Can Discussion Board find out my identity via IP Address

tomgilboy

I used to add to a discussion board on a web site , and after one message I found out that I had been 'barred' ! I never received any notification from the web site as to the reason why. I only found out when I went to leave another message on another topic a while later, and that continued right through 2011.

Recently I was on the same web site and tried to leave a comment on a discussion, and it was acccepted, so i felt they (?) had decided to allow me 'access' again.

A few days later I saw that my message was still up on the site, but a user after me said the following .. " Hello there 'My Name'" so it seems to me that they now were aware of who I am.

On this Web Site there was no requirement to ever register your details and I never did, and you could leave any name as a message contributor,... If I suspect that the Web Address owner decided to try and find out my Personal data / owner of my IP address, can they do this without my permission ? and do I have any remedy ?

Thanks

Helix

most forum software logs it automatically, and it's the click of a mouse that will bring up any previous posts from that ip address. there's nothing illegal about it

also, did you happen to put in your email address when posting the comment?

tricky D

The website has your IP no and your ISP has your personal info which can be matched to that IP no. However the website can not just ask the ISP. ISPs will only provide that info by means of a Section 8 court order which a judge will only grant for a criminal investigation or discovery in a civil action. The website owner likely got your personal info by doing a bit of old style detective work. It can be quite easy to do this given the amount of info people leave behind on the internet.

tomgilboy

Hi there Helix and Tricky D, and thanks for your prompt replies -

I never left any personal details on any messages.

I feel its a it odd that such info would be 'easily available' ... if, to get such info would require a Court Order ?

If a Court Order was sought (I doubt it !) would I not be able to find out ?

28064212

You say you could leave any name when you left a message. Are you saying you left a fake one and then a user replied with your real one?

TBH, without a detailed and reliable breakdown of everything you submitted to the site, it's impossible to tell. Can you at least tell us what site it was?

tricky D

Court order is unlikely.

My first guess would be the username part of your email address you used for a confirmation email when signing up to the site.

BaconZombie

Most sites have a check user lookup build-in and with your IP, email address and bout 15mins you can link it to your posts on other sites.

Quick Q, did you use the same email address as you do on Facebook.....

partyatmygaff

Using the same email for anonymous sites such as discussion forums and the likes of Facebook is a bad idea. It's trivially easy to get some people's personal details. The more sites you visit and the more content and personal details you include on each site makes it even easier.

gerryk

As others have said, with a bit of work, and google-fu it may be possible to find out identifiying information about someone.

If you use the same user id, email address and so on across multiple sites, this information can be correlated and a picture of who you are built up.

infodox

I reckon if someone spends enough *time* and *effort* using their Google-Fu to research a target they *will* be able to pull their identifying information. I myself have been doxed in this way before - the slightest link between identities online leaves a massive trail of crumbs to your doorstep.

Of course, in the case of a messageboard, a malicious admin who WANTS to mess with you can do damn near anything to dox you (I mean, breaking the law kind of malicious), for example having it load a nasty iFrame on your login to do all kinds of evil things... But the liklihood is nil.

Perhaps just try reset your router a few times to change IP or use a VPN to gain access again?

bobbytables

Your logged in username on your operating system can be passed to the server in the HTTP headers. So depending on what that is in your case could be another way it could have been passed. However it would typically require a breach of security for a normal forum user to get access to that information.