Is your local IP address used to better "fingerprint" a specific user? As far as I understood TCP connections, your local IP is send to the remote server in IP packets. It could add to the overall identification.
Asked
Active
Viewed 2,003 times
3 Answers
4
It could, and it does, but not as much as you'd think. Your IP address can be unique or it can be different on a per-user bases.
If you live alone and have your own cable model, then - for a while - you'll have a unique address. However, at some point, your lease will be up and you'll be assigned a new address and somebody else will be assigned yours.
If you live with a family, then all of you use the same cable modem and same IP (i.e. the IP you got from the last person who lives alone), so now your address represents multiple people.
If you're using a cell connection, you're almost certainly sharing an IP address with everybody else - and your IP may change from tower to tower or faster.
Basically, IP addresses are an unreliable indicator of identity.
iAdjunct
- 1,710
- 10
- 15
4
IP addresses were never designed as a secure means of identifying anyone, and you should be wary of trusting them to perform a security function.
There are several reasons not to, but the main one is that IP addresses are not static, and are constantly changing.
Network Address Translation (NAT) is used by network administrators everywhere to support more IP nodes than IPv4 can handle. This means that the external IP address received by the server is the same for everyone in that network.
DHCP can assign new IP addresses to existing clients. As clients connect to various network access points in a building, they may be given the same IP address, or a different one.
Clients are mobile, and can change who is providing their network, such that when a WiFi client leaves their building, their device automatically switches to using its 4G provider, on a different network with a different address.
Don't try to use a non-security attribute for a security purpose. It rarely works as well as you think.
John Deters
- 33,650
- 3
- 57
- 110
1
"fingerprinting" is a very vague term when applied to IT.
There is a branch of IT forensics which uses the peculiarities of different TCP stacks as a means of identifying the operating system from the packets it emits which is generally referred to as TCP fingerprinting - but that's not what you seem to be talking about here.
I assume that you are talking about device fingerprinting as described by the Panopticlick project. This is all about collecting a large number of system parameters which are likely to change at the same time and (in application) used to uniquely identify a specific device.
The problem with IP addresses is that they often change over a much shorter lifetime - certainly over a different lifetime. If someone were to approach me and ask where Sanjihan is, I might say he's the guy in the blue shirt two desks over. And for a very short time that might be true - until you either changed your shirt or your desk. These will not occur with the same frequency. In other words, an IP address is an indicator of identity, a fingerprint is a different, orthogonal, indicator of identity.
Typically a device fingerprint is composed of a large amount of information. So much so, that its difficult to make value judgements in comparing records - hence commonly this will be reduced to a fixed size hash. Indeed that it is a hash of a larger dataset means that its only possible to have 2 outcomes for a comparison - the same or not the same. There is no "similar but slightly different". Hence grouping of attributes which change at the same time is therefore a prerequisite for a device fingerprint.
A lot of value in fraud investigation comes from triangulating different pointers. But don't confuse devices with people and be careful how you aggregate the scraps of information.
symcbean
- 18,278
- 39
- 73