What your IP address does and does not reveal, and to whom.
- My IP address was exposed after I got a virus. Should I be scared?
- Help please, someone got my IP country and state and my village I am just a kid please help – he even got my ISP please I am really scared.
- Hey! Some guy has my IP. Is it possible that he does a cyber crime and uses my IP address and gets me arrested?
No, you should not be scared. No, no one is going to track you down to your home. No, no one is going to use your IP address for some kind of cybercrime.
As you can tell, this is a question I get often. There’s lots of confusion over what people can and cannot find out from your IP address.
It gets worse when you search for an answer to this question online. Search results are full of scare-mongers declaring that your privacy is over once someone has your IP address — unless, of course, you purchase their product. Sigh.
Become a Patron of Ask Leo! and go ad-free!
Finding you by your IP
Locating you by your IP address is possible, but it’s not doable by anyone other than the highly skilled, and requires tools and access the average user doesn’t have. Typically, law enforcement would need to be involved. You hand over your IP address with all your online activity; it’s how the internet works. Someone knowing your IP address isn’t anything special or terribly risky. If someone threatens you because they know it, it’s nothing more than bullying.
The big fat caveat
I have a hard time convincing people not to worry. Here’s why:
Of course your IP address can be used to track you down. Anything is possible.
If you have the resources and the access to do it, that is. Law enforcement can find the location of an IP address, for example, by forcing ISPs and other internet providers to punch through their privacy protections and give them information not available to the general public.
Theoretically, hackers could infiltrate your ISP and get private information about your IP address.
Unless you are an exceptionally high-value target, have run afoul of the law in some serious way, or live in some seriously repressive regime, no one is going to make the significant effort to track you down by your IP address. It’s just not going to happen.
It takes access and skills that are not generally available to even the scariest of hackers.
Again, it’s just not going to happen to you.
Here’s another reason why you shouldn’t worry…
I know your IP address
Here’s the IP address I have for you: 22.214.171.124.
In fact, every website you visit, every online service you use, everything and anything to which your computer connects directly knows your IP address.
Not only is it not a big deal, it’s how the internet works. It’s how those sites and services know how to respond to you. It’s how the Ask Leo! server knew to send you the information for the very page you’re reading right now.
You’re “exposing” your IP address all the time.
We all are.
But, but, but!!!!
You’ll find plenty of articles on the internet claiming you’re putting yourself at significant risk by exposing your IP address.
For most of us, that’s pure bullsh*t.
They’re trying to sell you something. Usually, they’re trying to sell you a subscription to a VPN service to “hide” your IP address.
You can hide it if you like. It’ll slow down your online experience, and perhaps lighten your wallet some. It won’t really make you significantly safer1 — at least not from the “horrors” of exposing your IP address. You know, 126.96.36.199.
“But I’m special — people really are after me.”
99% of the people making this claim are wrong.
We all fear what we don’t understand, and people don’t understand the internet or how it works. It’s easy to get sucked into concerns about issues that don’t exist — in part because there are so many other issues that do.2
On top of that, there are many who love to turn this lack of knowledge to their own purposes. The most common I see are kids trying to scare other kids by claiming that by knowing their IP address they can now hack their computer, infiltrate their home, or make it look like criminal activities are originating from it.
No. Just no. It’s nothing more than taunting and bullying.
Now, about that 1% . . .
Of course it’s possible; it’s just not likely
Let’s say you’re part of that 1% who are correct about being tracked at a personal level. What’s the risk?
The only legitimate risk is that, in theory, someone could mount a denial-of-service (DOS) attack against your IP address. This pummels your IP address with so much traffic that you can’t get out. Essentially, you get knocked offline.
That’s it. You get knocked offline. You’re not hacked, you’re not compromised. You’re inconvenienced. Your ISP would take steps quickly to make it go away, and you’d be back in business.
Of course, if you’ve done something to warrant law enforcement or government interest, they can get the information about where you are from your ISP. But that’s not available to your random internet user or bully.
Disclosing your location
There’s one more aspect of all this that’s very important to realize.
Without even exposing your IP address, you might well be telling websites and services exactly where you are.
Visit What’s My IP Address? It’s one of several sites that will tell you your IP address (188.8.131.52), and also tell you where you are — to a point. In my case, it gets my city/region correct, but that’s all. It doesn’t come anywhere close to locating me or my home. It’s not uncommon for this type of IP-based “geolocation”, as it’s called, to be miles off — sometimes hundreds of miles off.3
Click on the link to “Update My IP Location”. You’ll be presented with a list of pros and cons, which I appreciate, and the opportunity to skip the next step.
Click proceed, and your browser will present you with this:
Here’s the deal: this has little to nothing to do with your IP address. Your browser, and your system in general, is often able to know your specific location with a high degree of accuracy. I clicked “Allow” in one browser, and sure enough — the exact location of my home was displayed.
Because I let my browser share that information. I clicked Allow.
Even if you use a VPN to “hide” your IP address, all bets are off when you explicitly tell someone where you are — and that’s exactly what “Allow” does when a website wants to know your location.
Naturally, VPN and other vendors use this amazing location ability to sell you solutions that ultimately aren’t needed, or don’t actually fix what’s at play.
Keeping yourself safe
Most people need do nothing more than follow common internet safety rules to stay safe. No extra tools are needed. In my opinion, if someone knows your IP address, it doesn’t expose you to any significant extra risk. Maybe click “Block” when a website wants to know your location (unless, of course, you want it to — like your delivery app, or perhaps Google Maps).
If you really are that special someone who needs to stay extra secure because people and/or law enforcement really are after you — well, this article isn’t for you. Consider using a good (not free) VPN, perhaps TOR, a dedicated machine, someone else’s internet connection, and so on. The list of what you need to do is longer than I can really go into.
Besides, if you’re reading this article, I’m still not convinced you need it.
A note about comments
There’s a good chance I’ll end up closing comments on this article, because experience shows that the vast majority will be either:
- People who didn’t read the article.
- A series of “what about?” questions that I’m just not willing to get into because they’ll apply to very few people, and generally not even to the person asking.
I hope that’s not the case.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Download (right-click, Save-As) (Duration: 11:18 — 12.5MB)
Subscribe: Apple Podcasts | RSS
Footnotes & References
1: Of course VPNs can add value, but using them as a means to “hide” your IP address is not one of the big ones.
2: I worked hard to avoid the terms “paranoid” and “conspiracy theory”. It’s too easy to bucket people into those categories, when in fact the situation is significantly more nuanced.
3: Yes, I’ve blurred my IP address in the image below. I debated on this, but there are enough sketchy people who’d love to make an example of me to make some kind of point and mount a DOS attack on it. Since I rely on it for my business, I’m electing not to poke the bear. Seriously, though, a DOS attack would be my only concern.
37 comments on “Someone Has My IP Address – Should I Be Scared?”
Many people use a VPN to hide their IP address so they can view country restricted content. I live in Europe and wanted to watch a Netflix video that’s not offered here (I pay for Netflix). I’ve done this a few times with a VPN. A while ago, I tried this and Netflix blocked it with a notification that they don’t allow viewing their videos using a VPN. One friend said the best VPNs for that are small ones who don’t send as much traffic to Netflix and change their IP addresses often enough to escape detection.
You may view the Netflix content primarily within the country in which you have established your account and **only in geographic locations where we offer our service and have licensed such content.**
Yes, that’s why a VPN can be of use.
I think you accidentally hardcoded the IP address in the article to 184.108.40.206 (when I presume you wanted to display the IP of the site visitor). That’s not my IP address, but it is the address of ec23.pugetsoundsoftware.com
That address that showed up in my browser when viewing this article was mine. It pinpointed my location exactly (if you consider 500 KM away exact.) ;-)
I think it’s an odd caching issue of some sort.
Similar thing with my location, (somewhere in Tasmania), but practically all sites think my location is on mainland Australia with just the odd one or two getting closer with the state capital, Hobart.
I’ve long guessed that this is to do with my ISP being on the mainland and the fact that all ‘land-based’ internet traffic from Tassie, regardless of peoples ISP’s, is bundled together and routed through one of two undersea fibre cables to Melbourne before distribution out into the WWW.
“Here’s the IP address I have for you: 220.127.116.11.”
Ummm, no. whatismyipaddress tells me something completely different and the geolocation is in the right part of the province. 18.104.22.168 is an Amazon static IP address for you: pugetsoundsoftware.
The IP address you saw was Leo’s IP address. I don’t know how that happened to you. The address that showed up for me was a nearby location (if you consider 500 KM away nearby. ;-) Right now, I see your IP number as 15.223.xx.xxx. Although an IP number doesn’t identify you, I’ll censor out a portion out of respect for your privacy.
I only use a VPN because the UK has become so ‘Hate-Crime’ conscious that the police have dozens of coppers, who should be out patrolling the streets, are instead sat at computers all day trying to find people who have the slightest whiff of being right-wing and ‘white privileged’.
I may be classed as either or both of them, so I’m not going to make the job easier for them!
I’m actually amazed at how we all get connected with IP addresses. 255^4 (255.255.255.255) is about 4.2 billion possible IP addresses and I understand that some are specifically reserved, so not available. 4.2 billion is roughly half the population of the earth and many people have multiple devices that all need IP addresses. How we all get connected is a mystery to me.
Although many people have multiple Internet connected devices, most interact with the Internet through the router’s IP address. The router communicates to the devices behind it via its internal IP address. A few small ranges of IP numbers are reserved for local network use. All local networks use the same range if IP addresses as those numbers stay within the local network and aren’t seen outside of the local network.
So, for current usage, those 4.2 billion addresses are sufficient, but there is, essentially, no room for more. IP v.6 is designed for future use, making it possible to assign a unique IP address to each device giving approximately 340 trillion trillion trillion possible addresses. That ought to last a few years.
That’s your router doing the heavy lifting. You’re assigned a SINGLE IP from that pool of IP addresses, and it’s shared with all your devices.
There are other methods that are used to contend with the depletion of IPv4 addresses. For example, just as your router maps your public (ISP) IP address to your local computers, the ISP has it’s own private IP mapping schemes by which a public IP is mapped to many (millions) of ISP subscribers by means of indicators within the TCP/IP message header fields (look up Network Address Translation). Another method of conserving IP addresses is to do virtual hosting in which one server, with one public IP, hosts several different websites, again distinguished by other data within the message. Another method is what’s called “classless addressing” which uses different encoding within an IP address bits so that an organization is allocated only the number of unique addresses that it needs and the address space is not wasted on unused addresses. There is also a market for buying, selling and leasing IP addresses which minimizes waste of unused IP addresses.
You are absolutely right. No one can do anything to you with your IP address. Thanks to you for always enlightening us. All the time. Since 2003. With love from India.
The techs at Comcast told me to unplug my modem for 10 seconds and when it reboots it will aquire a new IP address.
That’s true and it’s one of the reasons you don’t have to be afraid if someone has your IP number. Although, of course, if you are doing something illegal, the police can get a warrant to find out from the ISP who did the illegal activity, and they can find the culprit by checking the IP number against the time the crime was committed and pinpoint which customer’s account was responsible.
Leo, I have no idea what IP means – nor VPN for that matter. Can you explain this (and other similar terms) more clearly in future articles. I note that you DO explain that “someone could mount a Denial Of Service (DOS) attack” but nowhere in this article do you mention what IP means.
I set my adapter settings to change my ip address daily, which it does. Not only that, the ip address that showed when I went to the website is NOT my ip address. However it did pinpoint where the PC is located pretty accurately, and THAT’S just creepy.
Interestingly, as you show in your screenshot, the What’s my IP address website is also trying to play on these (mainly unwarranted) fears by offering to hide your IP address, presumably for money. As Leo says – don’t fall for it.
They are offering a VPN which which is a useful service for those who need it. It’s true that many who might use a VPN don’t really need the protection it offers. If you use your computer, phone, or tablet in a coffee shop or other public WiFi, a VPN protects you from sniffing and other attacks while online.
Here are a few articles which can help you decide whether you need a VPN or not.
How Does a VPN Protect Me?
How Do I Use an Open Wi-Fi Hotspot Safely?
Is there Any Reason to Use a VPN at Home?
A while back someone made a Ebay purchase using my account, I had chance to talk to the ebay security person and he said that the transaction came from my IP address and would not investagate any further. That is what encourged me to get a VPN account. I know for a fact that my computer was not used.
The eBay security person would have no way of knowing the order came from your IP address. Who did you really talk to?
Why do you say that? I’m sure the eBay servers have logs, just like any web server. They should be able to easily tell the IP address from which a transaction occurred, just like I can see the IP address from which you posted this comment.
I’m referring to the likelihood. A client service person on the phone is not likely to have both of the IP addresses of the people involved in real time, especially since those IP addresses were used at different times. As has been said here, IP addresses change. Of course, the eBay security guy could have done in-depth research digging through eBay records, but that’s not likely. There are other reasons to say “so what if the IP addresses were the same”. One factor is that the IP the eBay guy sees is the ISP’s exchange IP address, not a unique identifier for Walter or the bad guy. If the bad guy is a neighbor and uses the same ISP it’s possible that the IP address used at different time could be the same, especially if the ISP uses NAT (see my other comment here). Another possibility to see the same IP address might be if both people are using the same VPN company. One more possibility is that if the bad guy was able to get into Walter’s eBay account, then he could have easily gotten into Walter’s network, in which case he would use the same IP address. To dismiss the possibility of a hack (if that’s what happened) on the basis of IP address logs is not helpful.
“A client service person on the phone is not likely to have both of the IP addresses of the people involved in real time, especially since those IP addresses were used at different times.”
I disagree with this, technically. He may or may not have the IP address in real-time, but he absolutely could have easy access to logs containing the IP addresses involved in posting, buidding, and purchasing items on eBay. In fact I’d be surprised if he didn’t.
A customer service person who sees a successful login from the same IP address as the caller would have a hard time reaching any other conclusion than that the purchase was made by the caller or at least someone using the same Internet connection and had access to his login information. This could only have been someone in that person’s household, most likely a child or possibly a visitor or neighbor who got a hold of his eBay login information.
Leo and Mark, you should really read this article:
Note the sentence: “You and your neighbor could have the same ISP, and both have “DHCP” assigned IP addresses – which can change. In fact, what’s your IP address today could easily be your neighbor’s IP address tomorrow.”
This is the more likely scenario:
“If your neighbor is truly using your IP address, that implies he’s connected to your network.”
That statement you are quoting is possible but with an extremely low probability of happening. To make it even more unlikely, the purchaser had the questioner’s Amazon login credentials.
Another computer on your network may have been used. It’s not possible to “use” an IP address from a different location.
Not only on the same network, but it would have to be someone who has Walter’s EBay login name and password to purchase something via that account.
A super public-service article that I found very reassuring and will mention to others. It seems that my IP address frequently changes. For example, clicking your link to “What’s my IP address” comes up with a slightly different number than in your article which I have had open in a tab without refreshing for a day or so. So if it changes that often wouldn’t that add an extra layer of protection? Anyway I’m saving this article and thank you for it. I hope you don’t close comments on articles and instead just remove the unacceptable ones (even if they are mine) because many times the comments offer additional helpful insights.
I have a privacy concern. Recently I was told that someone probably used my IP to find a way to SEE all the Facebook accounts I have used under my same device / IP. Is that possible? Can someone see my FB accounts under my same device with IP or using the profile link of my FB account? Is there any “hack” or way for them to access such info? I haven’t been hacked my accounts, I changed all my passwords and closed all my Facebook accounts for security purposes. Either way, now I’m so panicked because I fear a stranger can see all my FB accounts that I use under my device, even the new ones I make in the future. Please enlighten me.
As the article states, there’s no way they can do that. I can see your IP number from when you posted your comment and that is true of every website you visit. If it were possible to hack someone simply knowing their IP address, nearly everyone would have been hacked by now. OK, maybe I’m exaggerating, but that scenario would be entirely possible if it were that easy.
Nope. Sounds like they’re just trying to scare you.