Sure, there's information here. About ten percent of it might actually be true. Even that ten percent will tell you what, exactly? Not much.
My modest self can serve as an example. There is a great deal of info about me on the 'Net. People I haven't seen in years have been able to contact me that way. But they knew my real name, which gave them something to search on. Even so it's not easy, as a certain famous person has the identical name, and the first fifty pages of google hits are his. I have a number of well-known web sites which are publicly registered in my real name. But none of them link to me here. Similarly, the information I've given out here doesn't link to any of that outside stuff. A search on my novelty name will reveal only that it's not a rare one. My contact e-mail account has no genuine information attached to it, and my photos were uploaded from a dynamic ISP address. The rumor that I run a tractor repair forum won't help in a search, as it's not true. "Tractor repair" is a euphemism for another topic.
The only way information I post here can be used to identify me is if someone who knows me happens to blunder into this site. In that case, there is indeed enough information to convince him that I'm me. But that's a long way from asserting that "anybody can find out anything".
Firstly, so far as I can see nobody said
"anybody can find anything" in such an
unqualified sense as I’m sure you well understood. Also, I don’t recall anyone saying it was easy. In your typical style you’re again seeking to twist what was written for some unclear motive, or perhaps sheer contrariness.
For myself, I was talking less about casual sleuthing by idiots or wannabee stalkers than systematic attention by those who know what they want and how to obtain it. To be fair, it’s unlikely anyone on LPSG would warrant such attention, they'll fall in the 99.99% which even if ‘worked out’ would be about as interesting as finding out who reached 1000 posts this week. No offence intended to anyone in that sense.
Technology.
Technology will only get you so far, though often it will get you far enough. The way any such information is obtained is rarely about any one source. Of course, in the LPSG context it’s highly unlikely one will uncover detailed personal information from a member from any one post or posts, or casually ‘Google up’ the personal details of LPSG users as you seem to suggest. It’s about lateral thinking, persistence and, often a casual relationship with morality and the law.
Images may have embedded information about when they were created - the tool used to create or edit them, information that may even contain a name. If it’s a tool that has been registered then with access to a registration database a geographical crosscheck could be run (based on IP). This thread has shown many are blissfully unaware of the ‘invisible’ embedded information they pass around.
Email is a bit iffy, but even if you use web mail then it’s entirely likely your source IP address will be embedded. Yahoo emails certainly do. If you use Outlook for example your PC name may also be included. Armed with that and a likely IP address depending on how secure it is and how you connect extracting a surprising amount of information from it is pretty straightforward.
Never mind that anything sent by unencrypted email is about as private as a postcard.
You post from a dynamic IP? Well, firstly if your address lease is 24hrs which is pretty typical and you connect again at least once within that period, you
may keep that IP for days or weeks. But either way it gives away your ISP and depending on your ISP DHCP management setup, network topology etc with a little digging this should turn up a location.
This will almost certainly be at city level which may or may not be much use of course, but knowing a little about the way the ISP is structured physically or logically may well allow a more precise location down to the Rack/POP/Frame level.
You may even narrow it down to cabinet (street) level. Blueyonder in the UK used to do this. Naturally, ISP’s don’t generally publish this information but it’s often available nonetheless. Even a simple tool like tracert can be useful in getting a
general location.
Of course there are whole raft of issues that can cloud the accuracy of this, proxy servers, ISP’s who by using gateways make it appear all their users live where they don’t, long distance dial up, firewall configuration etc but there are ways around most of these, although they may require detailed packet analysis. Naturally, if a packet can get from A to B, then A and B can be determined.
Here’s a simple example. Of course if it can be done legally…..There’s no ‘rocket science’ involved here.
eTECHnews: Internet Anonymity Compromised Through IP Address Tracking
There are whole raft of RFCs dealing with this issue, if anyone is interested have a look at 2050 and 4886 (which deals with IPv6).
http://www.ietf.org/rfc/rfc2050.txt
http://www.ietf.org/rfc/rfc4882.txt
Even with a dynamic IP, it takes a few seconds to scan a range for which ones were active when "joe bloggs was". Digging a little deeper, if one had access to ISP DHCP logs (a buddy who worked for them perhaps) then a userid and account details are a step away.
Alternatively, if one could gain access to the appropriate routers, switches (after all, many are woefully insecure) or cable runs any decent protocol analyser would capture your login authentication, and pretty much anything else you did online.
Much authentication is clear text and PAP/CHAP authentication is hardly unburstable. Although CHAP or NTLM won’t get you a password as such, neither. If that’s what you’re after a session replay may enable you to get it later. VPN traffic is pretty secure for the most part too, but how many use a VPN to post on say LPSG? The simple, open designs of IP and Ethernet are their strengths and weaknesses.
Read “
Session Based Logging (SBL) for IP-Traceback on
Network Forensics” by Omer Demir, Ping Ji and Jinwoo Kim.
I’m sure it’s online somewhere. It’s pretty light but interesting enough.
As one might imagine, there is no shortage of sites willing to help those budding Dick Tracey’s in this regard. Abika is just one.
Trace IP Address, Find IP address, IP Address tracing, Search IP Address, Map IP Address
What’s said there contains a fair amount of smoke and mirrors, it is a commercial site after all, but it's far from Holywood either. There are oodles of tools out there that can do amazing things, so they would have you believe but while these are aimed largely at script kiddies and the gullible the basis on which they work is essentially sound.
I do this kind of stuff for a living, well I used to and have done so for years and have some experience in the field. I have traced the odd ‘hacker’ using a combination of the things mentioned above. I've no idea of or interest in what happened to them, I just handed over the details to the authorities or those that asked for it. Back in the early days though, I used to have fun backtracking some dumb script kiddie and send them a nice message, lock up or crash their PC or some such thing. It releived the boredom.
People.
Tracking folk is not really my area of expertise, and I have no interest in but for those so motivated but without technology skills or where IT led nowhere; this is where most clues are found. I agree in the context of LPSG this is amateur stuff and not really germane to the wider issue of privacy. The thing is, for the most part people are careless with personal information, usually without realising it. As BD said, they will lie about many things, certainly exaggerate, well, given this forum that’s a given but that’s not that sort of information that’s of use.
Unless they are
consciously seeking to hide or fabricate
all they post they
tend not to lie about the casual “
I live 5 Min walk from XXX”,
"I eat at XXX which is a few streets away",
"I use XXX phone/network",
"I work in XXX field" or spread over a few posts -
"I drive a XXX, I drive to work, I use XXX road every day" (which road happens to have a junction with a live traffic cam – with sufficient resolution to read number plates). DMV records are hardly secure after all.
Sure, it sounds rather Sandra Bullock but I'd wager there are some sad folk out there with nothing better to do than stand at a busy junction noting license plates of blue cameros, or hang round Fredo's pizzeria with an eye out for suspiciously large bulges, or the latest Motorola timewarp. Or, better, the cash to pay some other poor sap to do it for them.
People may post elsewhere; more clues may be found in those other environments where, perhaps a perceived need for anonymity is reduced. People leave a trail of electronic breadcrumbs that can be easy to follow, perhaps all the way to their front door.
In a nutshell; people give away far more information than they realise. It may come in tiny fragments, no single piece may mean much on its own, but like a jigsaw, get enough such fragments and the bigger picture becomes clearer.
It’s seldom easy; because most information worth finding out isn’t that easily obtained. It’s highly unlikely any one piece of information is enough but put together they narrow the field. All it takes is time, motivation, a degree of intelligence and the right resources (which may be other people or tools etc).
Naturally, most people don’t have the motivation, never mind the skill or time to do it, so as BD says it’s a non issue. If they do, you can run..