33

So I was going through my email and accidentally clicked on a suspicious link. It was a quickmessage.io link, which I had no clue what it was. When I clicked on it, my anti-virus came up and blocked it from accessing it, saying that the link may be harmful and may want to steal your info. I clicked off it and didn't go further than that.

I looked into it and apparently, it's an IP tracker website. Now I'm scared that whoever it was now has my IP address and maybe my home address. Is it possible to get one's home address through the IP address? Is it possible that they have it, even if I clicked off it with my anti-virus?

I went into shock mode and straight away downloaded a VPN. Am I safe?

donjuedo
  • 659
  • 1
  • 5
  • 8
A.james
  • 339
  • 1
  • 3
  • 3
  • [Which](https://thatoneprivacysite.net/vpn-section/) VPN have you downloaded? Did you know that mere [interest in VPNs will get you targeted by the NSA](https://www.makeuseof.com/tag/interest-privacy-will-ensure-youre-targeted-nsa/)? – Dan Dascalescu Sep 13 '18 at 21:28
  • 11
    Did you know that a lot of people who provide VPN services do so only because that enables them to snoop on everything you do on the internet? Be sure you are able to verify the legitimacy of your VPN provider or it will definitely *decrease* your security. – Nobody Sep 13 '18 at 21:46
  • 1
    I agree with all above answers that if you are worrying about you physical location than it's not easy to crack. I may be out of context, but just wanted to let you know that getting someone's IP address is first step. It may be used to get open port from your devices and may trying to find venerability. Best option: if you can restart your reouter ; do that. Your ISP will get you new ip and things will be back to normal. Just a word of caution however this type of incident really doesn't matter. + This is just a peace of mind + – PrashantKC Sep 13 '18 at 16:35
  • 51
    Did you know that the owner of every website you visit knows your IP address? – user253751 Sep 13 '18 at 22:52
  • 2
    @DanDascalescu So does simply existing. All of those bold claims are misrepresentations of XKeyscore rules. The fact is, _everything_ gets you targeted by the NSA. That is why it's called dragnet surveillance. – forest Sep 14 '18 at 00:40
  • 1
    @DanDascalescu I just clicked your link - am I now being surveilled by the NSA? – Mawg says reinstate Monica Sep 14 '18 at 11:44
  • A simple demonstration of how ineffective IP addresses are: A few days ago my internet was out for the entire day. (I rather suspect due to somebody with a backhoe,) I used my phone to access my ISPs site to see what was up--and it was rather obnoxious about trying to interest me in internet service. Complete with a pop-up that identified they didn't offer service at my location. (Obviously, where my cell company sends it's data out.) – Loren Pechtel Sep 16 '18 at 04:31
  • From what you wrote, it seems as if your AV intervened *before* the suspicious site was accessed ...? – Hagen von Eitzen Sep 16 '18 at 19:51
  • Disclaimer. I own Grabify. If you want your data removed as you clicked on the link by mistake, then you can go here to remove it: https://grabify.link/removeme Also, no they dont get your physical location, only a country and city estimate from your IP address – jLynx Sep 18 '18 at 01:00

10 Answers10

74

First: almost every single site out there is an "IP logger". Every server logs at least this information:

  • IP address of the client
  • Browser type and version
  • Operating system
  • Which site they came from (the Referer)

So, not only does this site have your IP address, but each site you ever visited has your IP address in their own logs. A few, very few sites won't log any information, but they are a negligible minority.

But you don't need to be paranoid. The IP address alone is not enough to get your name, your home address and the kind of car you drive. It's possible to correlate information and get close to that, but it's not something you will have to be worried about, unless someone is being paid to track you specifically. It's expensive, takes a lot of work and time, and does not always work, so don't expect a full tracking mode to be started just for you because you clicked a link.

Concerning GDPR:

6.1 Processing shall be lawful only if and to the extent that at least one of the following applies: f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party

I am not a lawyer, but in sysadmin circles, it seems that protecting your service or a third party from fraud or security violations are legitimate reasons to log an IP address, and thus are legal under GDPR.

Peter Mortensen
  • 877
  • 5
  • 10
ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
  • 9
    European-based sites shouldn't store full IP addresses under GDPR. Specifically in Germany it was forbidden even before GDPR. – kubanczyk Sep 13 '18 at 17:33
  • 30
    @kubanczyk, if european websites weren't allowed to store IP addresses, then they wouldn't be able to report any crimes to the police or block malicious traffic. Investigations without knowing the IPs would probably be too hard. As ThoriumBR said, I would say that logging the IPs is definitely a "legitimate interest" allowed by the GDPR. – reed Sep 13 '18 at 18:07
  • 1
    How could someone that's not the ISP track an IP address to a home address? Unless you mean someone with access to something like Amazon.com logs, and can somehow search for an IP address associated with an account (or similar common website) – Steve Sether Sep 13 '18 at 18:08
  • @SteveSether ISP surely knows your home address, but a dedicated and funded attacker can make you willingly disclose your own address. Like following you around, discovering your interests and asking your home address for sending something you really want. – ThoriumBR Sep 13 '18 at 18:11
  • @ThoriumBR How could someone follow me around with only an IP? Unless you've left open ports in your network it shouldn't even be possible to communicate with someone with only an IP address, so I'm unclear how you'd ask them anything. I'm sure you could do that on an online forum, but that requires an online identity like a pseudonym, not an IP. – Steve Sether Sep 13 '18 at 18:19
  • @SteveSether Have you heard of hole watering? In essence, an attacker compromises one or more sites you are likely to access, and use it to track you. Paying tracking companies to do so is viable and any government can do that. – ThoriumBR Sep 13 '18 at 18:21
  • @ThoriumBR Yes, that's what I meant by having access to a common site tied to your identity, like Amazon.com – Steve Sether Sep 13 '18 at 18:25
  • 6
    I upvoted this answer. Just wanted to add Re: the **Am I safe** question, the answer is almost certainly not. The OP took an action based on something they "saw on the internet" with what appears to be no knowledge of the risks VPN use is to mitigate, if the chosen service will fulfil that need, or the OPSEC behaviours users need to adopt to make such a service useful as a privacy aid. – James Snell Sep 13 '18 at 20:23
  • @Jules it is normal in advertising to use GET parameters rather than referrer data. The refefer has incentive to append suitable parameters because they want to be sure of being paid – Darren H Sep 13 '18 at 20:26
  • @SteveSether Even easier, tie the IP address into location information from a web service (like a find the nearest store), or a location-enabled mobile app that's connected via Wi-Fi. In fact, there were a number of apps recently found that [send your location to analytics companies](https://techcrunch.com/2018/09/07/a-dozen-popular-iphone-apps-caught-quietly-sending-user-locations-to-monetization-firms/). – user71659 Sep 13 '18 at 23:26
  • 2
    That's why I said _A few, very few sites won't log any information_.... – ThoriumBR Sep 14 '18 at 11:11
  • 1
    @reed I wouldn't be so confident. The IETF recommends inbound IP address logs are limited to 3 days. [This blog](https://www.ctrl.blog/entry/gdpr-web-server-logs) dives into the topic in depth. Basically, even if the processing is lawful, you need to limit the amount you collect to what is needed for your task. You can't store inbound IP logs indefinitely and probably can't store them in plain text. Exact requirements will probably end up subject to legal interpretation. – Pace Sep 14 '18 at 19:13
  • 1
    @Pace, I don't think 3 days is enough to realize something wrong or illegal happened. Of course you can't keep the logs forever, but I'd expect at least few months to be ok. Anyway, anything about the GDPR now is still speculation of course, nobody is even really complying, so we will have to wait and see what happens in the future. – reed Sep 14 '18 at 20:07
  • 1
    @reed Under GDPR you can store abnormal stuff (I think even 10% of traffic would be legal if you document your assumptions about "abnormal"), but there are strict rules and *penalties* for those who want to keep say 90% or 100%. It is the law, so while everyone is entitled to their opinion, someone sometime sooner or later will face a *huge* fine when they leak such data set. – kubanczyk Sep 14 '18 at 22:36
  • I had an attacker get my IP address via a Skype resolver then DDOS me, taking down my internet connection for ~30 minutes, in an attempt to extort me into giving the attacker money. So that's one form of attack that knowing your IP address allows. – Buge Sep 15 '18 at 22:58
  • Disclaimer. I own Grabify. If you want your data removed as you clicked on the link by mistake, then you can go here to remove it: https://grabify.link/removeme Also, no they dont get your physical location, only a country and city estimate from your IP address – jLynx Sep 18 '18 at 00:57
17

Any web page you load will have your IP address

In order for your browser to download the content associated with a website, your computer will send requests which include your IP address (this is how the data knows where to be sent). However, your antivirus software may have prevented the connection. Depending on how your AV works, it may have prevented you from making a connection to the suspicious website, and your IP address would not be known to the suspicious website.

It is unlikely someone has your home address from your IP address

The whois protocol could be used to determine a physical address from an IP address. However, in home-user applications, your ISP's information will be returned, not your own. Furthermore, ISPs often dynamically assign IP addresses to their clients, so the IP address you use today may not be the IP address you use tomorrow.

How else could an attacker get your home address from your IP address?

An ISP could store information on the modem such as a customer account identifier which could lead to an attacker determining your home address if they compromised the modem. If an attacker compromised your router, they could sniff traffic to look for your address traversing the network unencrypted or attempt to correlate a Wi-Fi router's MAC address or broadcast name with a Wi-Fi geoloation database such as WiGLE. If an attacker could compromise a computer on the local network, the attacker may be able to find documents which contain the user's home address. Keeping the modem, router and computers well configured and up to date will mitigate the likelihood of this happening.

Assume your IP address is known

You can't operate on the Internet without exposing your IP address, so you should assume that it is known. Additionally, (assuming IPv4) there is a relatively small number of IP addresses available, which means scanners may be trying to connect to your IP address even if you have never "given" it to them somehow.

A well managed local network will mitigate the risks of an attacker having your IP address

Because you must assume that your IP address is known or will be guessed, you should set up your network to protect your computer.

  1. Keep your router up to date with the latest firmware, and check its configuration.
  2. Connect your computers to the router and the router to the Internet. This will give each of your computers a private IP address that is not routable from the public Internet. Your router will then forward requests from all clients using the same public IP address.
  3. For each of your computers, set up a firewall to block access that is initiated from the public Internet.

Be wary of all software, including VPNs

You should be wary of any software you download, especially those offering free services. If you are using a free service, it is likely that your data is what is "paying" for that service. If you want to maintain privacy on the web consider using Privacy Badger.

Peter Mortensen
  • 877
  • 5
  • 10
amccormack
  • 3,971
  • 1
  • 15
  • 23
  • 1
    Thanks for the tip on Privacy Badger. I have been interested in AdBlock, etc., but they always required too much fiddling with configuration. This part of the PrivacyBadger goals caught my attention: "...which could function well without any settings, knowledge, or configuration by the user..." – Wildcard Sep 13 '18 at 19:57
  • It may be a different question, but - how come an attacker gets my home address by hacking into my modem/router? – mgarciaisaia Sep 14 '18 at 12:26
  • 1
    @Wildcard: uBlock Origin, which is the technical leader in ad blocking, don t require any fiddling with configuration – DrakaSAN Sep 14 '18 at 12:47
  • @amccormack Thank you very much. Haven't thought of those vectors at all. – mgarciaisaia Sep 14 '18 at 13:38
  • Documents which contain your home address and IP address get exchanged frequently, unencrypted, between mail servers. Compromising a LAN computer is not necessary. – Ben Voigt Sep 14 '18 at 21:15
  • @amccormack: You're confused if you think whether his local network has zero or one mail servers has any effect on the security of the other N-1 mail servers handling documents containing his address. And the networks carrying plaintext messages between those mail servers. All that remains is for the snoop to pair an outbound message that has both IP address and email ID with an inbound message that has both email ID and home address. For the first, literally any outgoing email will do. The second is only a small fraction of emails, but probably still a large absolute number. – Ben Voigt Sep 14 '18 at 21:37
  • 1
    (+1) I am using Privacy Badger and I guess the fact it comes from the EFF gives it some additional credibility but I can't help but note that it's a piece of software too and it's free of charge... – Relaxed Sep 16 '18 at 11:00
10

Unlike on TV, it's not easy to track an IP address to a physical address without getting the ISP involved.

So don't worry about that.

VPN's are always a good idea. My personal kit is always on VPN connections but I'm paranoid.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Gawainuk
  • 316
  • 1
  • 4
  • So, if my anti virus came up blocking me on the website then they don't have my IP? but lets said they did could they find my address at all? I also installed the VPN after i clicked on it? But thank you for the help :) – A.james Sep 13 '18 at 14:00
  • 24
    How can you trust your VPN provider tho? – trognanders Sep 13 '18 at 17:53
  • 5
    @BaileyS Basically the choice is "trusting your ISP" vs. "trusting your VPN provider". Either of them could turn out to be evil, but maybe you should choose the one that gets most of its business and reputation from respecting privacy and not keeping logs. – Federico Poloni Sep 13 '18 at 18:31
  • 12
    @FedericoPoloni Are you saying there is a reputable VPN provider?!? – trognanders Sep 13 '18 at 18:43
  • 1
    @BaileyS please don't freak me out.. I'v been using a VPN for almost 2 years now. From what you seem to be implying, there are no reputable ones? – dokgu Sep 13 '18 at 20:20
  • Make your own VPN on 5$ droplet, https://github.com/StreisandEffect/streisand , good luck! – Kyslik Sep 13 '18 at 21:27
  • 2
    @FedericoPoloni Not even an issue of trust. If it is known that people use public VPN services for unsavory or high-risk activities, it makes these services a natural target for compromise or surveillance. I believe something similar happens with Tor exit nodes. – user71659 Sep 13 '18 at 23:14
  • 5
    On TV, all you need is a GUI in Visual BASIC to track an IP in real-time! – forest Sep 14 '18 at 00:41
  • 6
    @uom-pgregorio Even the ones that are "reputable" do not operate on reputable ISPs, which have the same capabilities to correlate and deanonymize you as the VPN you use. The fact is, even if a VPN service does not log, their ISP _does_. See https://security.stackexchange.com/a/175186/165253. – forest Sep 14 '18 at 00:42
  • 2
    @uom-pgregorio What are you trying to protect from by using a VPN? If you are trying to add casual security to open access points or avoid light traffic analysis from Verizon you are probably doing great with a VPN service. Nobody running a VPN service is going to prison over your privacy though, so in terms of trusting them more than an ISP... probably mostly misguided. They are an ISP. – trognanders Sep 14 '18 at 01:25
  • 1
    I think a big part of this relatively high-falutin debate about the credibility of ISPs vs VPNs could be settled by naming names. If you live in vast swathes of America, it boils down to "trusting my VPN provider" vs "trusting the [most hated company in America](https://www.pcmag.com/news/350979/comcast-is-americas-most-hated-company)". – Jared Smith Sep 14 '18 at 12:31
  • @BaileyS Untrustworthy VPN providers don't last to long. The comunity is very vocal about such things. I always use a subscription service which has a good rep to browser via and setup my own on a hardware firewall to connect back to my home while I work away – Gawainuk Sep 14 '18 at 13:11
  • @Gawainuk _"Untrustworthy VPN providers don't last to long."_ And they probably don't expect to, caring only about lasting long enough to steal some juicy data from the unsuspecting user and move on to their next scam (to be clear, I have no idea about the incidence of nefarious VPN providers, but I can't imagine longevity is something they bank on, as with most other scammers). – underscore_d Sep 16 '18 at 20:09
3

You shouldn't worry to much about this.

It's unclear from your description if the antivirus blocked the page before or after it was accessed. So I can't say if they got your IP address. But even if they did, it doesn't matter. You can't get someone's home address from just an IP address, just a very approximate geolocation (like what city you are in). Only your ISP could connect the IP address to you personally.

A VPN hides your real IP address from sites you visit. But it does not help retroactively, so installing one after you clicked the link makes no difference here. Of course, it can be good for the future, though.

Peter Mortensen
  • 877
  • 5
  • 10
Anders
  • 64,406
  • 24
  • 178
  • 215
  • Well i assumed when i clicked the link it came up straight up before going on to the page, if they do have my IP do they get any of my personal info from it ? like my name etc? if you want to check out the website i think they used its here grabify.link Im just really worried thats all, thank you for the help though! – A.james Sep 13 '18 at 14:13
  • @A.james No, they don't get your name or any personal info. – Anders Sep 13 '18 at 14:49
3

Every time you connect to another computer via the Internet protocol (IP) the computer at the other end can see and log your IP address. (I am ignoring rare examples where you are sending messages via UDP with a faked source IP address and receive no data back or manage to intercept messages in transit to your faked IP address.) HTTP and HTTPS are TCP protocols, meaning before you connect, you first have a handshake (where you have to observe and send back a random 32-bit ACK), so they can observe your IP address.

That said, if you use a VPN, you only expose your real IP address to your VPN provider, and then expose one of the VPN's IP addresses to every website/computer you connect with.

As for their ability to get your physical address from your IP address: generally, using public IP address-based geolocation tools only traces an IP address to your city based on the RIR records. That said, someone who can access ISP records should be able to discover the actual address that was assigned that IP address -- so law enforcement or certain ISP employees could access this.

They also may be able to cross-reference your IP address with a physical address from other data sources -- e.g., if you buy something from an online store and put in your physical address from a given IP address, someone could associate that IP address with your real address (especially if that online store's database is compromised). Or if someone with GPS enabled (or other rough location tools) on their phone connects to your Wi-Fi network (or observes the profile of nearby APs which seems to be unique and scanned in your area), it would be possible for GPS and data using applications to associate your physical address with your IP address.

Peter Mortensen
  • 877
  • 5
  • 10
dr jimbob
  • 38,768
  • 8
  • 92
  • 161
1

The IP address isn't yours - it's your provider's. So no, they do not have your address - they have an IP address from your ISP's or organisation's block.

Yes, these can be used to look up locations. My own work can be found via our outbound address - but the requests going through this will not from address using this gateway will not.

Peter Mortensen
  • 877
  • 5
  • 10
McMatty
  • 3,192
  • 1
  • 7
  • 16
  • 2
    `The IP isn't yours - its your providers.` that's being overly technical. My *telephone number* also isn't but my phone provider's. But people associate it with me. I associate it with me. Even my phone provider associates with me. The phrase "my IP" still holds up though - it already means "the IP I am using at this point in time" - whether other people are also using it or it's going to change. – VLAZ Sep 14 '18 at 07:35
  • 1
    @vlaz If you change to a different phone provider, you can keep your phone number. Your IP address might change at any time (for a typical home user who doesn't have a static IP address). If I look up a phone number, I expect to find who's number it is (though I might not succeed). If I look up an IP, I'll generally only find the ISP. – Ian D. Scott Sep 14 '18 at 18:14
  • @IanD.Scott so? Point was that "my IP" is perfectly reasonable and commont thing to say. Nobody would or *should* be confused by what that phrase because it's not 100% precise. That's how language works - we use shorthand even when slightly incorrect because we all understand the right thing. – VLAZ Sep 14 '18 at 18:24
  • The last sentence is partly incomprehensible. Can you fix it? – Peter Mortensen Sep 16 '18 at 10:09
1

Although all previous answers are of course entirely correct, they lack an important point: This link was in an email. This is why the antivirus has raised an alert. Exactly for the same reason that Thunderbird or any other email client does not download remote content by default. Of course the malicious website has not your home address, but still it has grabbed some infos about you: (Quoted from Mozilla support)

Remote content is a privacy concern because it allows the message sender to know:

  • each time you view the message
  • rough details about what application and what platform you are using
  • your current geographic location (a rough approximation by IP address)
  • that your email address is actually used ("active")
Benoit
  • 111
  • 4
1

One point to note is that "Am I safe?" depends on your threat model.

If you have powerful or well-funded adversaries, who only know you from your online presence, and are keen to track you down, then your IP address will help them immensely, since they'll be able to get your details with help from your ISP.

If you've got kinda motivated adversaries, then they'll be able to use a Geo IP lookup to figure out which city or region you're in, which might or might not be a threat, depending on what else they know about you.

If you've got no real adversaries, but are worried about opportunists trying to scam you, you're probably fairly safe, although you should always stay vigilant to scams, install regular security updates, etc. Unless you're a particularly high value target, they're not going to drive to your house, even if they do somehow have your address, and they're probably not even going to waste money on a stamp to send you a letter. Scammers like easy targets.

James_pic
  • 2,520
  • 2
  • 17
  • 22
0

You are facing two entirely separate issues.

First, as everyone else has already explained, every web site knows your IP address. They can usually infer your general geographic region, but they cannot locate your home address. Your ISP can map your name to that IP if ordered to do so by a court, however, so you don't have complete anonymity.

The second issue is your antivirus alert. There is nothing inherently dangerous about a web site knowing your IP address, and there is certainly nothing dangerous about displaying it to you.

The antivirus alert probably tripped due to some script on the web page that either invades your privacy or attempts to compromise your computer. If your AV blocked it, you were protected from that threat and don't need to worry.

How to deal with it?

If you don't want to worry about exposing your IP address (because your ISP can link that to your identity with a court order), use a good VPN service.

Don't visit that site again, and be careful where you click. While there is a chance your AV alert was a false positive, there is also a lot of malicious code on the internet.

DoubleD
  • 3,862
  • 1
  • 6
  • 14
-2

At first I wish to inform you that every server have some application to store the ip details or session details. Some firewall types equipment installed at every server end. They used to save records.

IP address is the physical address of your PC., but not your's. So nothing to worry. It is not too easy to crack any IPS database. They have different firewall types devices for their safety process. It is different issue that hackers used to crack almost all major ISP. But at some level in this recent time ISP are using private IP address series with subnet /31. So it is very difficult to crack.

VPN is safe. But it depends what you are using and through which process.

Saikat
  • 1