I'm making this thread to help users here gain a better understanding of IP addresses. What they are, why they are useful, how they work, and what information about you is available, and to whom.
What is an IP address?
An IP address is a unique set of numbers often temporarily assigned to an individual's router through their internet provider. All home computers would then connect through the router. This means that one can have multiple PC's on a single router, all of them appearing to have identical IP addresses. This means that if you are banned from a specific website, your other computers connected to the same router are as well.
When you visit a website, your computer tells the router the location to visit. The router than sends this information on to your internet provider who then retrieves the data, and sends it back to your routers, and on to your PC.
Why must I have an IP address?
When you visit Sociopath-Community.com, you are not actually going anywhere. You are simply requesting some data from our server. You are telling your router, to tell your internet provider to download the files located at anonymous-community.com. For a simple website, they might be just HTML or Javascript files.
When you ask our server for files, our server first checks to see if you are logged in. If you are, the server will send the files, and your web browser will then open the files- thus displaying the website to you in your browser. Without an IP address, our server would not know where to send the files you have requested.
This is really no way around this. If you visit a website, that website must see SOME ip address in order to know where to send the data. This does NOT mean that our server must log or save this data-- though many do.
How does the website know if I am signed in / Authorized to access specific data?
When you first arrive at the website and login, our server website will place a couple small files within your web browser. These files contain little keys which the website can then look for each time you navigate to a new page. If the key exists, and is accurate, your web browser is verified and trusted as a user by the server. This is important because it means that it is possible for a website to identify a logged in user, and remember things about that user in a database without the need for an IP address. The user simple proves to the server that they know the credentials, and a file is then saved to the user's browser until they log out, or the file expires.
IP is required by all websites, so how can I hide myself?
It is true that all websites need to know where to send the requests data. For this reason, an IP address is necessary. The way to mask an IP address is to run your traffic through another router with a different IP address.
Let's take the example of Wormy. What could wormy have done differently? Wormy logged into Sociopath-Community.com from his computer in Port Orchard, Washington, and then admitted to the murder of his grandfather, and even posted photos.
Wormboy's first mistake was in murdering his grand father. But, he 100% incriminated himself when he posted to SC what he had done without using property digital security procedures. He typed some data into his computer, and then sent that data through his router, to his internet provider, and the internet provider forwarded it to our servers. Because Sociopath-Community.com wishes to have the ability to keep users out, IP addresses are logged. This means that in addition to a username, there is also a field in our database which documents the last ip logged in from, and also the ip used to register the account.
I do not like that we, and 99.9% of websites track IPs. The reason is because it allows for government agencies (The FBI in WormBoy's case) to convince a judge to give a search warrant. With this warrant, the investigation agency may demand from companies within it's jurisdiction relevant data on our server. So what happens is an FBI agent contacts us, and demands all information in our database pertaining to the murder. Had our database not recorded IP address, the FBI would have no possible way to make the connection between a user, and the location/identity of that user. But, because SC (and almost all modern websites) track IP, it is easy for the FBI to, through a warrant, force internet providers to provide the identities of individuals connected to a certain IP addess.
So in summary, Wormboy posts self-incriminating content. This content is sent through his router, through his internet provider, to our website. FBI agents search his computer history, find (and proves) that he posted here, pulls warrant to get data, gets data, makes the connection between data, ip address, internet provider, and user, and now has a solid case.
If Wormboy had instead used the dark web to purchase a virtual private network, he could then set up his computer to route all traffic through that VPN. For example, let us assume that Wormboy had setup a computer in Iran. He knows that American governments will have a tough time demanding data from an Iranian corporation. He also knows that the VPN is a hacked account, so it does not have his name or payment information anywhere on it.
So he sets his computer to route all information to a computer in Iran. He logs onto the VPN, and then he opens his TOR browser, and navigates to sociopath-community.com. What does SC's server see? SC sees the last server that the TOR browser used. It does not even see the Iran IP, much less the "real IP" of the user. He then admits his guilt, and even posts a photo of the murder. How much an FBI agent go about this in this situation?
The FBI agent would begin by checking WormBoy's PC. He's been smart though, and his TOR browser does not show his online activity, so he's unable to make the connection that he had been posting on SC, but let us assume so that we may continue that the investigator was able to ascertain that wormboy had in fact been posting on SC, and let us pretend that he even has an idea that wormboy admitted guilt on this website. Next, he's going to need proof.
The FBI agent goes to a judge, and presents his case, and requests a warrant. The agent explains to the judge that there has been a murder, and he has a reasonable suspicion that proof can be found by getting a warrant to access SC data. The judge is old, knows nothing about cyber security or the importance to privacy, so the judge approves the warrant.
The agent then contacts the administration of SC. He tells us there has been a murder, and that we are required to release relevant databased information about wormboy. We are forced to provide this data. The data included: username, password(encrypted), email (if entered), threads created, posts, and finally IP address.
So now that FBI agent has the data. He has posts which admit guilt. All he has to do is connect these posts to Wormboy's real identity. He checks the IP address, and finds that it's an IP address from Sweden. The agent is unable to make ANY connection because Wormboy is certainly not from Sweden, and neither is his internet provider.
But, let us continue! Let us assume that the FBI is extremely tech smart, and they are so lucky to as have had TOR nodes already setup all around Europe, and Wormboy was SO unlucky that all of his traffic passed through these FBI undercover TOR nodes. So the FBI gets the Sweden address from our data, and then is able to look at their own Tor Node, and see where that IP came from before it passed through TOR. So what does the agent see? An Iranian VPN. The tracks have run dry for our agent.
Okay, so now the agent is really in trouble. Even by having an inkling that Wormboy is the person he's investigating, and even when he finds the admission of guilt, and even with TOR hacked, the agent is unable to make the connection between Wormboy and the posts.
But Wormboy did not use an anonymous VPN, nor did he use TOR. So our FBI friend had an easy time finding him.
So I need VPN, and TOR?
No, you don't need them unless you plan on providing an authorized agency with reasonable suspicion to enable them to pull a warrant. WW3 can do nothing with your IP address besides wave it around to scare the less tech-savvy. That being said, if you want to 100% ensure your privacy, then get an anonymous VPN, and get TOR. Sign up using anonymous email (if email is required), and never share your name, date of birth, or other personal information.
Next, Ill be posting about how it is possible for a hacker to get an IP address by posting a photo hosted on another site.
