Jump to content

Why are our details being shown to the world?


KDStudios

Recommended Posts

Using this data to identify and target a specific Nexus user would be nearly impossible. I say 'nearly' because the resources required would render it a big waste of time and effort to probe these IPs en massse, given these probes are stopped by the simplest internet router or firewall. The effect would be no different than the dozens of probes that randomly hit your IP address all the time anyway.
Link to comment
Share on other sites

or you could always wear a tinfoil hat.

did you know that different styles of foil hats protect differently

 

you may need an entire collection depending upon which city you live in

 

(not to mention your ISP)

Link to comment
Share on other sites

A lot of computers have multiple IP addresses, there are some that even change everytime you restart your computer. Then theres several types of IP addresses, also if you're on a router theres a matter of hiding behind a password should a person even know your IP address. As others have mentioned if you think this is bad, what Google and manner other search tools do is FAR worse. I clear my cookies after every single time I'm done using my web browser, or everytime I leave a website that required me entering personal information or logging in. I block all cookies on sites that don't make me login. Theres plenty of ways to protect yourself on the internet. Kaspersky is quite handy as well, although it isn't free.
Link to comment
Share on other sites

Actually that isn't entirely accurate. The requirements to obtain exact user account info from the client IP depend on your particular jurisdiction and regulatory framework. Here in the US under the Patriot ACT, it actually requires very little for the FBI or DHS to track back to a particular user. The 'judicial oversight' laws have been completely gutted in the last 12 years.

 

All of that aside, unless you are using a TOR or similar anonymiser system you shouldn't expect any privacy on the net anyway.

Exposing IP is dangerous more because the risk of troll stalking of script-kid hacker willing to "make a name"... now that part about FBI and such made me laugh as if they depend on those statistics to "get their man"... or something like this I don't know how to express in your particular jargon or language.

 

You can laugh if you want, but they acutally do use IP information. Official requirements for data retention (dhcp lease/mac/user account) are not there, but unofficially in the industry you will get a heads-up from a law-enforcement agency that they want you to begin retaining records on a particular item (user account, ip, etc.). It is expected that you begin retaining for up to 90 days prior to them actually obtaining a warrant. However, that doesn't apply to DOMSEC (Department of Homeland Security). Under the real-word implementation of the Patriot Act (and all of its unintended consequences) all they have to do is state that they are investigating something that may be related to a terrorist investigation, and they get whatever data they want. They can enter a public library and request the checkout and/or search records for a patron, and the library is prohibited from even telling you they had to hand them over. Same for banking, medical, ISP, etc. DomSec doesn't need a warrant.

 

A lot of computers have multiple IP addresses, there are some that even change everytime you restart your computer. Then theres several types of IP addresses, also if you're on a router theres a matter of hiding behind a password should a person even know your IP address. As others have mentioned if you think this is bad, what Google and manner other search tools do is FAR worse. I clear my cookies after every single time I'm done using my web browser, or everytime I leave a website that required me entering personal information or logging in. I block all cookies on sites that don't make me login. Theres plenty of ways to protect yourself on the internet. Kaspersky is quite handy as well, although it isn't free.

 

That reflects a common misapprehension from end users. It is very easy (click of a couple buttons, couple additions to a user account config) to assign a 'DHCP' pool of addresses to a specific user account that will ONLY be handed out to that user account. So a user under investigation does a release/renew or reboots their modem/router and voila, they have a new IP. What they don't realize is that they now have a private pool of say 50 addresses assigned to them. They will be the ONLY account that will get assigned those addresses. So IP address rotation isn't quite as secure as it seems.

 

A number of TOR exit nodes are run by various government agencies. If using TOR you should never allow exit nodes in your ip's country of origin. Actually not entirely true, you should selectively allow exit nodes in your COO depending in your activity.

 

And what does having a password have to do with you being on a router? You seem to have at least a basic understanding of some safe internet practices, but I don't think you really understand the architecture of the internet or how ISPs actually work. And anti-virus/personal security (kapersky, etc) doesn't offer any protection against the initial concern the OP brought up.

 

Using this data to identify and target a specific Nexus user would be nearly impossible. I say 'nearly' because the resources required would render it a big waste of time and effort to probe these IPs en massse, given these probes are stopped by the simplest internet router or firewall. The effect would be no different than the dozens of probes that randomly hit your IP address all the time anyway.

 

Depends on why you are mining the data. Yes deriving a specific user back from only the nexus stats would be virtually impossible. However depending on the aggregate amount of data being mined it could certainly add to the confidence level if attempting to determine a specific target IP traffic patterns, habits, behaviors, etc. It all depends on what you want the data for. I agree that the OPs concern about being identified as themselves specifically from the web traffic stats is misplaced, but data is data. And all data tells us something if you know what questions to ask.

Link to comment
Share on other sites

All I have to say is wow. lol

 

But one question... How would wifi fit into all of this? Say users tapping in on laptops at coffee shops, restraunts, or even bars? would it actually be harder to track that person down? or would it not matter?

 

ROLF...your sig just cracked me up!

 

To answer your question, yes (IMO) it does afford some greater degree of protection. But if you are under that degree of scrutiny (or are concerned about it) then you probably already have a custom variant of TDSS rootkit on your laptop installed by some three-letter agency. :) Seriously though, if you are in a situation where you as an individual need to be tracked (in the opinion of a governmental authority) your mobile phone is the main key in most situations. They will simply request a location track history (which has nothing to do with the GPS on your phone) from your cell service provider and then hit all your frequent coffee shops/bars internet service providers with information disclosure orders and a gag letter.

 

*Edited: On that note I thought this might be an appropriate image to link!

http://wattsupwiththat.files.wordpress.com/2012/03/fat-cat-tinfoil.jpg?w=160

Link to comment
Share on other sites

  • 6 years later...

I realize this is an old thread but it is a non-issue. All webservers gather this information and all websites gather this information. It is how they manage traffic, load balancing and any number of other bandwidth related issues that affect how they operate. There are simple widgets you can install on a web page that collect things like client OS , screen resolution, browser, etc. This is old news as the practice has been in use since the early days of the Internet. What I would like to see is the folks at Nexus be more forthcoming with the IP range utilized by their servers, that way you could configure your firewall (you do have a firewall?) to only allow the IP range(s) necessary for you to be able to successfully connect to Nexus database.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...