IP Address

De La Quadrature du Net

The Basics Of IP Address[modifier]

Explained by wikipedia[modifier]

"An Internet Protocol (IP) address is a numerical identification (logical address) that is assigned to devices participating in a computer network utilizing the Internet Protocol for communication between its nodes.[1] Although IP addresses are stored as binary numbers, they are usually displayed in human-readable notations,such as 208.77.188.166 (for IPv4), and 2001:db8:0:1234:0:567:1:1 (for IPv6). The role of the IP address has been characterized as follows: "A name indicates what we seek. An address indicates where it is. A route indicates how to get there."

http://en.wikipedia.org/wiki/IP_address http://en.wikipedia.org/wiki/Private_network

Explained By Google[modifier]

A video announces that google won't log ip address more than 9 months, for better privacy.

It was a claim from europeans National Data Privacy Organisations.

http://fr.youtube.com/watch?v=XuJ_E83_0c

Explained By The CNIL (French Data Protection Authority)[modifier]

"IP address is a private data for all the Europeans Data Protection Authority"

http://www.cnil.fr/index.php?id=2244

Anonymous on the Internet? Don't be so sure...[modifier]

Demonstration By The CNIL: Your route on this site.

http://cniljunior.com/index.php?id=208

Is The IP Address Still A Personal Data In France? (Digital Civil Rights in Europe)[modifier]

"Although the answer to this question may be obvious not only in France, but also in Europe, two decisions from the Paris Appeal Court may well change this established understanding.

The decisions, respectively published on 27 April and 15 May 2007, concern individuals to the SCPP (a French collecting society of recording companies), in two cases of music counterfeit using P2P networks. The two appeal procedures included both civil and penal actions and were initiated in the former case by the individual and the public prosecutor and in the latter by the SCPP and the public prosecutor as well. In addition to the first instance decisions made on the counterfeit claims, the Paris Appeal Court had to decide on the conformity of the first instance procedures regarding the collection of IP addresses on the P2P network. In both cases, the individuals claimed that this collection should have been subject to prior authorization by the CNIL (French Data Protection Authority), and consequently concluded to the nullity of the procedure."

http://www.edri.org/edrigram/number5.17/ip-personal-data-fr

Are IP addresses personal data ? by ISO (French Internet Society)[modifier]

"3. Are IP addresses personal data ?

Yes according to the Art.29 Data Protection Working Party. It is a council of all the privacy commissioners across the EU. As it is possible to match an IP address to an internet user at any given moment through the ISPs, the IP address indirectly identifies an individual as a phone number, a social security number or a car registration plate would."

"5. Why should it matter to me ?

You use the internet every day for a growing number of uses. Your IP address appears in all your communications, when you browse through a website, when you send an email, when you buy a book online… A lot of people can collect it and use it for a lot of purposes, to store them because the law forces them to or to analyse it for a marketing campaign.

This type of profiling is all the more effective when your address is static. It is more and more often the case today with IPv4 addresses and it will be the case tomorrow with IPv6 ones. What are the implications ?

5.1. Tomorrow your use of peer-to-peer networks could be tracked without you knowing. Representatives of French artists and producers have set up automatic systems to monitor peer-to-peer networks, and collect, amongst other things, users IP addresses. However such systems had first to be authorised by the CNIL which set boundaries to prevent an arbitrary and all out monitoring system.

5.2. Tomorrow marketers could know what you’re doing on the Internet. When you connect to a website, when you make a query in a search engine, the tracks that you leave behind can be used to profile you. It is a good thing if it aims to provide you with a better service, not so much if it aims to pervert this knowledge to try and sell you all sorts of things."

http://www.isoc.fr/are-ip-addresses-personal-data-article0058.html

IPv6, The New IP[modifier]

IPV4 the actual has a limite of 4 billion addresses. A new IPV6 adds significatively the potential number of IP Address.

http://en.wikipedia.org/wiki/IPv6

But this can brings more privacy problems that these french paper explains.

Les risques majeurs de IPv6 pour la protection des données à caractère personnel

"Because the globally unique MAC addresses offer an opportunity to track user equipment, and so users, across time and IPv6 address changes, RFC 3041 was developed to reduce the prospect of user identity being permanently tied to an IPv6 address, thus restoring some of the possibilities of anonymity existing at IPv4. RFC 3041 specifies a mechanism by which time-varying random bit strings can be used as interface circuit identifiers, replacing unchanging and traceable MAC addresses."

[http://tools.ietf.org/html/rfc3041 Privacy Extensions for Stateless Address Autoconfiguration in IPv6 ]

The Limits Of IP Address[modifier]

What is an IP address?[modifier]

"At one time ISPs issued one IP address to each user. These are called static IP addresses. Because there is a limited number of IP addresses and with increased usage of the internet ISPs now issue IP addresses in a dynamic fashion out of a pool of IP addresses (Using DHCP). These are referred to as dynamic IP addresses. This also limits the ability of the user to host websites, mail servers, ftp servers, etc. In addition to users connecting to the internet, with virtual hosting, a single machine can act like multiple machines (with multiple domain names and IP addresses)."

This talks about identification of user, but should talk about identification of connexion. It means that a connection identify the user. It does not ! It identifies a connection of a computer... supposed to be owned by a user,... supposed to be exclusively used by this owner.

Here is a common mistake, by simplification of complex things.

http://whatismyipaddress.com/

Fake IP address on internet. How?[modifier]

Yet solutions to by pass tracability of connection, usable by a kid, are flooding the internet. Tomorow even hiden, the solutions still be there, probably more efficient and too complex to be stopped.

http://www.dslreports.com/forum/r19106555-Fake-IP-address-on-internet-How

I Need To Hide My IP Address! - How To Get A Fake IP Address[modifier]

"Are you concerned about the safety and privacy of your computer and personal details? Would you like to Hide Your IP address from other websites and remain completely anonymous?"

http://www.squidoo.com/hideipaddress

Hide My IP 2008[modifier]

"Did you know your IP address is exposed every time you visit a website? Your IP address is your online identity and could be used by hackers to break into your computer, steal personal information, or commit other crimes against you. Hide My IP allows you to surf anonymously, change your IP address, prevent identity theft, and guard against hacker intrusions, all with the click of a button."

http://www.hide-my-ip.com/?id=3247

Finding the IP Address of An Email Sender[modifier]

"Note that many spammers send their emails directly rather than through Internet email servers. In these cases, all "Received: from" header lines except the first one will be faked. The first "Received: from" header line, then, will contain the sender's true IP address in this scenario."

http://compnetworking.about.com/od/workingwithipaddresses/qt/ipaddressemail.htm

Encryption, Now More than Ever[modifier]

There is clearly concern that an individual's right to privacy is being steadily eroded by governments responsible for protecting citizens and by multi-national corporations, whose tremendous power and influence over political and legislative processes has become a given.

http://www.guardianedge.com/news/in-the-news/june-27-2007.php

The Pirate Bay Wants to Encrypt the Entire Internet[modifier]

"The team behind the popular torrent site The Pirate Bay has started to work on a new encryption technology that could potentially protect all Internet traffic from prying eyes. The project, which is still in its initial stages, goes by the name “Transparent end-to-end encryption for the Internets,” or IPETEE for short. It tackles encryption not on the application level, but on the network level, the aim being that all data exchanged on your PC would be encrypted, regardless of its nature — be it a web browser streaming video files or an instant messaging client. As Pirate Bay co-founder Fredrik Neij (a.k.a. Tiamo) told me, “Even applications that don’t supporting encryption will be encrypted where possible.”"

http://newteevee.com/2008/07/09/the-pirate-bay-wants-to-encrypt-the-entire-internet/

Encrypted Data Privacy[modifier]

Some examples :


Conclusion[modifier]

Whereas IP Address can trace honnest average users, this identification can be faked, and in no case can be used to trace with no doubt, any user.

Trace any connection from original user to destination, even by provider, implies to identify and trace individually every user, for every use.

A country where Democracy and Individual Freedom makes sense should defend citizens from such Dictatorial Mesures.

At the end these mesures will carry no effect to the claimed aims, cause real piracy will still fake the connection, as it always faked any web site in the world, even the most securized ones.

The result will be worst :

  • no basic privacy for the user, average users can't have any privacy
  • log and trace users, and every use, will be the law, and users will pay for that
  • a new business model, legal or not, for data protection
  • only rich people, organisations, or even hackers can protect theirs datas
  • and the real piracy goes on

See also Doctrine_adresse_IP