The WHOIS system originated as a method that system administrators could use to look up information to contact other IP address or domain name administrators (almost like a “white pages”). For an example of the kind of information returned in response to a Whois query. See also http://whatismyipaddress.com.

A computer name is used to help identify or locate a computer on a network. Computer names need to be unique so that computers can be accurately identified for communication purposes.

There are a number of tools available for looking up IP addresses and associated information including, but not limited to, IP Lookup, IP Tools, and WHOIS,

There are two ways in which to make or edit contributions to Wikipedia. The first is to create an account and then log in to that account prior to making or editing a contribution. The other is to contribute anonymously, in which case Wikipedia logs the IP address of the computer used to access Wikipedia. For the purposes of this research, we started by selecting the “Recent Changes” link (on the left hand side of the main webpage) and then looked for entries that included IP addresses. By clicking on the IP address, we were able to see a list of contributions by that user. We then selected a user with a high level of activity. At the bottom of that page are tools such as WHOIS, traceroute and geolocate for deriving more information about that user.

There has been extensive media coverage of the Petraeus incident including but not limited to:

1. NBC News, Engel, R., “Petraeus’ biographer Paula Broadwell under FBI investigation over access to his e-mail, law enforcement officials say”, dated 9 November 2012, accessed 5 December 2012.
2. WIRED Magazine (online edition), Zetter, K., “Email Location Data Led FBI to Uncover Top Spy’s Affair”, dated 12 November 2012, accessed 5 December 2012.
3. USA Today, Leinwand Leger, D., Alcindor, Y, “Petraeus and Broadwell used common e-mail trick”, dated 13 November 2012, accessed 5 December 2012.
4. Klosowski, T., “How CIA Director David Petraeus’s Emails Were Traced (And How to Protect Yourself)”, dated 13 November 2012, accessed 5 December 2012.
5. American Civil Liberties Union (ACLU), Sogohian, C., “Surveillance and Security Lessons from the Petraeus Scandal”, dated 13 November 2012, accessed 5 December 2012.
6. BBC, “How email trail aided Petraeus case”, dated 14 November 2012, accessed 5 December 2012.
7. Sanchez, J., “Collateral damage of our surveillance state”, Reuters (US Edition), dated 15 November 2012, accessed 17 December 2012.
8. Schneier, Bruce, “E-mail security in the wake of Petraeus”, entry on Schneier on Security blog, dated 19 November 2012, accessed 17 December 2012.

See, for example, Sanchez, J., “Collateral damage of our surveillance state”, Reuters (US Edition), dated 15 November 2012, accessed 17 December 2012. See also Ambinder, M. “What the heck, FBI?”, The Week, dated 13 November 2012, accessed 17 December 2012.

USA Today, Leinwand Leger, D., Alcindor, Y, “Petraeus and Broadwell used common e-mail trick”, dated 13 November 2012, accessed 5 December 2012.

Leonard, A., “Paula Broadwell’s big mistake”, Salon, 16 November 2012, accessed 28 January 2013.

See, for example, Sanchez, J., “Collateral damage of our surveillance state”, Reuters (US Edition), dated 15 November 2012, accessed 17 December 2012. See also Ambinder, M. “What the heck, FBI?”, The Week, dated 13 November 2012, accessed 17 December 2012.

There are a number of types of “subpoenas” recognized by US law. The three most recognized are: an Administrative Subpoena (i.e. a subpoena from a government agency with the authority to issue such a process), a trial subpoena (sometimes referred to as an Administrative Law Judge subpoena), and a Grand Jury subpoena. An administrative subpoena is most likely what the FBI used to get certain preliminary information in the Petraeus case. See, for example, Rothacker, R. and Ingram, D., “Identity of second woman emerges in Petraeus’ downfall”, Reuters, 12 November 2012 (accessed 14 January 2013), which specifically quotes an unnamed US government official who stated “the FBI investigation into the emails was fairly straightforward and did not require obtaining court orders to monitor the email accounts of those involved, including the personal email account of Petraeus”. Also see Leonard, A., “Paula Broadwell’s big mistake”, Salon, 16 November 2012, accessed 14 January 2013.

Webmail providers like Google, Yahoo and Microsoft retain login records (typically for more than a year) that reveal the particular IP addresses a consumer has logged in from. See American Civil Liberties Union (ACLU), Sogohian, C., “Surveillance and Security Lessons from the Petraeus Scandal”, dated 13 November 2012, accessed 5 December 2012.

Alternate versions

• PDF (379 KB) Not tested for accessibility