I recently joined a Website for “Singles” which allows instant messaging
between interested parties. I was warned by one of my friends that there are
people on this website who have multiple profiles. These people could IM you
using one profile today and another profile tomorrow.
My friend suggested that one way of knowing for sure whether these two
profiles are two different people or the same person with two profiles, is to
check their IP address when the IM window opens in front of you.
Does that work?
Having said that there are a couple of very rare exceptions where you can
kind of, sort of, maybe tell. But not really.
Let’s look at how this all works and why the IP address tells you pretty
Become a Patron of Ask Leo! and go ad-free!
To begin with, you didn’t say which IM service is being used. There are of
course many possibilities including MSN Instant Messenger, AIM, GTalk, and
others. In addition, your dating site may well have implemented their own IM
system – it’s actually not that hard.
The single biggest problem with IP addresses and most instant messaging
services it this: you’re connecting to the service, not to the person you’re
It looks more like this:
When you create an instant messaging conversation, you’re not connecting to
the person you’re talking with at all. Instead, your instant messaging program
connects to the servers that are used by the IM service. When you send an IM
your message is sent to those servers, and then from those servers sent on to
whomever it is you’re IM’ing.
you’re not connecting to the person you’re talking with at all.”
In fact, let’s look at the IP’s in use when I have a conversation with an
MSN Messenger user. Using TcpView
during the conversation I see the following connections associated with my IM
If I then use the whois lookup at
arin.net to see who owns the IP addresses involved, I find:
126.96.36.199 – is owned by Yahoo (Trillian is configured
to include my Yahoo account)
188.8.131.52 – is owned by Google (Trillian is configured
to include my Google Talk account)
184.108.40.206 – is owned by Microsoft (Trillian is
configured to include my MSN Instant Messenger account)
220.127.116.11 – is also owned by Microsoft
18.104.22.168 – is owned by AOL (Trillian is configured to
include my AOL Instant Messenger account)
22.214.171.124 – is also owned by AOL
Nowhere in there is the IP address of the party to whom I’m speaking. (To
confirm, that “other party” is my wife’s place of business, so I know
what the IP address would be should it have been visible.)
Now it’s easy to say that “most” IM clients connect you through their
servers, but it’s also true that some do not. In fact, some instant messaging
services allow you to establish a “direct connection”. I believe that AIM
allows you to switch to this type of connection, and some other services such
as Skype actually often operate this way natively in some configurations after
the connection has been made.
So let’s assume, then, that using TcpView during an IM conversation you’re able to capture the IP
addresses used by your IM program, and one of these represents a direct
connection to the person you’re messaging.
What can you tell from this IP address?
Pretty much nothing. Still.
Similarly, they could be behind a router or proxy provided by their school
or place of work. Once again any number of people could “appear” to use that
same IP, and there’s still no way to tell which user that is(*).
They could be behind their own router at home as I so often recommend. Any
number of machines could be behind that router, and there’s no way for you to
tell which machine you’re conversing with.
And finally, even with the IP address of a specific machine or location,
there’s no way for you to tell where that machine is located(*). The
best you can do is identify the ISP that’s providing the internet
connection to the person you’re conversing with.
(*) Yes, there is a way to tell exactly what machine is represented
by an IP address in most cases. But you can’t get it. You need the
cooperation of the ISP that provides that other person’s internet connection,
and that typically requires a court order or other law-enforcement
So unless you can convince law-enforcement that they should get involved,
even having the IP address tells you pretty much next to nothing.
You simply cannot rely on an IP address to mean the same person. IP
addresses could be shared, and you can’t even imply that an IP address
changing means that the person has changed – IP addresses could be reallocated.
While you might be able to make some broad generalizations; for example if one
IP resolves to an ISP in the United States, and another resolves to an ISP
overseas, then perhaps it’s not the same person. But then again, to someone
really dedicated to hiding his or her identity, even that can be
Bottom line: don’t read anything into the IP address until or unless you can
involve law enforcement. It’s just not a reliable enough indicator.