Bet you didn't know...IP harvesting, it happens here all the time!

[+GeoTeam Maggi]

If they can do anything with it, it's the IP owner's fault. Get a firewall to keep 'em out. They can't use it for anything but getting back to the IP owner. Besides, most IP's issued are dynamic and different at ever log on.

[+The Frantic Cachers]

Well....since it seems to be bothering some people it would only be polite to make this the last post with this sig.

 

[Fakk 2]

"harvesting" an IP address is a great way to survey a person without actually stopping them and asking them to fill out a form which most people wouldnt even know what an IP address is let alone what theirs was. Its the same thing with cookies. Harmless txt files that let a site know how often you visit, when, and waht OS, System you are using. Its Demographics. Considering I use about 5-10 different computers to log into this site, I could care less about someone collecting an IP address, or Addresses from me. Not saying this is why, but just putting a 1x1 pixel image, it will load fast, and not chew up bandwidth.

 

GeoCache Pickup Line: Hey I'm looking for treasure, Can I look around your chest?

[+Team Og Rof A Klaw]

quote:

---

My choice wasn't there. Actually I couldn't care less. Does any ISP actually use static IP's anymore? Most of us come in on one IP address today and another tomorrow.

---

Someone who's really nasty could hack you while you've still in the same session.

 

It'd be hard, though not impossible, to correlate the page load with the person, to attack a particular user. The bigger risk may be from spamballs who want to pirate your machine and don't care who they hack.

 

____________________________

- Team Og Rof A Klaw

All who wander are not lost.

[+RuffRidr]

quote:

---

Originally posted by Woodsters Outdoors:

I don't see the big deal about the IP address thing. It's nothing private. So what if htey harvest your IP address, what is the outcome? What are they going to do with it?

---

 

Well, once they knew your IP address they could tell anytime you checked out any of their caches (assuming static IP of course). Wouldn't it be kinda erie if you were thinking about doing a certain cache and you were checking out the page fairly regularly. Then all of the sudden you get an email saying, "why don't you quit looking at the cache and go do it!", or "I don't like you, please don't do my cache." Or maybe they would see you are checking out the page a lot and figure you are going to be doing it soon. So they stake out the cache, and "accidentaly" bump into you on your way to the cache.

 

The only way I can see to prevent this is to make it so that all images have to be hosted by gc.com.

 

--RuffRidr

[+RuffRidr]

quote:

---

Originally posted by Team Og Rof A Klaw:

quote:

---

My choice wasn't there. Actually I couldn't care less. Does any ISP actually use static IP's anymore? Most of us come in on one IP address today and another tomorrow.

---

Someone who's really nasty could hack you while you've still in the same session.

---

Or even worse than that, they could set up a script that would take advantage of any of the vulnerabilities that are currently out. The script would then inject a backdoor onto the system. Once the backdoor is in place they would own you. They could find out usernames, passwords, credit card #'s, read your email, whatever.

 

--RuffRidr

[SE7EN]

I'm curious, Canadazuuk, was that why you were "so disappointed" that I didn't reply to your private message right away? Is that why you attacked me here?

quote:

---

benign sock puppets don't peddle female flesh online

---

And then here?

quote:

---

It seems obvious that SE7EN doesn't get it

---

 

But then you noticed I did respond to your private topic prompting this response directly below:

quote:

---

There are some rules about sockpuppets aren't there?

 

But since SE7EN responded to my private topic...

 

I will forget this thread and drop it...

---

 

Is the reason you dropped it was because you embedded an image in that private message and when I did respond, you saw it wasn't who you thought it was? I was curious that you PMed me about the subject right out of the blue and I was the only one you invited. How many others did you go fishing for? How many others got a PM and they were the only one that you invited?

 

Does the ends justify the means in your hunt for the pirates?

[Swagger]

And I thought *I* was paranoid!

 

Relax, guys. You have much more to worry about from the script kiddies and Windoze worms scanning your cable/dsl netblocks looking for vulnerabilities.

 

The "random quote" below is an image loaded from my web server. Do I get your IP address when you load it? Of course. Do I care? Nope. Should you? Nope.

 

As for the single-pixel-somewhat-hidden graphics, my guess is that the person(s) doing this simply want to see how many people are visiting the cache page and don't want to use one of those stupid, inaccurate page counters. You're more likely to win the lottery than have the information they're able to collect used against you in any way.

 

I've had to clean up a number of hacked machines, many of which were at the company I work for when I began working there. I know the risks of having a machine on the 'net and can say that you're putting much more information at risk by using Kazaa than by loading a graphic hosted on another server.

 

Relax, have a beer and forget about this. Really. All you're doing is shortening your life by stressing about it. If you're that concerned about sharing your O/S and browser with the world, buy an Anonymizer.com account.

 

--

Pehmva!

 

Random quote:

[+HartClimbs]

Actually, I don't like it either. I don't think there's anything nefarious at work, it's just a little intrusive.

 

Commercial websites have posted privacy policies. Some of the sig lines are from sites that have pretty lax policies - and the point is - they're not covered under GC.COM.

 

If you surf Yahoo or Google - they collect info on your habits and acknowledge it. There's an assumption that reading the forums - GC.COM (or more specifically Groundspeak) is tracking usage, but I didn't think that assumption extended to users of this site. Again - nothing nefarious, just a little intrusive.

 

It is funny, however, reading all these posts about how people don't care - and privacy's moot, when most people post behind usernames and avatars. People have used the analogy of IP address is like a phone number and most people don't leave their phone numbers in their profiles for others to read - so there's obviously some value in privacy. Plus, much of this is hidden - but I'm guess that's just a coincidence.

 

Lastly, the fact that YOU don't care about tracking bugs, doesn't mean other people may not (especially tracks without their knowledge). You're free to give out your home phone number.

 

-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Take everything you like seriously, except yourselves. - Rudyard Kipling (1865 - 1936)

[SE7EN]

quote:

---

Originally posted by Cruzin!:

If you're that concerned about sharing your O/S and browser ...

---

 

Personally, I'm not worried about anyone getting past my firewall, it's pretty tough.

 

I just find it deceitful that someone may use the facilities of this site and embed an image in a PM to see if your IP matches the IP of another person--especially when they attack you publicly because you don't respond to their probe.

 

Yeah, and before you attack me for being a sockpuppet. I'm not lying about who I am. This is only a different persona than the one I log caches under. You probably wouldn't know my caching persona either, so there is really no difference between this one and my "real" one.

[+bigredmed]

quote:

---

Originally posted by SirRalanN:

quote:

---

There is NO reason I can see to collect the information at all. It's just rude and an invasion of privacy.

---

 

How is it rude, it is just somebod wasting their time on massive ammounts of data. Data they probably will never use or find a use for.

 

Now where did I set my GPS??? http://planetrobert.net

 

Assuming some out of work techie doesn't decide to make a mortgage payment selling these addresses to spammers...

 

_____________

 

It's Hockey time in Omaha!

[BassoonPilot]

quote:

---

Originally posted by SE7EN:

Yeah, and before you attack me for being a sockpuppet. I'm not lying about who I am. This is only a different persona than the one I log caches under. You probably wouldn't know my caching persona either, so there is really no difference between this one and my "real" one.

---

 

That's not allowed unless you are an approver or someone who mines ISP information without consent.

[+woodsters]

quote:

---

Originally posted by RuffRidr:

quote:

---

Originally posted by Woodsters Outdoors:

I don't see the big deal about the IP address thing. It's nothing private. So what if htey harvest your IP address, what is the outcome? What are they going to do with it?

---

 

Well, once they knew your IP address they could tell anytime you checked out any of their caches (assuming static IP of course). Wouldn't it be kinda erie if you were thinking about doing a certain cache and you were checking out the page fairly regularly. Then all of the sudden you get an email saying, "why don't you quit looking at the cache and go do it!", or "I don't like you, please don't do my cache." Or maybe they would see you are checking out the page a lot and figure you are going to be doing it soon. So they stake out the cache, and "accidentaly" bump into you on your way to the cache.

 

The only way I can see to prevent this is to make it so that all images have to be hosted by gc.com.

 

--RuffRidr

---

 

Oh Geez...

 

I've worked years with convicts and the mentally insane, am I gonna worry now about a cacher?

 

Brian

www.woodsters.com

 

[+MaxEntropy]

Originally posted by Bloencustoms:

While it may not be common knowledge, it's no secret that some of the users of these forums can get your IP address any time you view a thread they have posted in. This really is no big deal, every time you visit any website, your IP is logged. Still, now that you know people are "spying" on your IP adress, how do you feel about it?

QUOTE]

 

You need to get off the computer networks.

Get rid of your credit cards, cancel your internet, cable, phone, gas, ATM and electricity.

Don't use anything connected to a computer because when Skynet achieves self-awareness, it's going to send someone out to get you!

 

Mickey

Max Entropy

More than just a name, a lifestyle.

[+RuffRidr]

quote:

---

Originally posted by Woodsters Outdoors:

Oh Geez...

 

I've worked years with convicts and the mentally insane, am I gonna worry now about a cacher?

---

 

No where did I say you needed to be worried about it. You asked:

 

So what if htey harvest your IP address, what is the outcome? What are they going to do with it?

 

I answered. If you were going to respond like that, why even ask the question in the first place?

 

--RuffRidr

[+xenophon10k]

Big deal. So what? You can get my IP, but that's all you're getting. Just try to get past my firewall.

 

Put that fweakin' sandwich down!

[+Marsha and Silent Bob]

Who cares? So they know your IP? Big deal. First off block all requests to your computer (via a router/firewall w/no incoming ICMP requests allowed in). Then block all other incoming connections (which is most likely the default behavior).

 

They will not even know your IP is there when/*IF* they check.

 

If you don't like shady dealings on the Internet I suggest you use something else (ie public libraries, Internet cafes, anonymous transparent proxies, etc).

 

Someone having your IP is not a huge deal. on my cache page the images come from MY webserver. When you goto the cache page I get your IP, oh no! What do I do with it? Nothing. You know why? Because it doesn't mean squat. Yay, 66.41.x.x hit mngca.gif and cito.jpg (66.41.0.0/16 is firewalled from accessing my webserver BTW).

 

If you are that scared about people harvesting your IP force a MAC address change on your ethernet card, ipconfig /release ; ipconfig /renew and get a new IP every 2 hours...

 

Would that make you feel safer when they do a port-scan of everyone on your subnet and find you anyway?

 

Please quit the paranoia.

 

Just my worthless .02,

Silent Bob

 

 

[This message was edited by Marsha and Silent Bob on October 07, 2003 at 11:35 AM.]

[+fractal]

quote:

---

Originally posted by canadazuuk:

...

If people were not aware of the issue, then they have learned something perhaps.

...

---

Awareness.. Good point.

This is actually the first I've heard of this.

And now that I think about it, I have an off-site picture on my profile.. I could be collecting IP's!! But I'm not gunna!

 

The issue doesn't really bother me, and just because I haven't changed my browser settings to counteract it, doesn't mean I accept it as right.

 

I guess I don't mind people knowing SOME basic info about me... I don't think it's on the same level as 'peeping-tom', but if they were downloading my private picture stash off my hard drive without me knowing, then THAT would be like a peeping-tom!

 

Thanks again for the awareness... Learn something everyday!

 

-fractal

 

-=-=-=-=-=-=-

N 45* 30.ish

W 122* 58.ish

[ju66l3r]

quote:

---

Originally posted by Woodsters Outdoors:

What are they going to do with it?

---

 

<- Something like this?

 

--

 

http://magazine.audubon.org/features0101/goodwood.html

[ju66l3r]

quote:

---

Originally posted by RuffRidr:

Or even worse than that, they could set up a script that would take advantage of any of the vulnerabilities that are currently out. The script would then inject a backdoor onto the system. Once the backdoor is in place they would own you. They could find out usernames, passwords, credit card #'s, read your email, whatever.

---

 

This wouldn't be useful to do through this website. It's *FAR* more efficient and easier to setup a zombie (computer under your control) to test the exploits you want to test by one IP at a time just going through a series (trust me, they already know which IPs are comcast, AOL, etc) and just scan the IPs sequentially until the exploit works (when it doesn't, they just try the next one). This type of port scanning is going on all the time and is much faster and provides MANY more hits than any IP harvester on gc.com is ever going to do.

 

I'd be willing to bet that no one gathering IPs here is doing it to test your system for vulnerability.

 

--

 

http://magazine.audubon.org/features0101/goodwood.html

[ju66l3r]

quote:

---

Originally posted by Marsha and Silent Bob:

If you are that scared about people harvesting your IP force a MAC address change on your ethernet card, ipconfig /release ; ipconfig /renew and get a new IP every 2 hours...

---

 

Just a minor tech-geek clarification:

 

ipconfig will change your DHCP-given IP address (WinXP/2000). winipcfg for Win98/ME. A MAC address change (hardware level...only on configurable NICs) is NOT advisable and not easily done. Most people's ISPs use the MAC address of their NIC to keep track of how many computers they are tunneling to the same connection. As such, if the MAC were to change, their ISP *might* have filters to stop the connection (I've had this happen with my laptop when I go to my parents' house).

 

--

 

http://magazine.audubon.org/features0101/goodwood.html

[+woodsters]

quote:

---

Originally posted by RuffRidr:

Originally posted by Woodsters Outdoors:

Oh Geez...

 

I've worked years with convicts and the mentally insane, am I gonna worry now about a cacher?

 

No where did I say you needed to be worried about it. You asked:

 

So what if htey harvest your IP address, what is the outcome? What are they going to do with it?

 

I answered. If you were going to respond like that, why even ask the question in the first place?

 

--RuffRidr

---

 

Here's part of what you stated before:

 

quote:

---

Or maybe they would see you are checking out the page a lot and figure you are going to be doing it soon. So they stake out the cache, and "accidentaly" bump into you on your way to the cache.

---

 

Once again i'm not afraid....

 

Brian

www.woodsters.com

 

[+planetrobert]

66.191.24.54

 

 

well no worrying about harvesters now.

 

Now where did I set my GPS??? planetrobert.net

[+Team Spike]

If you visit a web page with an advert on it from one of those large advertising networks, they try to put a cookie on your machine to identify you. Because they are on a large number of sites they can track you from site to site a lot of the time. I wonder if someone could do the same thing using html in their signature?

 

The solution is to make sure you have a browser that allows you to reject "third party cookies". Internet Explorer provides this in the custom security options.

 

I'm more worried about that kind of thing than my IP address. It would be insane however to have a broadband connection to the internet with static IP and no firewall.

 

Groover

[+planetrobert]

heh, ah yeah it is static too

 

am i worried now, NO

am i going to unplug... NO

i am going caching... and you all can sit here and worry yourselves to death

 

Now where did I set my GPS??? planetrobert.net

[+woodsters]

Better get one of them advertised software that will clean your hard drive, because you could go to jail with whats on it....lol

 

Brian

www.woodsters.com

 

[Fakk 2]

Someone above posted about not posting our phone numbers, Umm, I believe I get a book every year with thousands of phone numbers in it. Do I call them all? no. Oh look it even has the address and name next to it. Hmm oh look I I go into IE and type a .com after whitepages I can search the whole U.S of A. IPs are no different. They just change more frequently. You want to attack my computer? Go ahead. I have nothing on it of value, That computer is not connected to the internet, or to any other computer. So feel free to trash my system, I just toss my Recovery cd, my software and I am back in business. yeah I lost maybe 4 hrs reinstalling big deal.

 

If you want my phone number to call, well thats what my answering machine is for and why my phone ringer is turned off.

 

As for why we use alias names and avatars, it allows to be someone, something different. It allows you to use a symbol to identify the type of person you are, not a physical representation. My name is James Duke, does that say anything about who I am? no not really, does my Handle Dream Alchemist say anything about who I am. A lot more than my real Name.

 

So for those that didnt know, you learn something. but don't let people scare ya,that is what Action NEWS 5 is for and all the other news stations and media is for.

 

GeoCache Pickup Line: Hey I'm looking for treasure, Can I look around your chest?

[+parkrrrr]

quote:

---

Originally posted by Team Spike:

If you visit a web page with an advert on it from one of those large advertising networks, they try to put a cookie on your machine to identify you. Because they are on a large number of sites they can track you from site to site a lot of the time. I wonder if someone could do the same thing using html in their signature?

---

Answer: yes, sort of. You can't put HTML in a forum post, of course. But it's possible for my signature to track you with cookies even though it's just an image. It wouldn't know who you are, of course, but it would be able to correlate your visits from day to day.

 

In case you're starting to worry, my signature does not track you with cookies. Your IP address gets logged in my webserver logs, but that's as far as it goes. I really don't care how many times you read my posts or what order you read them in or whatever.

 

In reality, due to (non-geo) caching, proxying, and general inaccurate timekeeping, it's nearly impossible to get a 100% reliable poster-to-IP correlation just from the logs. Dozens of people are reading a given thread at any given time, especially if it's new or popular. And remember, the time that will show up in my log is when you downloaded the image, which is to say when you loaded the thread into your browser, not when you decided to reply to it, which could be several minutes later. If I even want to have a prayer of associating an IP address with a given post, I have to have at least half a dozen hits from that poster before I can count on finding a pattern. Doing the bookkeeping to do that kind of snooping is hard work, and nobody sane is going to just do it on a lark, especially since the payoff is usually so small. I'm not saying I've never used the logs to figure out who a sock puppet really is, but it's not something I'd want to do every day.

 

The real value of my logs, to me, is to watch for referrals to the other things on my site. Not my signature, which gets by far the most hits, but things like my home page, or GPXDoc, or what-have-you. Those referrals can help me to track down places where my stuff is being talked about that I hadn't seen.

 

[+canadazuuk]

quote:

---

Originally posted by SE7EN:

 

I'm curious, Canadazuuk, was that why you were "so disappointed" that I didn't reply to your private message right away?

---

 

Nope. I was disappointed that you didn't want to discuss the private issue I raised. You claim to be another well known or fairly wellknown member, and I thought you may have some insight about the topic.

 

quote:

---

 

But then you noticed I _did_ respond to your private topic prompting this response directly below... Is the reason you dropped it was because you embedded an image in that private message and when I did respond, you saw it wasn't who you thought it was?

---

 

Definately not. I do not control any images, hidden or otherwise, on my cache pages or profile that link from another site. I do not collect and correlate IP information.

 

quote:

---

I _was_ curious that you PMed me about the subject right out of the blue and I was the only one you invited. How many others did you go fishing for? How many others got a PM and they were the only one that you invited?

---

 

I am part of five measly PMs. I was not included in any group discussions relating specifically to finding out about 'pirates'. I have one PM with another single user, and they started it.

[+canadazuuk]

quote:

---

Originally posted by SE7EN:

 

I just find it deceitful that someone may use the facilities of this site and embed an image in a PM to see if your IP matches the IP of another person--especially when they attack you publicly because you don't respond to their probe.

---

 

One could imbed an image in the open forum and probably achieve the same results if they wanted.

 

As I said, I do not collect and correlate IP information. I have no idea who you are SE7EN.

[+SearchRescueDog]

If anyone thinks that an IP address is something private then they need a wake up call. By typing gc.com in you browser window YOU are making contact with the server. This is just like YOU picking up the phone to make a call.

 

If you call me at home I have you number on caller ID and your address mapped out on my computer screen. YOU provided this information to me by dialing my number. If you do not want me to know who you are, don't call me. The same applies to the internet.

 

All an IP address will tell you is where someone resides on a network. It does not give you an physical address to your home or a phone number to your home. As many people have pointed out many ISPs use dynamic IP addresses. For Dial-Up customers this gives you a new IP address every time you connect. For Cable/DSL/ISDN users you would get a new IP when the DHCP lease expired 1day/1week/2weeks.

 

I have a static IP address and will tell you right now that my IP is 147.157.18.240 and my ISP is Verizon. It is my responsibility to protect the equipment connected to that address just as it is my responsibility to protect the property in my home. That is why firewalls are created just like locks on the door of you home.

 

 

[This message was edited by SearchRescueDog on October 07, 2003 at 03:00 PM.]

[+canadazuuk]

And BTW SE7EN, you were invited to a private topic, because I had no way of e-mailing you through the bot.

 

You went to great lengths to doctor your profile page and make it nearly impossible to view any of the normal gc.com functions.

 

I am surprised that gc.com even allows this.

 

Are you sure you aren't *my* paranoid sock puppet?

[+CO Admin]

as long as this post was semi sane it was allowed to stay open. Personal attacks back and forth will not be tolerated

 

This post is closed

 

I work for the QOFE that works for the Frog

The Frog is my friend