Stephen Hill's website
Printed from: srhill.info
My IP address has been compromised?
Well, that's what the phone call said anyway. Apparently, it had been compromised in California, which was rather impressive given the fact that I live in rural Lincolnshire.
I suspect that the call would have gone on to ask for details of my bank account or would have asked me to press a button on my phone to connect to an expensive long distance phone number, but I've no idea, as I hung up immediately.
And OK, maybe I did do a bit of Googling to confirm that it wasn't a problem, like scanning frantically for a tooth-fairy when a filling falls out, but I accept that that was just paranoia.
IP addresses are just identifiers like a telephone number or a house name. They're generally assigned by your Internet provider when you connect, and they're used as a way of locating your phone or computer so that an email account or a web page can send you stuff.
Whenever you visit a web page, you enter the address into your browser, and the browser goes onto the Internet and converts that into the IP address of the web page's server.It then sends a message to the server to the effect of:- "Hi, I'm Firefox and I live at IP address 100.10.254.1. Send me some stuff!"
- If the server can find the stuff and it is happy to provide it to you, it sends your IP address some header text, which indicates that the request was successful and provides information about the type of stuff that's being sent, the date the stuff was created, and the size of the stuff in characters. It then transmits the content.
- If the content doesn't exist, or you're not permitted to view it, the server sends your IP address a message to indicate that the request has failed, such as "HTTP/1.1 404 Not Found", and that's the source of the "404" errors that you'll see if a web page isn't available.
Interestingly enough, the server also records the entire transaction in something known as a "Server log". This means that everything that you ask for and everywhere you visit is recorded somewhere on the web, irrespective of whether you're allowing the sites to save cookies on your machine.
Cookies are just text files that are downloaded onto you computer when you visit a web site. They're used to identify your computer the next time you visit, so that the site can remember what you were viewing or the things that you were considering buying. Your IP address isn't enough, because IP addresses are assigned by your service provider and they can change when you end your current browsing session.
Your service provider will almost certainly keep a log of the IP address that you've been assigned whenever you've connected to the Internet and the sites that you have been visiting, so anyone with access to that information will be able discover your entire browsing history. The only way to gain any kind of real anonymity is to use a "Virtual Private Network" or VPN.
A VPN works like a waiter, noting your requests and passing them to the kitchen staff before returning with your food. You connect to the VPN, ask it to get your stuff from a particular website, and it connects to the site, grabs the stuff, and passes it back to your own IP address. The websites' server logs will only store the IP address of the VPN, as the site has never received a request from your personal IP address. Similarly, your service provider can only record the fact that you've visited the VPN, although it'll still be able to log any information that you've downloaded.
As to whether you need that kind of anonymity, it depends on what you're doing and where you're doing it. If you're accessing a site without the "lock" icon on the browser's address bar, it won't be encrypted, and if you're using WiFi, anyone with a scanner will be able to see your actions, which is bad news if you're logging onto your bank site. It's safer if you're using "https" encryption, but there are still ways that hackers might be able to intercept that if you're using the Internet on the move or using a publicly available Internet service.
If you're surfing at home, the safety of your computer depends on the quality of your anti-virus and whether you've applied the latest software updates. It may be impossible to compromise your IP address, but it's certainly possible to compromise your computer.