Archive for Monday, May 20, 2002

World Online Exclusive: Spinning the Web - You can run but you can’t hide

May 20, 2002


Generally speaking, I'm of the opinion that privacy is pretty good and that anonymity is pretty lousy when it comes to the Internet. That is to say that who I am, where I am, what I read and where I surf is nobody's business but mine. But what I can do under a cloak of secrecy, that affects other people, is and should be, limited.

The distinction between privacy and anonymity online can be pretty fuzzy. You probably know, or suspect, that you have less true anonymity when you get online than it might appear that you do at first glance.

To discuss this and other Spinning the Web columns, visit the Spinning the Web ForumTo read past Spinning the Web columns, visit the Spinning the Web Archive

Without getting into technical nomenclature that (a) hardcore geeks would rat me out for explaining incorrectly and (b) tends to get pretty confusing pretty darn quickly, let me briefly explain just a little bit about IP (Internet protocol) numbers and host names.

Every machine on the Internet has an IP number, a unique identifier that could in some instances be spoofed but which in most cases is reliable. Machines that do things like host multiple Web sites, or multiple services such as e-mail servers and news servers might have more than one IP number associated with them.

Host names like "" or "" are essentially aliases for some IP number on some machine. When you tell a Web browser you want to go to some Web site, your service provider has a name server that looks up the IP number for you.

Every time you interact with a Web site, requesting pages, posting to message boards, etc., you leave virtual footprints. Your machine's host name or IP number is logged as part of the request the Web server responded to.

On one of my Web sites I operate a message board. The software I use logs IP information as part of every message posted. As a matter of privacy, I don't allow this to be displayed as part of the message or on the message index publicly. On the administrative pages that only I see, I have it displayed.

Because the board is an open forum that doesn't require registration or usernames and passwords for participation, about the only thing I can do to restrict access when the social order begins to break down is to ban or restrict based upon IP number.

This can be problematic, especially since many numbers belong to large dial-up service providers that randomly assign them to their customers for the duration of a single dial-up session. If I block the number, it's uncertain that the same miscreant will even be using that number on the next visit and I could be blocking another individual using the same ISP at a later date. If I block a pool of numbers from which the IP was assigned, I may be blocking all or a portion of an ISP's customers.

This is where "WHOIS" comes into play. Let's say I've had some troll wreaking havoc on my board and I have a half dozen offending messages from the same IP number. Let's say it's Logged into the Unix interface, from the command line typing "whois" reveals that this IP number does belong to an ISP and could be randomly assigned.

It's a really big ISP with cable modems and experience has shown me that their numbers tend to stay assigned to an individual machine for long periods so I will remove the messages and ban the IP number, but the fun doesn't stop there.

Now that I know what ISP administers the IP number, I make a visit to their Web site and look up the customer user agreement or acceptable use policy. I find chapter and verse for the precise violation the user has committed and then scour the ISP's contact information for the correct e-mail address to which they want reports of abuse by their customers directed and send them the IP number, the precise time the messages were posted and the specific violation of their terms of service their customer has perpetrated.

When the IP number does not belong to an ISP but to some company or organization, more often than not it's assigned to a specific workstation on their local network. I recently had to send similar e-mail to the administrators of a major publishing empire based in New York about the behavior of someone using one of their IP numbers.

Sometimes this form of WHOIS result will give me inadequate contact information for an administrating authority and I'll have to take a company name to the Web-based WHOIS lookup at the domain registries.

Network Solutions is still the big player in domain registry and as such there's a pretty good chance that a visit to will turn up some information. If not, there are WHOIS search tools that query multiple registries, like where a search for "" revealed the surprising fact that the administrative contact is

Often in my work I have to locate publicists for musicians. You might imagine that people whose duties specifically entail dealing with the media on behalf of recording artists would have found it useful to make themselves easy for the press to identify and contact. You would be wrong.

There have been numerous times when calling the phone number of the administrative contact for the band's domain name has been the only available first step toward ultimately locating the person I need to speak with. Looking for Celine Dion's people? You won't find a phone number anywhere on Sony Music Canada ( but low and behold, by looking up "" in the WHOIS registry I'm off and running. You can run Celine, but you can't hide.

Commenting has been disabled for this item.