Wednesday, June 6, 2007

National Internet Safety Month: what does your IP address reveal about your location?

June is national Internet safety month. To show support for this cause I will post a series of blogs addressing issues of Internet safety. Some postings will be to promote our new safe search engine for kids, Piffany, but many will be much more general. My first post is regarding the cardinal rule of Internet safety:

Never give out personal information that might give away where you live

This is obviously a very good rule to remember, but how safe are you really? Did you know that your geographical location can be determined from your IP address? Scary, huh? It's true. An IP address is a unique identifying number used by computers to route content on the Internet from computer to computer. Do not confuse them with URLs. IP addresses look like 24.91.135.203, whereas URLs look like www.piffany.com. An IP address is like your computers phone number or street address--some cell phones have them too. Every computer that accesses the Internet is assigned an IP address.

One free service I found returned the image seen below when I visited there. Yup, that's me (red ball slightly above and to the right of Cambridge). It also listed detailed information about my city, and nearby cities and towns, including latitude and longitude. If I were, say, a high school student, how hard would it be to track down my high school? Not hard. If you knew my last name and my geographical location, an Internet phone directory will give you my my phone number, from which my address easily follows using a reverse lookup service. The reverse lookup I tried even offered a service for unlisted numbers. My number is unlisted, and it returned my old address in nearby Cambridge. I guess I'm safe for now.

Will these sites show me the location for an IP address other than my own? Yup, I tried a friends to confirm that the location was correct. By the way, I am intentionally leaving out information about the sites I used for this blog, but they are easy to find on the Internet.

How Hard is it for someone to get my IP address?

Fortunately, not just anyone can get your IP address. If you host a website on your own server then you can easily obtain the IP addresses of people that visit your site. There are also many CGI scripts available that can be installed on hosted sites. A potential predator could lure you to their server with the malicious intention of retrieving your IP address. This requires some sophistication and judging by the characters caught in the act by Chris Hansen on Dateline's To Catch a Predator, most Internet predators are not savvy enough to pull something like this off, or at least, let's hope not. The most difficult step in locating someone on the Internet is getting their IP address, and that's not too difficult. After that, relatively little work is required before a predator is knocking on your door.

What can be done to safeguard against this?

You can't spoof (fake) an IP address. You can spoof just about anything else, but not your IP address because that is the identifier by which computers on the Internet ensure content is delivered to the right computer. One possibility for hiding your IP address is by using a proxy server, but I am not aware of any services that offer proxy servers for this purpose. It would be expensive for Piffany to offer such a service, though we have discussed it in the past. In general, before committing to a chat room or any website that is social, make sure it doesn't display the IP addresses of its users. You have probably seen before entries like 'David is logged in from 24.91.135.203'.

What does Piffany plan to do about this problem?

For starters, we won't display a users IP address to the public. Piffany's CeSAR algorithm does make it unlikely to find in our search results a website set up with malicious intent, because like PageRank, HITS, and other authority based algorithms, CeSAR uses link structure to determine a sites rank. So friendly communities of sites that you trust won't link to those malicious sites. CeSAR ranks web pages by their proximity to clusters of sites on a particular topic, of interest to a particular group, or that are frequented by a particular age group. Hence, if a website is not acknowledged by an established cluster frequented by 8-10 year old kids, for example, then it will not likely be listed highly in a search performed by 8-10 year old kids. In order to make this trait more effective we only return the top 100 search results. Also, we are experimenting with systems and methods to verify that users who register as kids are actually kids; any suggestions on how to do this are welcome. Initially, we were thinking that we might ask the potential registrant a question about their school. With a lot of users, statistics can help identify legitimate answers, but initially, we will just have to verify them ourselves. The best hope we have is that responsible users will report to us when they find a suspicious user or site.

That's it for now. I hope to see some stimulating comments, so feel free to respond through the link below, and remember,
beware of web sites that publicly display your IP address.

Stay tuned to this blog for our next topic: Internet content rating systems.
Suggest a topic to me at david(at}piffany[dot]com


About Piffany
Why should a 9-year-old and a 29-year-old get exactly the same search results? Piffany is a search engine that strives to safely bring the full potential of the Internet to kids by allowing them to adjust the difficulty level of their search results. To ensure the safety of our search results, we are researching a new Internet content and safety rating system that is similar to ratings given for TV, movies, and video games. Visit us at Piffany.com.

1 comment:

Anonymous said...

I did like the layout !
As the first member from Norway - I suppose - I am looking forward to the day you can remove the "beta" label.

BTW - your IP address is not something we should bother young children with.
The experienced user has the skills to narrow the addr. down to - lets say "cambridge- Boston"" BUT he\she would not be able to pinpoint 160 Lakeview drive.That calls for expertice - and sheer madness...................

(sorry about the use of your adr. , Diane ....)

Steppenwolf