The most common way a website knows who you are.
You’re asking two different questions.
- Can a website identify your IP address? Yes. It’s part of the “show me a webpage” protocol.
- Can an IP address identify you? Not very easily.
Let’s look at these two distinct issues.
Become a Patron of Ask Leo! and go ad-free!
Can a website identify me?
Websites do get your IP address when you visit, but that alone is not enough to identify who you are or where you’re located. Most commonly, websites know who you are because you told them — either by signing in or in some other explicit way.
Your IP address
Here’s your IP address: 40.84.221.210.1
When you view a webpage, the server receives the IP address of the device on your network connected to the internet. Most commonly, that’s the IP address assigned to your router.
If you’re connecting through something more complex — say a corporate network, proxy, or VPN — then that’s the IP address of that equipment’s connection to the internet.
The IP address is a fundamental component of how the internet works. The server must know the IP address to which it should send its response. It’s like the return address on a postal mail envelope — you can’t reply if you don’t know where the request came from.
Your IP address is not “you”
In most homes and small businesses, the IP address is assigned by your ISP to your router’s internet connection.
That identifies you only to the degree you’re associated with that location. Your ISP knows where you live, after all. If you have multiple users or multiple machines, they’ll all share the same IP address through the router.
The average person can’t get at this IP location information. Neither can web servers. All my server sees is 40.84.221.210. Where that IP address is specifically, and whether there’s one person there or a hundred, I can’t tell. It typically takes legal action to force an ISP to release such information.
So, a server knows the IP address through which you connect, and that might be used to identify your location, assuming law enforcement gets involved.
Obscuring your IP address
If your internet connection is through a corporate network, proxy, or VPN, things get more complex. The IP address seen by the web server only indicates the company providing your internet connection, proxy, or VPN service, completely hiding your “real” IP address and location.
In fact, this is one of the reasons that TOR — The Onion Router — exists. It uses a multi-layered series of proxies in such a way that even with things like court orders and legal justifications, your origin IP address cannot be determined.
So to answer at least part of your question: to hide your IP address, use something like a VPN service or TOR.
But your IP address is really only a small part of the issue.
You give away much more information yourself
Any site you log into knows who you are to the extent that you provided accurate information when you signed up or that that information can be cross-referenced elsewhere.
For example, if you register on a site with a specific email address — leo@somerandomservice.com — anything from a simple Google search to behind-the-scenes data-exchange agreements can cause any and all information associated with that email address to be discoverable… and then associated with your IP address.
Consider how much information we post to social media. All of that information could potentially be cross-referenced in a variety of ways, including but not limited to the IP address of the computer(s) you use to sign in. Privacy policies posted by the services we use define how much of this sharing happens and with whom.
And, of course, should those services be hacked… well, hackers have no privacy policy.
Advertising does and does not care who you are
Ads are just content served up by web servers. Advertisers’ web servers know your IP address and can do things like leave cookies so they know which sites (using that same advertising network) you visit.
Well, not you, you, but rather “some computer at your IP address”, since that’s all they really know.
Perhaps.
Until you log in to one of those sites.
If (and it’s a very big if) the site that now knows exactly who you are shares that information with their advertising network (which they should not), then the advertising network knows who you are if you visit any other site on which they provide ads.
So in that sense, it is possible that exactly who you are could be accompanying you to the websites you visit, depending on how you control your personal information, what sites you use, and what services those sites use in turn.
Just how real is this?
I’m always reluctant to talk about online privacy when it relates to advertisers because there are many people who are absolutely convinced that every little thing they do online is being monitored in excruciating detail using the techniques that I’ve outlined above and other similar approaches.
I don’t believe that for a second.
I’ve said it many, many times before: as individuals, you and I just aren’t that interesting.
I log into dozens of sites throughout the day. Many have advertising, and I’m certain many use the same networks as some of the others. I’m just not concerned.
Could they pool all their resources and information — my IP addresses, cookie-based information, surfing habits, account logins and such — to closely monitor what I do?
I suppose they could.
Do I think that they do? No. Why would they spend the time and money? I’m just not that interesting.
Taking steps anyway
Perhaps you really are that interesting. (I don’t doubt there are people who are.)
What do you do?
Well, my knee-jerk reaction is to say, “Stay off the internet, period.” The internet was never designed to provide the level of anonymity and privacy you might need. There are things you can do, but unless you understand them and know how to use them consistently and well, you run the risk of being identified.
If this is an important issue for you, my post How Can I Send Anonymous Email? touches on fake accounts, anonymous proxies, anonymization services, and more.
You generally don’t need to worry about this at all.
No: servers don’t identify you as an individual unless you tell them who you are.
Even then, does it really matter?To me (or actually, my server), you’re just 40.84.221.210. If you happen to be logged in to your Ask Leo! account, I’ll know who you are because you logged in and told me who you are.
Otherwise, you’re just another anonymous visitor.
On the other hand, I’d love for you to tell me who you are: subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week. (Yup, I’ll know your IP address — but then, I already do — right, 40.84.221.210?)
Podcast audio
Footnotes & References
1: Most of the time, this is accurate. If you’re already taking steps as discussed later in the article, of course, it won’t be.
I have a web site. Some other site such as download.com has a link to my web site. When user click the link on download.com, can I get the IP of the person who click the link? If I can, how?
Thank you
Sure. You’ll normally find it in your web server logs. (Exactly where and what they look like will depend on the web server you are running.)
How do you find out the IP address of a website?
When I need to do that I just open a command prompt, and enter “ping ” followed by the website’s domain name.
So are you guys saying that when it says people visited your profile is doesn’t say their name? How do you know then? Just it just say “6 people” visited your profile and then it doesn’t tell you who? That’s dumb. Maybe that website is a good idea then, who knows what kind of weirdos are checking you out.
Yes, but exactly what the code is depends on the server software you’re using and what software is processing that form.
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Yes. Absolutely. The IP of every visitor is typically logged. That’s true for
most all websites.
Leo
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.6 (MingW32)
iD8DBQFGbeNcCMEe9B/8oqERAs/pAJ4lrNyRB0tEnN+agUw0RGYJbo9x0gCfQhZF
0X5u/i/EImXtwdOKcXJMid0=
=FyTV
—–END PGP SIGNATURE—–
I bring my Laptop to work with me, and I connect to the internet through an ethernet cable, from time to time I may visit a raunchy website or two, is it possible for my job to go back and see what websites I have visited, without them checking my computer?
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Can they? Absolutely yes.
Do they? No idea. Depends on the company.
Leo
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFHAVNcCMEe9B/8oqERAoW8AJ4xjF5fDPMBoo/pqnEPEUSzvyCITQCdFwHf
BiIa7rNuD48SLsdnumA2pf0=
=3qt7
—–END PGP SIGNATURE—–
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
I don’t *think* so. I certainly can’t think of a way to do it off hand, but I
also won’t guarantee it. For all I know your computer’s IP address might be
saved away somewhere in the registry.
Note that if you’re behind a NAT router at home then there’s no way for your
OWN computer to know it’s own internet IP address (it only knows the local
address assigned by your router). So in that case your boss couldn’t tell
anyway.
Leo
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFHWIm9CMEe9B/8oqERAgTfAJ4puC1T8uXeV43WYpI4x7qAlAkgeACfWeae
e1DnHcloVL6f2iqgsLcVI6k=
=/clp
—–END PGP SIGNATURE—–
My computer was stolen, If I know it’s ip address, can I send it a note?
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Nope. And I don’t know how you’d get the IP address anyway, since the IP
address is specific to your location. Once the computer is moved elsewhere y
virtue of being stolen, there’s no way to know what IP it would be assigned
unless you had installed some kind of tracking software before it was stolen.
Leo
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFHWtVnCMEe9B/8oqERAr8gAJ4jLSESWj/FEgzCdOl3mI1K1Yna9gCcCUPf
8MupvFX78iHoK8r/FWWhgDM=
=dPPS
—–END PGP SIGNATURE—–
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
It is not possible to directly map an IP address to an email
address. There must’ve been a different way for him find
your email address, or some other place where he found your
IP address and email address together.
Leo
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFHpMNOCMEe9B/8oqERAvUtAJ9HzaBGvNT9xTkjlSDWiP6TCewrCgCfUgC7
F7F7tOn6i88w4J+TImRDvv0=
=ZRIX
—–END PGP SIGNATURE—–
Help, I have a lot of hours invested in qualifying. . .
I entered a free online poker tournament where you qualify for different levels. Now that I have qualified for the Final Tournament, I see it says it’s for “Canadians Only”. Not sure if it was an oversight on my part or if it’s an added thing in the fine print. My Account address says US, but if it was changed and I used the anonimyzer, would they be able to tell if I was playing in the U.S. ?
Thanks in advance Leo !
If your advice leads to me winning $, I will definitely return to buy you many Lattes !
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Static or Dynamic, the ISPs help is required to find you. If they keep records
of which dynamic IP address you were assigned to when, then it’s possible that
** again, WITH THE ISPS HELP ** you could be located. That help typically
requires law enforcement to get invovled.
Leo
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFH+STXCMEe9B/8oqERAiLZAJ4wYMlFx7HXCC6/7UIAMeV4/YD5TgCgilJU
2hPYZLHicCM46KL8h8rT6G8=
=07Iw
—–END PGP SIGNATURE—–
can someone identify me from an email address ? I am in the process of utilizing a yahoo address to collect information for a possible lawsuit and am wondering if there are privacy laws that prevent yahoo from releasing/attaching my name to incoming/outgoing mail.
any help would be appreciated.
Leo i need ur help, i work in a manufacturing firm. we’ve a WiFi connection and i used to download chunksof data incl. movies. Now they r astonished of the sudden rise in bill and are trying to trace it out. Is it possible to trace me??
19-Feb-2009
Hello Leo,
If I am visiting someone’s blog and they have SITEMETER attached to their blog (and lets just say for the sake of my email to you, they have the “advanced sitemeter”) are they able to LOCATE ME PERSONALLY through sitemeter..i.e., are they able to find an ISP number and then locate me?
24-Mar-2009
How do you determine an IP address using only a comment that is left on a website?
13-Jul-2010
Yes your Ip address will be known if you visit a website. For example this site WhoIs shows your Ip address, country and address.
05-Mar-2011
@Josh using server access logs i can tell ip x.x.x.x visited my site at X day of x month of xxxx at xx:xx:xx and from front page or from their landing page went to page x, y, z and then downloaded x.zip from my server taking xx seconds to download at speed x.x. now if you are a member of my site i know user joshx = ip x.x.x.x and i put the two together. not much but definitely a start. Also not worth anything to anyone except the server maintenance guy who would liek to improve download time or page sizes to efficiently increase traffic / reduce costs.
@C J i would be skeptical probably know your ip because of another site and knew your details from there. there is a whole plethora of ways to track people and trace their ips including scripts that would be able to go through you history in the browser and grab info from previous pages stored in your browser cache. some of these scripts are used by gimmicky sites to show off the authors scripting abilities. while these are impressive there is not much to worry about.
@ Sabrina. adding to what Leo said if you know i am in Canada and the ip address is general that of Ontario and likely i am int he city of Toronto or Municipality of Markham what does that tell you. I just told you that and i will give you my house number 10 . try and figure out where i live or where I am at. Likely only a very few people can find this info and to them your IP is the least important info you have on the net. Facebook and other sources are at least a million times more likely to leak your private lives as your ip is. Also ip’s change like mine will by tomorrow and then i might be based out of a different city until i have that ip. Paranoia doesn’t help if you want to safeguard your ip anonimize it otherwise best defense is not to call attention to something that just blends in with millions if not billions of others like it.
Leo is right.
The average citizen (even most above average citizens) are simply of no interest to the government.
The people who you might think are spying on you have 200 million other adult people to worry about, and they’re only paid to care so much. They have a life, too, ya know.
Stay within the huge boundaries of normal, legal, and acceptable behavior and you will NEVER be interesting, which is exactly how I like it.
If you’re the only car going 70mph down the rural highway at 3am, of course, police will find you interesting — they’ve got no one else to watch.
Now imagine they’re watching hundreds of cars go by at 70mph at 3pm in the afternoon, the interest in any one car drops dramatically.
Chances are, unless you stand out *on purpose*, there are just too many other people more interesting than you.
two ways for privacy is to use a vpn as this shows one of their ip addresses instead of you and/or use a netbox which is a computer for rent in another country, or like i do use both.
Leo
This is the dawn of BIG DATA. Every piece of data is going to be connected with every other piece of data. No matter how insignificant. Data storage and manipulation is dirt cheap these days. Individually we are not very interesting but to an advertising company, every little piece of data is value added to to the end product. It is not conspiracy, just good business. And that detailed data base is just sitting there for use by someone, for better or worse.
Hi Leo
Another very good article. Ya got my IP address correct but location was 75 miles away.
Later when I fiddled about a bit ya did think I was in a different Country :-)
It’s true that computers are more powerful these days. And it’s true that databases are much larger because of that. But there is still the cost of data storage AND the cost of data maintenance. So there are STILL limits to the amount of data that can be collected on just little old YOU. Does ANYONE have information on the exact number of trees and descriptions in the Black Forest? See what I mean?
If you´re really uptight about being ID´d through your IP address, then you should never look up into the sky while a satelite is flying over and taking picture or for that matter never stand too close to water as your reflection can be seen and maybe photographed by the same satelite. Never visit London or Monaco while cameras are everywhere. Never pull money out of an ATM while here is also a camera looking at you incase you are maybe a crook and want to break into the maschine. Never use a cell phone because it can be orted. Never use a charge card while your payments can be followed….. Basically, never leave your home or bed.
After reading this article, I checked out my IP number on whois. It was “only” 200 miles off and didn’t identify the ISP I’m signed up with. It identified the ISP of the company my ISP is reselling internet service for. So if someone did contact that ISP, they would probably have to go through both companies to get my data.