To begin with, I think you’re confusing two different issues. Your IP address doesn’t really identify you, personally.
But, absolutely, web servers see the IP address you’re connecting through when you access them. And unless you’ve taken steps, you’d probably consider it “your” IP address.
Become a Patron of Ask Leo! and go ad-free!
Your IP address
When you view a webpage, the web server receives the IP address of the last device in the chain of connections between your computer and that server. Most commonly, that’s the IP address assigned to your router. For example, right now, the Ask Leo! web server believes that you’re connecting from 188.8.131.52.
If your computer is connected directly to the internet, that’s its IP address. If you’re connected through a router, that’s the IP address assigned by your ISP to your router.
The IP address is a fundamental component of how the internet works. The server must know the IP address to which it should send its response. It’s like the return address on a postal mail envelope – you can’t reply if you don’t know where it came from.
Is your IP address “you”?
So, does your IP address identify you, specifically?
Not really, and yet maybe.
In most home and small businesses, the IP address is assigned by your ISP to your router’s internet connection. That does identify you, at least to the degree you are associated with that location. Your ISP knows where you live, after all. If you have multiple users or multiple machines, they can’t necessarily tell who did what from which computer, but they can at least say, “This came from that customer’s connection.”
The average person can’t get at this information, of course, and neither can web servers. All my server sees is 184.108.40.206. Where, specifically, that IP address is, and whether there’s one person at that IP address or a hundred, I can’t tell. It typically takes legal action of some sort to force an ISP to release such information.
So, a server knows the IP address through which you connect, and that might be used to identify you, assuming law enforcement gets involved.
Obscuring your IP address
As I mentioned above, if your internet connection is through a corporate network, proxy, or VPN, things get more complex. The IP address seen by the web server might only indicate the company providing your internet connection, proxy, or VPN service. Typically, those completely hide the IP address at your actual location.
In fact, this is one of the reasons that TOR – The Onion Router – exists. It uses a multi-layered series of proxies in such a way that even with things like court orders and legal justifications, your origin IP address cannot be determined.
So, to answer at least part of your question: to hide your origin IP address, use something like a VPN service or TOR.
But your IP address is really only a small part of the issue.
With your cooperation, much more is possible
I hope this is obvious, but I’ll say it anyway: any site you log in to knows who you are, to the extent that you provided accurate information when you signed up, or to the extent that that information can be cross-referenced elsewhere. For example, if you sign up with a specific email address – email@example.com – anything from a simple Google search to behind-the-scenes data-exchange agreements can cause any and all information associated with that email address to be discoverable (and then associated with your IP address).
When you return, that site might still know who you are, even if you don’t necessarily log in on that return, and even if you don’t explicitly tell it to “remember me.” It’s still quite possible for the site to remember you anyway, and only request that you log in if it needs to confirm that you are who it thinks you are.
All of that is as simple as a cookie – perhaps even the same cookie that makes it possible to go from page-to-page within a site without having to log in over and over again for every single page.
It could also be more complex, in the form of so-called “supercookies” or “evercookies”, which use a variety of techniques to create what might be called a digital fingerprint of your connection. Such a fingerprint might include everything from your IP address, traditional cookies, the browser you use, and even the operating system and screen resolution reported by your browser.
And thus are conspiracy concerns born
Ads are just content served up by web servers. Advertisers’ web servers know your IP address, and can do things like leave cookies so they know which sites (using that same advertising network) you visit.
Well, not you, you, but rather “some computer at your IP address”, since that’s all they really know.
Perhaps until you log in to one of those sites, or they generate that “digital fingerprint”.
If (and it’s a very big if) the site that now knows who you are shares that information with their advertising network, then the advertising network knows who you are if you visit any other site on which they provide ads.
So, in that sense, it is possible that exactly who you are could be accompanying you to the websites you visit, depending on how you control your personal information, what sites you use, and what services those sites use in turn.
Just how real is this?
I’m always reluctant to talk about online privacy, especially when it relates to advertisers, because there are many people who are absolutely convinced that every little thing they do online is indeed being monitored in excruciating detail using the techniques that I’ve outlined above and other similar approaches.
I don’t believe that for a second.
I’ve said it many, many times before: you and I just aren’t that interesting.
I log in to dozens of sites throughout the day. Many have advertising, and I’m certain many use the same networks as some of the others.
I’m just not concerned.
Could they pool all their resources and information – my IP addresses, cookie-based information, surfing habits, account logins and such – to closely monitor what I do?
I suppose they could.
Do I think that they do?
Why would they? I’m just not that interesting.
Taking steps anyway
Perhaps you really are that interesting (I doubt don’t there are people who are).
What do you do?
Well, my knee-jerk reaction is to say, “Stay off the internet, period.” The internet was never designed to provide the level of anonymity and privacy you might need. There are things that can be done, but unless you understand them and know how to use them both consistently and well, you run the risk of being identified.
If this is an important issue for you, my post How can I send anonymous email? touches on fake accounts, anonymous proxies, anonymization services, and more.
The practical answer for the average person
No, servers don’t identify you as an individual, unless you tell them who you are.
To me (or rather my server), you’re just 220.127.116.11. Even if you leave your name in a comment below, which also records the IP address from which the comment was made, there’s no attempt to automatically figure out who you are the next time you visit. There’s no need, and there’s nothing I would do with that information anyway.
I honestly believe the vast majority of sites operate exactly the same way.
If you found this article helpful you'll love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and increase your confidence with technology.
Subscribe now, and I'll see you there soon,