The Myth and the Truth of the IP Address Tracing

Many people are under the misconception that it’s easy to trace the physical location of the computer to which an internet IP address has been assigned and thereby identify the computer’s user.

It’s certainly not easy and depending on who you are it may not even be possible.

An IP or “Internet Protocol” address is the unique number assigned to every device such as a computer on a network so that data can be routed to and from that device and no other. Much like your postal mailing address identifies the physical location of your post box and allows your mail carrier to know where to deliver your mail, a device’s IP address is what allows the internet to know where to send the data destined for your computer.

But while an IP address is like a physical address it’s important to realize that’s not what it actually is.

IP addresses are assigned not based on where you are, but based on where you get your internet connectivity. The IP address that might be assigned to your computer at home might be radically different than the one assigned to your neighbor’s computer next door if you use different ISPs. Even if you used the same ISP there are no rules or practices that would make your IP addresses necessarily appear “close” to one another in any sense, other than the convenience of the ISP.

And yet somehow television and movie dramas would have us believe that given just an IP address a criminal can be located in minutes.

It’s nowhere near that easy.

Publicly available information about an IP address will tell you which ISP is providing that address, and not much else. Some additional information may be available that indicates the general area that an IP address might reside, but that can be as general as telling you only what country it’s in, or perhaps what city but rarely, if ever, anything more specific. Services that claim to be able to pinpoint the location of a specific IP address using only publicly available information are misleading at best.

The ISP holds the key. The ISP that “owns” the IP address that is assigned to your computer also knows where you live. It’s there that they send your bill or hook up the wires. If you’re on dial-up, then in conjunction with the telephone company they know which phone line you’re using to dial in, and once again the phone company knows where that line terminates.

Most ISPs adhere to a strict privacy policy that prevents them from disclosing that information to just anyone. That’s why on your own you may be able to identify the ISP involved and nothing more.

You’ll need help.

This is where the legal system enters into the picture. Police and the courts can, with appropriate cause, request or even demand that the information be provided. Most typically that implies that the law enforcement professionals go to a judge, provide evidence that there is reasonable cause to believe a crime as been committed, at which point the judge issues a court order compelling the ISP to release the information.

If there’s nothing to suggest that a crime has been committed then in theory even law enforcement cannot get the information.

This puts those who are perhaps being victimized by cyberbullying and other online harassment at a disadvantage. It means that as long as the the activity stays “legal”, then there’s little that can be done to trace the offender. Fortunately many locations are putting into place laws that more directly address these situations and which law enforcement can use to trace the offenders.

While it’s certainly important that IP based location information be available when needed, your privacy is also an important concern. Since your computer’s IP address is easily available whenever you use the internet you don’t want someone to randomly locate you by using it.

ISPs and service providers are important gatekeepers of that privacy.

The truth is that yes, an IP address does in fact uniquely identify a computer connection to the internet, and that information can be used to determine a physical location. However the myth is that it’s easy, and it’s not. Important privacy practices prevent that level of detail from being available to the general public; ISPs, service providers and typically law enforcement must be involved.