Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Piracy Privacy The Courts The Internet Your Rights Online

IP Addresses Not Enough To ID Users 266

phaedrus5001, with his first accepted story, points out an article at Ars Technica from which he's excerpted a chunk relevant to nearly anyone with an internet connection: "A file-sharing lawyer admitted this week that IP addresses don't by themselves identify someone accused of sharing copyrighted material online. To figure out who actually shared the pornographic movie at the center of the case, lawyer Brett Gibbs of Steele Hansmeier LLC told the judge (PDF) he would need to search every computer in the subscriber's household."
This discussion has been archived. No new comments can be posted.

IP Addresses Not Enough To ID Users

Comments Filter:
  • by Anonymous Coward on Thursday September 08, 2011 @02:04PM (#37342802)

    Does it really matter? Do we need to know every time it's someone's first accepted story? I know I get a good feeling deep down in my heart to know that phaedrus5001 has finally found acceptance...

    • Would you prefer the constants whines from people complaining that slashdot was/is in cahoots with the likes of Roland Piquepaille, and the only way to get a story submitted is to be a member of that club?

      Because I remember plenty of those posts back when Roland was alive and submitting. Now I see complaints like yours, which seem to be the exact opposite.

      Accept that most people aren't going to be happy no matter what, and agree to overlook a few words that cost you a few precious digital bits.

  • In the case of an open Wifi hotspot would it also mean all the neighbors in range too?
    (I bet they'd probably just stick the owner of the router with the bill)

    • by tepples ( 727027 )

      I bet they'd probably just stick the owner of the router with the bill

      Using a theory of contributory and/or vicarious infringement, I suppose.

    • Or, if they did the offending P2P at a coffee shop, or other business.

      Yes, I know - I'm fairly sure that most of those establishments would vigorously fight back against an **AA lawyer trying to shut down every computer in the establishment for a fishing expedition, nor would the **AA want to even try in most cases (esp. if we're talking about a national chain that may have a bigger/better legal department). So, if corporations should be allowed to avoid having all the computers on their site ripped into/co

  • Sadly, I don't expect this will end anywhere good. I expect RIAA enforcement to suddenly extend to 'all computer equipment on the premise' and more draconian identifying methods by ISPs.
    • Re:Bad news bears. (Score:5, Interesting)

      by gstoddart ( 321705 ) on Thursday September 08, 2011 @02:16PM (#37343014) Homepage

      Sadly, I don't expect this will end anywhere good. I expect RIAA enforcement to suddenly extend to 'all computer equipment on the premise' and more draconian identifying methods by ISPs.

      Or, we can hope, sanity will prevail and it will more or less come down to "you don't have enough information to tell us who to look for, and you can't just go on a fishing expedition to look for computers that might be the one you think it is".

      This is mostly about someone using information which the rest of us have always known was insufficient, using that to get far enough to identify someone, and then deciding they need to look at any computer within a 5 mile radius just in case it was them.

      Their "evidence" gets weaker every time they try to say "we need to look at more because the last one wasn't enough". They're also at the discovery phase, which basically means they don't have enough evidence to know if they should be proceeding.

      And, unless someone makes it illegal to have an open wifi, you can't go around saying that there is any contributory negligence or anything like that.

      • The **AA reality distortion field is apparently even stronger than Apple's.

        Hollywood can't bear to have someone copy Revenge of the Nerds 3. So they get as far as "We got this IP Address down to one household - but we don't know who in the household did it."

        The solution is of course - "confiscate all equipment in the household!"

        Or, we can hope, sanity will prevail...

        The Unholy Trinity of Prophetic Manuals is becoming 1984, Animal Farm, and Brave New World. Bonus Reading Fahrenheit 451.

      • So what you're saying is that anybody should be able to get away with anything so long as they commit it with a computer, and you present that as sanity? After all, how are the circumstances different if we're talking about copyright infringement instead of hacking websites, stealing credit cards and committing credit card fraud, planning a murder, etc? The evidence is an IP address. Just don't live alone and you're golden. Investigators won't have enough evidence to bring a case and "sanity" dictates t

    • by Anrego ( 830717 ) *

      and more draconian identifying methods by ISPs.

      Maybe this is what will finally get us to IPv6.

      Not running out of IPv4 space.. not logic.. but the ability to identify traffic as coming from a specific computer vice "it came from that network". (yes I know there is IPv6 NAT.. but we are talking about the masses).

      • by msauve ( 701917 )
        Then all that will be needed is an OS and hardware which changes IPv6 addresses based on dynamic fingerprint recognition. Just as an IP address doesn't uniquely ID a user, tracking to an individual computer doesn't, either (not even based on who's logged in, since anyone could conceivably walk up and take control).
      • by RoLi ( 141856 )
        Maybe this is what will finally get us to IPv6.

        Because of the incompatibility of the addresses, it seems that the IPv6 transition will be delayed forever [in-other-news.com].
      • Not running out of IPv4 space.. not logic.. but the ability to identify traffic as coming from a specific computer vice "it came from that network". (yes I know there is IPv6 NAT.. but we are talking about the masses).

        I suspect you're going to be disappointed there, because an IPv6 address doesn't actually identify anything either. The only reason that you can even connect an IPv4 address to an account holder is that the ISP keeps records and people have been willing to assume that those records are accurate. With IPv6, the ISP will allocate a block of address to each account holder and the account holder will use them for their devices. The ISP won't have any idea which address allocated to the account holder was used f

      • Then they will have to make IPv6 NATs illegal, too.

        ISPs charge extra for more than one IP so anybody who has more than one device (PC, Tablet, TV, Smartphone, etc) will enable a NAT in their crappy router.

        This whole "gotta do anything to get all possible profit for media" is getting out of hand.
        But since people are OK with the TSA hand literally up their asses they won't mind having different hand on their wallets, too.

      • by sjames ( 1099 )

        Who needs NAT? Autoconfiguration is just a standard way to pick a non-conflicting address, but since ARP is still part of the spec, you can choose any other as well so long as all other machines on that subnet agree to respect the same standard.

        Alternative standards exist already, including choosing a random address and sending out probe ARPs to see if it conflicts.

        So while only one machine at a time can have a particular IPv6 address, any computer on the subnet could have been that one if you so choose.


    • Time to start intentionally P2P'ing movies and music at every Starbucks, Airport, McDonalds, Bookstore, and damned near every other business you can think of (with preference towards national chains, of course).

      Let's see 'em try to shut one of those sites down...

      • I've been doing all my P2P'ing in those places already. No point in having it traced back to my network.

    • yeah, and then they'll learn about hacking wireless, and extend it to all computers in the neighborhood.

      Then you'll have your computer taken because little Timmy down the street was streaming the Brittany's latest trash-pop hit "skankin it down", or some other media that should probably require legal action against the producer...

  • Search them all (Score:5, Insightful)

    by Dyinobal ( 1427207 ) on Thursday September 08, 2011 @02:11PM (#37342920)
    So what if they search all the computers in the house hold it doesn't prove who was sitting at the computer when the actual sharing was done. Most house holds have at least one computer that everyone uses at some point.
    • by FellowConspirator ( 882908 ) on Thursday September 08, 2011 @02:36PM (#37343314)

      Just because the computer in question shared a file doesn't mean anyone in the house did it or was even aware of it. For that matter, there are trojans and viruses more than capable of establishing a personal computer as a file-sharing node without the knowledge of the owner / operator. The person at fault is the person that intentionally caused the content to be shared, not the computer owner or operator(s).

      • You are right of course, BUT

        Are you suggesting you want a MAFIAA representative knocking on your door every month for a mandatory home network security audit, paid for using your tax dollars? Because that is the next logical step for these bastards if the courts take your approach.

        • by sjames ( 1099 )

          I'd absolutely love to see them try! They might finally run across the well deserved Winchester Constitutional defense.

      • Claiming that a trojan unwillingly downloaded copyrighted content on your hard disk and seeded it via bit torrent is a weak defense.

        If you want to claim that such a trojan exists, you better prove that it was on the system.

        • And if spybot, avg, malwarebytes, or windows defender got rid of it?

          • Well you can look at the log records to see.

            Claiming that a trojan is responsible for such an activity is highly implausible, so you would need evidence to support your argument.

            If you are accused of sending spam or getting porn pop ups, then it would be a plausible explanation because that is what trojans normally do.

    • What if they raid the premises search every computer on the network and in the network range and can't find the file because the drive has been wiped or otherwise disabled? Taking someone's computer for a fishing expedition is like taking my car to look for special dirt from a special parking lot in a special location where a bike was stolen and perhaps my vehicle was seen on a red light cam within the same week. It's all the same ridiculous speculation and a violation of your personal rights in favor of
  • Is it that difficult to hide a netbook connected to a USB HDD under a fake panel in your cupborad or something?

    Set up password protected access, download on that netbook and stream to watch

    • OH NO!

      You just told the MAFIIA where to find it.

    • by lucm ( 889690 )

      Now we know where to find the good stuff in your home

      • Fortunately my country has much bigger problems to deal with than people downloading movies

        • Unfortunately surely?

          It'd be great if that was the biggest problem a country faced after all.

          • Most of the issues are really unresolvable.. esp. with us being a "representative democracy"

            Add to that the fact that internet penetration is terrible and terribly expensive, those with internet connections can do whatever they want.. noone cares

    • Oh please. We all know you have the NAS built into the AC duct so it is hidden and cool at the same time.

    • by Anrego ( 830717 ) *

      Ventilation might be an issue.. also you'd have to tailor your desktop such that it doesn't leave any logs/history of the connection (assuming they would go that far).

  • He'd have to search:

    • Every computer currently in the house.
    • Every computer that might have been in the house previously; e.g. old computers that were replaced in the meanwhile, as well as every computer of someone visiting the house (like a friend with a laptop).
    • Every computer that might have connected to the network via WiFi if the wireless router was ever publicly open, compromised, or had its password shared.
    • Every computer that might have been using the house's computers as proxies, whether by intent of
    • And the "cloud", don't forget the "cloud". He'd have to search there. Hopefully without a parachute.

  • Last time i checked. there really isn't any way to guarantee that i am the one who used my computer.
    • by Kenja ( 541830 )
      Doesn't need to guarantee, just needs to be enough to convince a jury. The "it wasn't me browsing Pirate Bay, it was the one armed man!" defense wont work too well I think.
    • by rastos1 ( 601318 )

      Last time i checked. there really isn't any way to guarantee that i am the one who used my computer.

      You might not be the one who used the computer. But your signature is on the contract with the clause saying that you are responsible for the connection usage. At least that's usually what ISP claims.

      • by jank1887 ( 815982 ) on Thursday September 08, 2011 @02:44PM (#37343410)

        and that means that within the contractual arrangement with the ISP, they are able to hold me responsible for things that happen on my connection. They can ask me to pay when there are costs as a result. They can disconnect the connection at my expense if nefarious things happen over it.

        But that contract has nothing to do with my legal liability with a 3rd party. If the 3rd party sues the ISP, and the ISP, through my contractual relationship, holds me responsible, that's one thing. But that's not what they are doing. If they're going to try to prove that I'm legally liable for what they think went on, for damages they think I did to them, they're going to have to show enough proof of that.

    • I would mod you up "Insightful", but I need to write a reply. Sorry.

      It could be argued that you are a bit responsible for what your computer does. If it's a shared computer, you must control who can use it and for what. Is a weak argument, of course, but it applies to other stuff, like a car.

      • by betterunixthanunix ( 980855 ) on Thursday September 08, 2011 @02:39PM (#37343350)

        It could be argued that you are a bit responsible for what your computer does

        Except that computers connected to the Internet are sometimes taken over by malware that causes the computers to do things outside of the control of their owners. There was a case a while back where a guy was accused of downloading child pornography, and it was discovered that it was actually malware that did the downloading. Is it really that far-fetched to think that some hacker who wants to download music without getting sued would use a botnet to hide his activities?

        • by laird ( 2705 )

          Keep in mind that ISPs cannot identify which computer did anything, just what external IP address did. Since pretty much everyone on broadband runs NAT and WiFi, anyone in or near the house can be behind your IP address. Is the person who pays for a broadband connection responsible for the actions of (for example) a neighbor who freeloads on their WiFi? (Keeping in mind that wireless security is far from perfect, and your neighbor has plenty of time to crack your security).

        • I thought about malware attacks. That's why I said it was a weak point. I was thinking of the common shared machine scenario.

          Is it really that far-fetched to think that some hacker who wants to download music without getting sued would use a botnet to hide his activities?

          I interact with a lot of people, from all walks of life, and not a single one of them got their music libraries from botnets. They either bought them or got dirty using Napster, then eMule, then BitTorrent, and finally Megaupload. So, unless it gets as highly criminalized as CP, I rather say yeah, it is far-fetched.

    • by gl4ss ( 559668 )

      that's why the basic approach by "them" (riaa, "cyber" police etc) is to get you to confess - it's much easier for them if they don't even know what you did than to try to prove things. that's what the justice systems work with, confessions.

      if you're in a police questioning - READ VERY CAREFULLY what they put on the slip of paper that's representing what was admitted and what was not in the questioning, the courts will use that and ignore you in court. especially if they don't even know what they're questi

  • Can lead to mandatory software required for internet access, with logging of all communication

  • by Anonymous Coward

    Before you can surf the web, you have to log in with your social insurance number and an ISP password. Once that's done, your ISP will allow your traffic. Time to authenticate individual users.

    Don't want to do this? NO INTERNET FOR YOU!

    Sent from EXXON-Mobil MGM Coca-Cola iPad

    • Right, because identity theft is completely impossible and no one has ever done it before. Especially not a criminal who knows they're going to commit a criminal act and wants to hide their identity.

  • Considering a large % of people on slashdot, me included, have stuffed computers into everything except the pancake mix, and I could be wrong about that, those pricks better have a lot of time on their hands.

    • indeed, bricks of cocaine and wrapping paper with blue packing tape work much better for packing in a PC than pancake mix bags. no one will ever think to look in those.
  • by dcavanaugh ( 248349 ) on Thursday September 08, 2011 @03:40PM (#37344138) Homepage

    Although this is won't work with DSL because of PPOE login, with a cable modem your IP address is not proof of anything.

    Why? DHCP is not the only game in town. On many networks, you can take a DHCP-assigned address and determine the appropriate subnet mask, default route, and DNS server. But nothing really stops you from manually overriding the IP address, as long as you choose one in the same subnet that happens to be unused at the moment. The ISP can make this a little more difficult by remembering the MAC address associated with each address, but there are workarounds for that too.

    I became aware of this when my cable modem stopped working and the support technician discovered that my IP address was in use from someplace other than my house. In those days, all addressing was static. Some other customer had inadvertently (or deliberately) assumed my IP address. The tech gave me a new address assignment and everything worked. So whoever hijacked my IP address left the audit trail pointing to ME. The hijacker was (from an IP address perspective) invisible.

    • by sconeu ( 64226 )

      And if I put a wireless router on my LAN behind the PPPoE login?

      Back to square 1.

  • About time that someone has some common sense in the judicial system. I have very rarely heard judges having this much common sense when it comes to computer technology. I am glad now that we can at least make a small step forward in judicial cyber hearings.

  • We need to keep logs of our DHCP servers for 6 months (which is about twice as long as it takes for a DMCA notice to find its way to us).

  • 1) Go into an apple store and download porn using their free wi-fi. You don’t need to keep you laptop open, or anything. You can use the hour or so it takes for your genius bar appointment.

    2) Use the free wi-fi at a Starbucks; might be a bit slow.

    3) Use the free wi-fi from any hotel parking lot. You might have to ask the clerk for the password, or maybe a housekeeper.

    4) Use the unprotected wi-fi in your neighborhood. There are usually several. I recommend checking out senior housing. Sometimes a resid

  • As ipv4 increasingly runs out, and more people find themselves natted behind a single address shared with hundreds of others, the harder it becomes to track down individuals...

  • Even the wifi tablets? the netbooks? the laptops? the wifi cell phones?
    What if they are encrypted?
    What if they use removable storage (SDHC)?
    What if the device ain't home?
    The legal system is out of touch with reality.

  • And you are responsible for all activities on your account.

  • Sounds like they are trying to get a wholesale warrant to search anything they want, just to due suspicion reported by almost anyone.

    Even if they had to have 'evidence', that is easy since so many people have WIFI now.

Karl's version of Parkinson's Law: Work expands to exceed the time alloted it.