What your IP address does and does not reveal, and to whom.
- My IP address was exposed after I got a virus. Should I be scared?
- Help please, someone got my IP country and state and my village I am just a kid please help – he even got my ISP please I am really scared.
- Hey! Some guy has my IP. Is it possible that he does a cyber crime and uses my IP address and gets me arrested?
No, you should not be scared. No, no one is going to track you down to your home. No, no one is going to use your IP address for some kind of cybercrime.
As you can tell, this is a question I get often. There’s lots of confusion over what people can and cannot find out from your IP address.
It gets worse when you search for an answer to this question online. Search results are full of scare-mongers declaring that your privacy is over once someone has your IP address — unless, of course, you purchase their product. Sigh.
Become a Patron of Ask Leo! and go ad-free!
Finding you by your IP
Locating you by your IP address is possible, but it’s not doable by anyone other than the highly skilled, and requires tools and access the average user doesn’t have. Typically, law enforcement would need to be involved. You hand over your IP address with all your online activity; it’s how the internet works. Someone knowing your IP address isn’t anything special or terribly risky. If someone threatens you because they know it, it’s nothing more than bullying.
The big fat caveat
I have a hard time convincing people not to worry. Here’s why:
Of course your IP address can be used to track you down. Anything is possible.
If you have the resources and the access to do it, that is. Law enforcement can find the location of an IP address, for example, by forcing ISPs and other internet providers to punch through their privacy protections and give them information not available to the general public.
Theoretically, hackers could infiltrate your ISP and get private information about your IP address.
Unless you are an exceptionally high-value target, have run afoul of the law in some serious way, or live in some seriously repressive regime, no one is going to make the significant effort to track you down by your IP address. It’s just not going to happen.
It takes access and skills that are not generally available to even the scariest of hackers.
Again, it’s just not going to happen to you.
Here’s another reason why you shouldn’t worry…
I know your IP address
Here’s the IP address I have for you: 184.108.40.206.
In fact, every website you visit, every online service you use, everything and anything to which your computer connects directly knows your IP address.
Not only is it not a big deal, it’s how the internet works. It’s how those sites and services know how to respond to you. It’s how the Ask Leo! server knew to send you the information for the very page you’re reading right now.
You’re “exposing” your IP address all the time.
We all are.
But, but, but!!!!
You’ll find plenty of articles on the internet claiming you’re putting yourself at significant risk by exposing your IP address.
For most of us, that’s pure bullsh*t.
They’re trying to sell you something. Usually, they’re trying to sell you a subscription to a VPN service to “hide” your IP address.
You can hide it if you like. It’ll slow down your online experience, and perhaps lighten your wallet some. It won’t really make you significantly safer1 — at least not from the “horrors” of exposing your IP address. You know, 220.127.116.11.
“But I’m special — people really are after me.”
99% of the people making this claim are wrong.
We all fear what we don’t understand, and people don’t understand the internet or how it works. It’s easy to get sucked into concerns about issues that don’t exist — in part because there are so many other issues that do.2
On top of that, there are many who love to turn this lack of knowledge to their own purposes. The most common I see are kids trying to scare other kids by claiming that by knowing their IP address they can now hack their computer, infiltrate their home, or make it look like criminal activities are originating from it.
No. Just no. It’s nothing more than taunting and bullying.
Now, about that 1% . . .
Of course it’s possible; it’s just not likely
Let’s say you’re part of that 1% who are correct about being tracked at a personal level. What’s the risk?
The only legitimate risk is that, in theory, someone could mount a denial-of-service (DOS) attack against your IP address. This pummels your IP address with so much traffic that you can’t get out. Essentially, you get knocked offline.
That’s it. You get knocked offline. You’re not hacked, you’re not compromised. You’re inconvenienced. Your ISP would take steps quickly to make it go away, and you’d be back in business.
Of course, if you’ve done something to warrant law enforcement or government interest, they can get the information about where you are from your ISP. But that’s not available to your random internet user or bully.
Disclosing your location
There’s one more aspect of all this that’s very important to realize.
Without even exposing your IP address, you might well be telling websites and services exactly where you are.
Visit What’s My IP Address? It’s one of several sites that will tell you your IP address (18.104.22.168), and also tell you where you are — to a point. In my case, it gets my city/region correct, but that’s all. It doesn’t come anywhere close to locating me or my home. It’s not uncommon for this type of IP-based “geolocation”, as it’s called, to be miles off — sometimes hundreds of miles off.3
Click on the link to “Update My IP Location”. You’ll be presented with a list of pros and cons, which I appreciate, and the opportunity to skip the next step.
Click proceed, and your browser will present you with this:
Here’s the deal: this has little to nothing to do with your IP address. Your browser, and your system in general, is often able to know your specific location with a high degree of accuracy. I clicked “Allow” in one browser, and sure enough — the exact location of my home was displayed.
Because I let my browser share that information. I clicked Allow.
Even if you use a VPN to “hide” your IP address, all bets are off when you explicitly tell someone where you are — and that’s exactly what “Allow” does when a website wants to know your location.
Naturally, VPN and other vendors use this amazing location ability to sell you solutions that ultimately aren’t needed, or don’t actually fix what’s at play.
Keeping yourself safe
Most people need do nothing more than follow common internet safety rules to stay safe. No extra tools are needed. In my opinion, if someone knows your IP address, it doesn’t expose you to any significant extra risk. Maybe click “Block” when a website wants to know your location (unless, of course, you want it to — like your delivery app, or perhaps Google Maps).
If you really are that special someone who needs to stay extra secure because people and/or law enforcement really are after you — well, this article isn’t for you. Consider using a good (not free) VPN, perhaps TOR, a dedicated machine, someone else’s internet connection, and so on. The list of what you need to do is longer than I can really go into.
Besides, if you’re reading this article, I’m still not convinced you need it.
A note about comments
There’s a good chance I’ll end up closing comments on this article, because experience shows that the vast majority will be either:
- People who didn’t read the article.
- A series of “what about?” questions that I’m just not willing to get into because they’ll apply to very few people, and generally not even to the person asking.
I hope that’s not the case.
Footnotes & References
1: Of course VPNs can add value, but using them as a means to “hide” your IP address is not one of the big ones.
2: I worked hard to avoid the terms “paranoid” and “conspiracy theory”. It’s too easy to bucket people into those categories, when in fact the situation is significantly more nuanced.
3: Yes, I’ve blurred my IP address in the image below. I debated on this, but there are enough sketchy people who’d love to make an example of me to make some kind of point and mount a DOS attack on it. Since I rely on it for my business, I’m electing not to poke the bear. Seriously, though, a DOS attack would be my only concern.