Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

When I Visit a Web Site, Can the Server Identify Me?

//
When I visit a web site, are they able to identify my IP address? If so, how can I block them from being able to identify me?

To begin with, I think you’re confusing two different issues. Your IP address doesn’t really identify you, personally.

But, absolutely, web servers see the IP address you’re connecting through when you access them. And unless you’ve taken steps, you’d probably consider it “your” IP address.

Become a Patron of Ask Leo! and go ad-free!

Your IP address

When you view a webpage, the web server receives the IP address of the last device in the chain of connections between your computer and that server. Most commonly, that’s the IP address assigned to your router. For example, right now, the Ask Leo! web server believes that you’re connecting from 3.227.233.78.

If your computer is connected directly to the internet, that’s its IP address. If you’re connected through a router, that’s the IP address assigned by your ISP to your router.

If you’re connecting through something more complex – say a corporate network, proxy, or VPN, then that’s the IP address of that equipment’s connection to the internet.

The IP address is a fundamental component of how the internet works. The server must know the IP address to which it should send its response. It’s like the return address on a postal mail envelope – you can’t reply if you don’t know where it came from.

Is your IP address “you”?

So, does your IP address identify you, specifically?

Searching an IP addressNot really, and yet maybe.

In most home and small businesses, the IP address is assigned by your ISP to your router’s internet connection. That does identify you, at least to the degree you are associated with that location. Your ISP knows where you live, after all. If you have multiple users or multiple machines, they can’t necessarily tell who did what from which computer, but they can at least say, “This came from that customer’s connection.”

The average person can’t get at this information, of course, and neither can web servers. All my server sees is 3.227.233.78. Where, specifically, that IP address is, and whether there’s one person at that IP address or a hundred, I can’t tell. It typically takes legal action of some sort to force an ISP to release such information.

So, a server knows the IP address through which you connect, and that might be used to identify you, assuming law enforcement gets involved.

Obscuring your IP address

As I mentioned above, if your internet connection is through a corporate network, proxy, or VPN, things get more complex. The IP address seen by the web server might only indicate the company providing your internet connection, proxy, or VPN service. Typically, those completely hide the IP address at your actual location.

In fact, this is one of the reasons that TORThe Onion Router – exists. It uses a multi-layered series of proxies in such a way that even with things like court orders and legal justifications, your origin IP address cannot be determined.

So, to answer at least part of your question: to hide your origin IP address, use something like a VPN service or TOR.

But your IP address is really only a small part of the issue.

With your cooperation, much more is possible

I hope this is obvious, but I’ll say it anyway: any site you log in to knows who you are, to the extent that you provided accurate information when you signed up, or to the extent that that information can be cross-referenced elsewhere. For example, if you sign up with a specific email address – leo@somerandomservice.com – anything from a simple Google search to behind-the-scenes data-exchange agreements can cause any and all information associated with that email address to be discoverable (and then associated with your IP address).

When you return, that site might still know who you are, even if you don’t necessarily log in on that return, and even if you don’t explicitly tell it to “remember me.” It’s still quite possible for the site to remember you anyway, and only request that you log in if it needs to confirm that you are who it thinks you are.

All of that is as simple as a cookie – perhaps even the same cookie that makes it possible to go from page-to-page within a site without having to log in over and over again for every single page.

It could also be more complex, in the form of so-called “supercookies” or “evercookies”, which use a variety of techniques to create what might be called a digital fingerprint of your connection. Such a fingerprint might include everything from your IP address, traditional cookies, the browser you use, and even the operating system and screen resolution reported by your browser.

And thus are conspiracy concerns born

Ads are just content served up by web servers. Advertisers’ web servers know your IP address, and can do things like leave cookies so they know which sites (using that same advertising network) you visit.

Well, not you, you, but rather “some computer at your IP address”, since that’s all they really know.

Perhaps.

Perhaps until you log in to one of those sites, or they generate that “digital fingerprint”.

If (and it’s a very big if) the site that now knows who you are shares that information with their advertising network, then the advertising network knows who you are if you visit any other site on which they provide ads.

So, in that sense, it is possible that exactly who you are could be accompanying you to the websites you visit, depending on how you control your personal information, what sites you use, and what services those sites use in turn.

Just how real is this?

I’m always reluctant to talk about online privacy, especially when it relates to advertisers, because there are many people who are absolutely convinced that every little thing they do online is indeed being monitored in excruciating detail using the techniques that I’ve outlined above and other similar approaches.

I don’t believe that for a second.

I’ve said it many, many times before: you and I just aren’t that interesting.

I log in to dozens of sites throughout the day. Many have advertising, and I’m certain many use the same networks as some of the others.

I’m just not concerned.

Could they pool all their resources and information – my IP addresses, cookie-based information, surfing habits, account logins and such – to closely monitor what I do?

I suppose they could.

Do I think that they do?

No.

Why would they? I’m just not that interesting.

Taking steps anyway

Perhaps you really are that interesting (I doubt don’t there are people who are).

What do you do?

Well, my knee-jerk reaction is to say, “Stay off the internet, period.” The internet was never designed to provide the level of anonymity and privacy you might need. There are things that can be done, but unless you understand them and know how to use them both consistently and well, you run the risk of being identified.

If this is an important issue for you, my post How can I send anonymous email? touches on fake accounts, anonymous proxies, anonymization services, and more.

The practical answer for the average person

No, servers don’t identify you as an individual, unless you tell them who you are.

To me (or rather my server), you’re just 3.227.233.78. Even if you leave your name in a comment below, which also records the IP address from which the comment was made, there’s no attempt to automatically figure out who you are the next time you visit. There’s no need, and there’s nothing I would do with that information anyway.

I honestly believe the vast majority of sites operate exactly the same way.

Podcast audio

Play

44 comments on “When I Visit a Web Site, Can the Server Identify Me?”

  1. I use EarthLink dialup so every time I connect to the ‘net I have a different IP because Earthlink uses dynamic IPs. HOWEVER, a message board I post on was able to identify 3 user names that I’ve used over the past 2 years. They said they did it using my IPs but I know that is impossible. So, how did they identify me? Sure hope somebody can sort this out for me. I’m told it might have something to do with the subnet masking that stays the same? TIA
    Anna

  2. I know you asked that question 6 months ago, anna, and have probably either forgot about or found an answer to it by now.

    Anyway, go to http://www.grc.com. Click on the Sheilds Up Logo. Then scroll down, way down, or do a search for sheilds up. And Click on it. Read this page, because it answers your question.

    Then, if you want, continue on to shields up and get your computers security tested!!

    To answer your question here, and shortly, from a your ip address, they can get your “reverse dns”. If your ISP is less concerned about privacy, this reverse dns may contain identifyable information. The page I directed you to will tell you what your reverse dns is.

  3. I have a web site. Some other site such as download.com has a link to my web site. When user click the link on download.com, can I get the IP of the person who click the link? If I can, how?

    Thank you

  4. hi I can’t enter on one site it says “You are using an Invalid IP to access this site!” but I can go to all others web site.please help me what to do.Thank you

  5. Hi, I was wondering if signing up for whospyme.com is a bad idea. Are they able to sell my information or have you heard of anybody having a bad expirience with it ie. viruses, stolen information?
    Thanks

  6. So are you guys saying that when it says people visited your profile is doesn’t say their name? How do you know then? Just it just say “6 people” visited your profile and then it doesn’t tell you who? That’s dumb. Maybe that website is a good idea then, who knows what kind of weirdos are checking you out.

  7. Yes, but exactly what the code is depends on the server software you’re using and what software is processing that form.

  8. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    Yes. Absolutely. The IP of every visitor is typically logged. That’s true for
    most all websites.

    Leo
    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.6 (MingW32)

    iD8DBQFGbeNcCMEe9B/8oqERAs/pAJ4lrNyRB0tEnN+agUw0RGYJbo9x0gCfQhZF
    0X5u/i/EImXtwdOKcXJMid0=
    =FyTV
    —–END PGP SIGNATURE—–

  9. Can IP addresses of someone posting on a public message board be tracked without the boards operator being aware of it?
    Could someone know where I am posting from here, without contacting you to get my IP address?

  10. I bring my Laptop to work with me, and I connect to the internet through an ethernet cable, from time to time I may visit a raunchy website or two, is it possible for my job to go back and see what websites I have visited, without them checking my computer?

  11. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    Can they? Absolutely yes.

    Do they? No idea. Depends on the company.

    Leo

    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.7 (MingW32)

    iD8DBQFHAVNcCMEe9B/8oqERAoW8AJ4xjF5fDPMBoo/pqnEPEUSzvyCITQCdFwHf
    BiIa7rNuD48SLsdnumA2pf0=
    =3qt7
    —–END PGP SIGNATURE—–

  12. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    I don’t *think* so. I certainly can’t think of a way to do it off hand, but I
    also won’t guarantee it. For all I know your computer’s IP address might be
    saved away somewhere in the registry.

    Note that if you’re behind a NAT router at home then there’s no way for your
    OWN computer to know it’s own internet IP address (it only knows the local
    address assigned by your router). So in that case your boss couldn’t tell
    anyway.

    Leo

    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.7 (MingW32)

    iD8DBQFHWIm9CMEe9B/8oqERAgTfAJ4puC1T8uXeV43WYpI4x7qAlAkgeACfWeae
    e1DnHcloVL6f2iqgsLcVI6k=
    =/clp
    —–END PGP SIGNATURE—–

  13. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    Nope. And I don’t know how you’d get the IP address anyway, since the IP
    address is specific to your location. Once the computer is moved elsewhere y
    virtue of being stolen, there’s no way to know what IP it would be assigned
    unless you had installed some kind of tracking software before it was stolen.

    Leo

    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.7 (MingW32)

    iD8DBQFHWtVnCMEe9B/8oqERAr8gAJ4jLSESWj/FEgzCdOl3mI1K1Yna9gCcCUPf
    8MupvFX78iHoK8r/FWWhgDM=
    =dPPS
    —–END PGP SIGNATURE—–

  14. I am using a wireless internet connection to a laptop at work and am downloading music that may be illegal but from official sites. My work are worried of the legality of this,how easily it can tracked and if traced who is responsible and what sort of punishment you can recieve?

  15. Dear Leo,
    If I used one the same computer but at different places to login the same website? will the IP address be the same or will it be different becos of the diff ISP used? and usually, if it is a domain website, can the website admin trace back to the IP? how much do they usually store in the registry for each login? thanks!

  16. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    It is not possible to directly map an IP address to an email
    address. There must’ve been a different way for him find
    your email address, or some other place where he found your
    IP address and email address together.

    Leo

    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.7 (MingW32)

    iD8DBQFHpMNOCMEe9B/8oqERAvUtAJ9HzaBGvNT9xTkjlSDWiP6TCewrCgCfUgC7
    F7F7tOn6i88w4J+TImRDvv0=
    =ZRIX
    —–END PGP SIGNATURE—–

  17. If I connect to a wireless router, can the server that I am using see what websites I have visited? If so, do servers such as roadrunner keep these things on file?

  18. Help, I have a lot of hours invested in qualifying. . .
    I entered a free online poker tournament where you qualify for different levels. Now that I have qualified for the Final Tournament, I see it says it’s for “Canadians Only”. Not sure if it was an oversight on my part or if it’s an added thing in the fine print. My Account address says US, but if it was changed and I used the anonimyzer, would they be able to tell if I was playing in the U.S. ?

    Thanks in advance Leo !
    If your advice leads to me winning $, I will definitely return to buy you many Lattes !

  19. Hi, does this quote have relevence if you have a dynamic IP?

    Summary: A server can easily identify any users that visit their web sites. However, there are services that will allow you to surf anonymously.

    I use aol, i am not allowed to use certain bookmakers sites, i have been looking at ip masking software but ive been told that as i have a dynamic ip, they cannot identify me this way as it is constantly changing and my ISP will never disclose any info about me, i also delete cookies regularly and im pretty sure they cant get my MAC address.

    Is there something i should know or i do i have it pretty much covered? Basically am i relatively untraceable?

    i look forward to hearing from you

    thanks

  20. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    Static or Dynamic, the ISPs help is required to find you. If they keep records
    of which dynamic IP address you were assigned to when, then it’s possible that
    ** again, WITH THE ISPS HELP ** you could be located. That help typically
    requires law enforcement to get invovled.

    Leo

    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.7 (MingW32)

    iD8DBQFH+STXCMEe9B/8oqERAiLZAJ4wYMlFx7HXCC6/7UIAMeV4/YD5TgCgilJU
    2hPYZLHicCM46KL8h8rT6G8=
    =07Iw
    —–END PGP SIGNATURE—–

  21. can someone identify me from an email address ? I am in the process of utilizing a yahoo address to collect information for a possible lawsuit and am wondering if there are privacy laws that prevent yahoo from releasing/attaching my name to incoming/outgoing mail.
    any help would be appreciated.

  22. Can someone watch you online? What I mean is, can a person know when you sign up on a website ex. facebook, myspace ? Every time I sign up for a new account this person has a new profile before I know it. I feel like they are following me. This person has my first name and my email address. How much information can a person get with your first name and email address, especially someone that knows their way around the internet? thanx

  23. Leo i need ur help, i work in a manufacturing firm. we’ve a WiFi connection and i used to download chunksof data incl. movies. Now they r astonished of the sudden rise in bill and are trying to trace it out. Is it possible to trace me??

    Depends on how technically savvy they are, but in a work environment the answer is almost always: Yes.

    – Leo
    19-Feb-2009
  24. Hello Leo,
    If I am visiting someone’s blog and they have SITEMETER attached to their blog (and lets just say for the sake of my email to you, they have the “advanced sitemeter”) are they able to LOCATE ME PERSONALLY through sitemeter..i.e., are they able to find an ISP number and then locate me?

    They can get your IP address (as I did with your comment), but as I’ve said in several articles on the site, you cannot get someone’s exact physical location from an IP address.

    – Leo
    24-Mar-2009
  25. Someone from within my company has managed to id me via an anonymous site for posting company reviews. Considering all comments are anonymous, is this possible (and if so how) or is this person bluffing? They seem to know my name and exactly which comments I posted.

  26. Great information on here. While I understand from the article that a host can easily identify an IP addresses are easily visible by hosts, I just want to clarify: if I visit a website, will he know that, for example, “someone named Josh XXXX spent 12 minutes reading my blog entry and then downloaded my new song”?

  27. I found out that someone knew my name just from me visiting their website. How did they do this? Are they doing something illegal? I did not fill out any forms or anything on their site.

  28. How do you determine an IP address using only a comment that is left on a website?

    Unless you’re the server owner, you don’t. If you are the server owner, you’d look at the server’s access logs.

    Leo
    13-Jul-2010

  29. You can use TOR to run your browser through proxies or use a web proxy as an alternative (usually slower method)

    Regards,

    ITC Servers

  30. Yes your Ip address will be known if you visit a website. For example this site Ip-Details shows your Ip address, country and address.

    Knowing your IP address is most definitely not the same as “identifying you”. There’s little that can be had directly from an IP address, and much of it is wrong. For example in the tool you suggest is places me in California, which is very, very wrong.

    Leo
    05-Mar-2011

  31. @Josh using server access logs i can tell ip x.x.x.x visited my site at X day of x month of xxxx at xx:xx:xx and from front page or from their landing page went to page x, y, z and then downloaded x.zip from my server taking xx seconds to download at speed x.x. now if you are a member of my site i know user joshx = ip x.x.x.x and i put the two together. not much but definitely a start. Also not worth anything to anyone except the server maintenance guy who would liek to improve download time or page sizes to efficiently increase traffic / reduce costs.

    @C J i would be skeptical probably know your ip because of another site and knew your details from there. there is a whole plethora of ways to track people and trace their ips including scripts that would be able to go through you history in the browser and grab info from previous pages stored in your browser cache. some of these scripts are used by gimmicky sites to show off the authors scripting abilities. while these are impressive there is not much to worry about.

    @ Sabrina. adding to what Leo said if you know i am in Canada and the ip address is general that of Ontario and likely i am int he city of Toronto or Municipality of Markham what does that tell you. I just told you that and i will give you my house number 10 . try and figure out where i live or where I am at. Likely only a very few people can find this info and to them your IP is the least important info you have on the net. Facebook and other sources are at least a million times more likely to leak your private lives as your ip is. Also ip’s change like mine will by tomorrow and then i might be based out of a different city until i have that ip. Paranoia doesn’t help if you want to safeguard your ip anonimize it otherwise best defense is not to call attention to something that just blends in with millions if not billions of others like it.

  32. Leo is right.

    The average citizen (even most above average citizens) are simply of no interest to the government.

    The people who you might think are spying on you have 200 million other adult people to worry about, and they’re only paid to care so much. They have a life, too, ya know.

    Stay within the huge boundaries of normal, legal, and acceptable behavior and you will NEVER be interesting, which is exactly how I like it.

    If you’re the only car going 70mph down the rural highway at 3am, of course, police will find you interesting — they’ve got no one else to watch.

    Now imagine they’re watching hundreds of cars go by at 70mph at 3pm in the afternoon, the interest in any one car drops dramatically.

    Chances are, unless you stand out *on purpose*, there are just too many other people more interesting than you.

  33. two ways for privacy is to use a vpn as this shows one of their ip addresses instead of you and/or use a netbox which is a computer for rent in another country, or like i do use both.

  34. 1st, Charlie Griffith, can you send me some of whatever you are smoking?

    Last week I visited Garmin’s website – I looked at it – nothing more. The next day I got an email full of offers from Garmin. Maybe it was a coincidence, I do own a Garmin.

    A day later I visited a site I’ve never visited before but I am a member of the organization. The very next day I got a telephone solicitation from them.
    Coincidence again?

    I somehow doubt it.

    Just because you’re paranoid it doesn’t mean someone isn’t tracking you on the net.

  35. I loved this!
    “Just because you’re paranoid it doesn’t mean someone isn’t tracking you on the net.”

    Thanks……… “Bill
    January 4, 2013 2:30 PM ……”

  36. Leo
    This is the dawn of BIG DATA. Every piece of data is going to be connected with every other piece of data. No matter how insignificant. Data storage and manipulation is dirt cheap these days. Individually we are not very interesting but to an advertising company, every little piece of data is value added to to the end product. It is not conspiracy, just good business. And that detailed data base is just sitting there for use by someone, for better or worse.

  37. Hi Leo
    Another very good article. Ya got my IP address correct but location was 75 miles away.
    Later when I fiddled about a bit ya did think I was in a different Country 🙂

  38. It’s true that computers are more powerful these days. And it’s true that databases are much larger because of that. But there is still the cost of data storage AND the cost of data maintenance. So there are STILL limits to the amount of data that can be collected on just little old YOU. Does ANYONE have information on the exact number of trees and descriptions in the Black Forest? See what I mean?

  39. If you´re really uptight about being ID´d through your IP address, then you should never look up into the sky while a satelite is flying over and taking picture or for that matter never stand too close to water as your reflection can be seen and maybe photographed by the same satelite. Never visit London or Monaco while cameras are everywhere. Never pull money out of an ATM while here is also a camera looking at you incase you are maybe a crook and want to break into the maschine. Never use a cell phone because it can be orted. Never use a charge card while your payments can be followed….. Basically, never leave your home or bed.

  40. After reading this article, I checked out my IP number on whois. It was “only” 200 miles off and didn’t identify the ISP I’m signed up with. It identified the ISP of the company my ISP is reselling internet service for. So if someone did contact that ISP, they would probably have to go through both companies to get my data.

Comments are closed.