Results 1 to 8 of 8

Thread: IP Logging and Anonymity

  1. #1
    Join Date
    Nov 2005
    Posts
    724

    Default IP Logging and Anonymity

    A reader brought to my attention some of the recent comments at Wayland Transparency and asked about the capturing of IP addresses there and here. I will share some information.

    First, we are too cheap to pay for the IP logging that we could get through GoDaddy for our website. The information may be captured somewhere by GoDaddy, but we do not have access to it. There might be some Wordpress plug-in we could use to capture this information, but we are not using one. Frankly, we do not care who visits our site.

    [This paragraph added subsequent to the original post] After doing a bit of research into our site this morning, I should add that we do use a plug-in called Bad Behavior. This code compares visitor IPs to a blacklisted database to try to prevent malicious actors from visiting the site. This may seem like IP collection, but the only log the plug-in generates is for IPs of visitors who have been denied access to the site. I can state unequivocally that we do not collect any sort of visitor information (beyond some very high level logs that aggregate information to tell us how many hits each page has received without providing any information about individual users) - if any of our plug-ins are doing anything like this beyond Bad Behavior, I am not aware of it and we are not using it.

    On our forum, however, the software does capture IP addresses when users register and when they login. This should be no big deal since users use their real names anyway, and there's no storage of IP information for visitors to the forum. We don't use this information for anything other than determining whether someone not legitimate might be trying to join the site - that is, for example, we don't expect any Wayland residents who use the forum to have IP addresses in Russia. If someone happens to try to join, and their name/IP seems suspicious, I give them extra scrutiny.

    In other words: you are anonymous when you visit our site, but you are not when you comment.

    Wayland Transparency is running a comments page and uses a software package called HTML Comment Box. The moderator at that site wrote:

    Quote Originally Posted by Moderator at Wayland Transparency
    We don't have any way of knowing who is posting. I don't know about the 3rd party tool.

    Most likely, in the event of a serious crime, some legal authority could get a subpoena and find some digital fingerprint somewhere.

    But short of that, there is no trace of who posts what. This is fine for the posters, but frustrating for us, on occasion, when we want to reach out to a specific poster to ask them to take it down a notch when things get heated. Our only option in those cases is to not post a particularly offensive post and then post an explanation from the moderator.
    However, the software Wayland Transparency is using does log IP addresses of visitors (this is their feature page and their features include: "IP address of comment submitters listed in account").

    So it may be that the Moderator at Wayland Transparency doesn't realize the IP logging feature is there (though I understand a post was made that did not make it through moderation providing the information about the software that I have just posted, so the Moderator should by now be aware of it). If anonymity is important to you, you should be aware that IP logging is a feature of the Wayland Transparency commenting software.

    Knowing your IP address doesn't ensure that a moderator knows who are you. But if you have left this address elsewhere in your "digital footprint" (to use his phrase), it is possible that you could be traceable.
    Last edited by Kim Reichelt; 11-12-2015 at 06:10 PM. Reason: to add information on Bad Behavior

  2. #2
    Join Date
    Nov 2005
    Posts
    724

    Default More detailed user logging is done as well

    Beyond the user tracking available via HTML Comment Box, Wayland Transparency also uses StatCounter, which can not only track visitors who post to the site, but also visitors who just visit the site. It tracks not only visitors by IP but can give a detailed history of their navigation through the site (see image below from this page: http://statcounter.com/features/?PHP...5#magnify-user - sorry that the thumbnail below isn't really readable, but it is readable on the original page)

    Name:  magnify (1).jpg
Views: 233
Size:  16.7 KB

    Scan down the list of features and you'll see that the website owner can not only see how long you were on the site, and all the pages you visited, but even what page you came from to get to the site. They can drill down and see all your recent visits.

    Name:  recent-visitor-activity.jpg
Views: 233
Size:  20.1 KBName:  visitor-paths.jpg
Views: 238
Size:  19.9 KB
    Last edited by Kim Reichelt; 11-11-2015 at 09:42 AM. Reason: to add image inline

  3. #3
    Join Date
    Nov 2005
    Posts
    724

    Default

    Whoa! As a test, I installed StatCounter for about a half-hour on Thursday morning. I could see not only the IP addresses of everyone who visited WaylandeNews, but also what pages they went to and what links they clicked. I could see what browser they are using, who their ISP provider is and where their service is located. If they log in from work, I can even see the name of their company (for some people, this will uniquely identify them). If I left this code on our site (which I promise I will not, and you can see it if you right-click and View Page Source on any webpage), I would be able to trace an individual user's usage of the site over time. This is powerful stuff.

    This feature is in use on WaylandTransparency, including on their commenting page. It notes the time and date of your visit, so it can be uniquely tied to an individual comment. If you do not want to be tracked, and want to remain anonymous, you should not visit any site that uses StatCounter.
    Last edited by Kim Reichelt; 11-12-2015 at 02:36 PM. Reason: to fix typo

  4. #4
    Join Date
    Nov 2005
    Location
    Wayland MA
    Posts
    1,431

    Default

    To be fair, Kim, in keeping with their name, Wayland Transparency DOES make prominent mention of StatCounter and its implications right there on ... wait, I can't seem to find it ... hmm, that's odd ... I mean, how could a site that deludesprides itself on transparency commit such an oversight.

    The error must be mine--I will keep looking for the notice.
    Last edited by Jeff Dieffenbach; 11-12-2015 at 10:25 AM. Reason: Availing myself of new strikethrough feature

  5. #5
    Join Date
    Nov 2005
    Posts
    724

    Default

    WaylandTransparency is adding a "Moderator's Corner", where apparently the site will address IP tracking. Until we have that new page, the Moderator there posted the following:

    Quote Originally Posted by WaylandTransparency Moderator
    StatCounter is a program that allows us to keep track of traffic to the site - number of visitors, most popular pages, length of visit, etc.

    What it does NOT do is allow us to see, even by IP address any personal information about any user - who they are, where they live, their contact information, etc.

    So, why would we stop using a tool that virtually all websites use these days in order to understand their traffic?
    So clearly, they have no intention of stopping use of StatCounter, even though they tout their site as the place to go to comment anonymously.

    While StatCounter does not directly provide visitors' or commenters' names, addresses or email addresses, it absolutely does provide among other identifiers: IP address, hardware used and software versions. It sometimes includes the name of your employer, and otherwise the name of your ISP. In other words, while your IP address may not be posted for all the world to see, it is absolutely there for WaylandTransparency to see.

    I would urge all posters there to exercise caution if they believe they are anonymous. They are absolutely not on any site that uses StatCounter. If you have emailed anyone who knows anyone at WaylandTransparency, they have access to your IP address. If you login from work, your employer's name may show up. You can even tell if someone is logging in from an iPhone or an iPad, and whether they use Safari or IE or Chrome.

    As a poster on that site wrote:

    Quote Originally Posted by Anonymous Tips
    Why is it anyone's business who blogs on this website? [note: "this website" refers to WaylandTransparency] The whole reason the blog is anonymous is the same reason the Inspector General, State Ethics Commission and Attorney General maintain anonymous ways for the public to contact them.

    I would post this at WaylandTransparency, but I have had several reports from users that their posts are being removed. Given WickedLocal's recent outing of a user they allege to have identified via IP address logging, I would suggest that all users who believe they are posting anonymously when they visit commenting sites exercise caution. An obvious additional piece of advice is not to post anything you would be embarrassed to have come out attached to your name.


    Last edited by Kim Reichelt; 11-13-2015 at 10:59 AM. Reason: to correct typo and to clarify that WickedLocal's identification is alleged

  6. #6
    Join Date
    May 2015
    Posts
    53

    Default

    Dear Kim, Jeff and WEN readers: FYI, detailed visitor tracking, e.g. StatCounter, is typical for commercial websites and most news organizations -- to understand visitor behavior, target ads and sell-ups, identify where users live and work, etc. Google Analytics is one of the most popular tools, which also shows what Google itself can collect when you use it or visit / purchase from a website that does. See: https://developers.google.com/analytics/

    Mark

  7. #7
    Join Date
    Nov 2005
    Posts
    724

    Default

    Quote Originally Posted by MarkHays View Post
    Dear Kim, Jeff and WEN readers: FYI, detailed visitor tracking, e.g. StatCounter, is typical for commercial websites and most news organizations -- to understand visitor behavior, target ads and sell-ups, identify where users live and work, etc. Google Analytics is one of the most popular tools, which also shows what Google itself can collect when you use it or visit / purchase from a website that does. See: https://developers.google.com/analytics/Mark
    Mark, you are right that many sites do visitor tracking, and that there can be valid reasons for it, particularly for a commercial entity. I am not altogether sure what the need is for it on a site at which you expect all the traffic to be local, don't have advertising, and have no need to know user demographics. I think all the webmaster of such a site really cares about is which pages are getting traffic as a guide to where to put in effort, so aggregate data is completely sufficient.

    I have Google Analytics in use at WaylandeNews (though actually, I could probably just turn it off - I don't find it very useful and rarely have any reason to access it). All data we have access to via Google Analytics (and also via the Wordpress dashboard) is aggregated. We do NOT have it enabled to track individual users -- in fact, to turn on tracking of individual users you have to agree to the following policy (bold is my emphasis):

    Quote Originally Posted by Google Analytics
    Enable the User-ID featureThe User-ID lets you associate engagement data from different devices and multiple sessions, so you can discover how users interact with your content over an extended period of time.To use this feature, you must enable it in your account by agreeing to the policy in the steps below, set up and configure the User-ID in your tracking code, and create a User-ID view to analyze the data. Learn more about the User-ID.

    You must agree to the User-ID Policy before you can enable the feature.


    • You must make sure you have the full rights to use this service, to upload data, and to use it with your Google Analytics account.
    • You will give your end users proper notice about the implementations and features of Google Analytics you use (e.g. notice about what data you will collect via Google Analytics, and whether this data can be connected to other data you have about the end user). You will either get consent from your end users, or provide them with the opportunity to opt-out from the implementations and features you use.
    • You will not upload any data that allows Google to personally identify an individual (such as certain names, social security numbers, email addresses, or any similar data), or data that permanently identifies a particular device (such as a mobile phone’s unique device identifier if such an identifier cannot be reset), even in hashed form.
    • If you upload any data that allows Google to personally identify an individual, your Google Analytics account can be terminated, and you may lose your Google Analytics data.
    • You will only session stitch authenticated and unauthenticated sessions of your end users if your end users have given consent to such stitch, or if such merger is allowed under applicable laws and regulations.


    I thought it was particularly important that users understand the extent of tracking that StatCounter does since the comment page on that site (which is no longer active) was supposed to be providing an anonymous way to post online. Users needed to understand that their use of the site may not have been publicly announced, but that it was potentially available at least to all the people who are involved at WaylandTransparency -- and as the staff there is not declared, users do not even know who that might be.
    Last edited by Kim Reichelt; 11-16-2015 at 04:22 PM. Reason: issues with formatting

  8. #8
    Join Date
    Dec 2005
    Posts
    165

    Default

    Fascinating that a "transparent" organization goes to such lengths to be obscure. Quite shocking!

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •