Let's look at how this all works and why the IP address tells you pretty much nothing. • To begin with, you didn't say which IM service is being used. There are of course many possibilities including
MSN Instant Messenger, AIM, GTalk, and others. In addition, your dating site may well have implemented their own IM system - it's actually not that hard. The single biggest problem with IP addresses and most instant messaging services it this: you're connecting to the service, not to the person you're IMing. It looks more like this:
When you create an instant messaging conversation, you're not connecting to the person you're talking with at all. Instead, your instant messaging program connects to the servers that are used by the IM service. When you send an IM your message is sent to those
servers, and then from those servers sent on to whomever it is you're IM'ing.
"When you create an instant messaging conversation, you're not connecting to the person you're talking with at all."
In fact, let's look at the IP's in use when I have a conversation with an MSN Messenger user. Using TcpView during the conversation I see the following connections associated with my IM client, Trillian:
If I then use the whois lookup at arin.net to see who owns the IP addresses involved, I find:
- 216.155.193.143 - is owned by Yahoo (Trillian is configured to include my Yahoo account)
- 72.14.253.125 - is owned by Google (Trillian is configured to include my Google Talk account)
- 207.46.108.59 - is owned by Microsoft (Trillian is configured to include my MSN Instant Messanger Account)
- 207.46.108.19 - is also owned by Microsoft
- 205.188.7.148 - is owned by AOL (Trillian is configured to include my AOL Instant Messenger account)
- 64.12.165.100 - is also owned by AOL
Nowhere in there is the IP address of the party to whom I'm speaking. (To confirm, that "other party" is my wife's place of business, so I know what the IP address would be should it have been visible.) • The Exception Now it's easy to say that "most" IM clients connect you through their servers, but it's also true that some do not. In fact, some instant messaging services allow you to establish a "direct connection". I believe that AIM allows you to switch to this type of connection, and some other services such as Skype actually often operate this way natively in some configurations after the connection has been made. So let's assume, then, that using TcpView during an IM conversation you're able to capture the IP addresses used by your IM program, and one of these represents a direct connection to the person you're messaging. What can you tell from this IP address? Pretty much nothing. Still.
- They could be behind a router or proxy provided by their ISP. This means that any number of people could "appear" to use that same IP. There's no way to tell which user that is(*).
- Similarly, they could be behind a router or proxy provided by their school or place of work. Once again any number of people could "appear" to use that same IP, and there's still no way to tell which user that is(*).
- They could be behind their own router at home as I so often recommend. Any number of machines could be behind that router, and there's no way for you to tell which machine you're conversing with.
- And finally, even with the IP address of a specific machine or location, there's no way for you to tell where that machine is located(*). The best you can do is identify the ISP that's providing the internet connection to the person you're conversing with.
You need the cooperation of the ISP that provides that other person's internet connection, and that typically requires a court order or other law-enforcement involvement. So unless you can convince law-enforcement that they should get involved, even having the IP address tells you pretty much next to nothing. You simply cannot rely on an IP address to mean the same person. IP addresses could be shared, and you can't even imply that an IP address changing means that the person has changed - IP addresses could be reallocated. While you might be able to make some broad generalizations; for example if one IP resolves to an ISP in the United States, and another resolves to an ISP overseas, then perhaps it's not the same person. But then again, to someone really dedicated to hiding his or her identity, even that can be circumvented. Bottom line: don't read anything into the IP address until or unless you can involve law enforcement. It's just not a reliable enough indicator.
Tidak ada komentar:
Posting Komentar
Setelah membaca artikel di atas.
Apa komentar anda ??