Blogger meets his Troll

Knasher

28064212 wrote: »

Stopped reading there, since you're talking utter nonsense. An IP address does not get you remotely close to 30 metres. It doesn't get you to 300 metres. It might get you to 3000m, if you're lucky

Well there was a couple of recent papers, this one in particular suggests it can get to within a median error distance of 690 meters (using route delay measurements). The paper is US centric so I've no idea how accurate the same measures would be in Ireland. I don't think that would be accurate enough to start throwing accusations, especially considering that the error is dependent on population density, so the most accurate location would also give you the greatest chance of accusing the wrong people.

If I had to put my money down (assuming that the whole not illegal bit is true), I'd say the most likely method is that they used HTML5s geolocation feature and were somehow able to entice their target into clicking the share my location button.

say_who_now?

Wanderer2010 wrote: »

Very interesting post. Getting serious, how many people here would actually want to meet someone who was abusing them online with threats etc? Particulalry the men- yes, it might be satisfying to knock the crap out of them, but when push comes to shove, how many people would actually hurt the Troll? I thought the OP was very brave and I do hope that kid gets help..

Tbh I wouldn't feel any better about myself knocking seven colors out of an attention seeking kid, and that's even assuming that the author themselves isn't just making this up to get attention, as it has already been picked up by the guardian (tbh I thought it was more daily fail type fodder myself), but I would certainly make sure the full rigors of the law were impressed upon him as the kind of vigilante justice of the author only encourages others to seek their own form of retribution for acts comitted upon them. In saying all that, not for a minute do I believe that the Gardai didn't take death threats seriously, and if they had been shown the same "manilla envelope" of evidence, I'm sure they would have investigated the case and found the perpetrator a hell of a lot quicker and through legal means than the author and his IT genius friend.

BaZmO*

humbert wrote: »

Oh dear.

http://www.guardian.co.uk/commentisfree/2012/sep/26/day-confronted-troll

It's here too

http://www.irishtimes.com/newspaper/breaking/2012/0926/breaking15.html?via=mr

I tell ya what, if the guy is lying, he's dug a very big hole for himself.

say_who_now?

Knasher wrote: »

Well there was a couple of recent papers, this one in particular suggests it can get to within a median error distance of 690 meters (using route delay measurements). The paper is US centric so I've no idea how accurate the same measures would be in Ireland.

Straight up Knasher, if I pull up goolge maps on my N8, it gets me to an accuracy of within 100 metres indoors using a combination of GPS, Wi-Fi positioning and mobile mast site triangulation. Pretty accurate you might think, until you realise that google street view will leave you in front of an apartment complex with over 100 apartments.

So then you think- "well I know the IP address, and I know the computer it came from". That's STILL no use to you without a specific house address, and you have no way of getting my house address. So even if you were to go round the hundred or so apartments with the electoral register (which we'll assume is up to date, to make things simple!), asking who lives there and crossing the names off (assuming again people won't tell you to naff off!), you still will only get the names of those living there over 18.

Therefore, there is no LEGAL way, you as an individual, can locate and identify a person simply from their IP address, let alone pin-point their home adress.

And that's also assuming that if you were to try illegal means to correlate the IP address with customer details, that the ISP is like eircom and keeps their customer database unencrypted and without reference numbers! :rolleyes:

humbert

BaZmO* wrote: »

It's here too

http://www.irishtimes.com/newspaper/breaking/2012/0926/breaking15.html?via=mr

I tell ya what, if the guy is lying, he's dug a very big hole for himself.

Actually a quick google shows that it's in nearly every paper you care to mention. Some of them must have done a bit of fact checking. Still find it difficult to believe.

BaZmO*

say_who_now? wrote: »

Pretty accurate you might think, until you realise that google street view will leave you in front of an apartment complex with over 100 apartments.

That's assuming it's an apartment of course.

PogMoThoin

I have worked for a few years for an ISP. An Isp's IP address list or database is covered by the data protection act. Getting this information from an ISP requires Garda intervention and a court order. For someone on the ISP's staff having access to it and giving it out to a member of the public is a huge breach of the data protection act. There is no conceivable way it's possible to do legally just from a IP address.

Zab

say_who_now? wrote: »

Straight up Knasher, if I pull up goolge maps on my N8, it gets me to an accuracy of within 100 metres indoors using a combination of GPS, Wi-Fi positioning and mobile mast site triangulation. Pretty accurate you might think, until you realise that google street view will leave you in front of an apartment complex with over 100 apartments.

You can typically get within 30m via wifi alone, and you don't need to be on a phone to do it, any PC with a wifi card will suffice. Also, it would be within 30m of where one of my friends lives so you'd hardly have to be Einstein to make to connection. Furthermore, that wasn't even the method that Knasher was mentioning, and browsers ask before revealing your location.

PogMoThoin wrote: »

I have worked for a few years for an ISP. An Isp's IP address list or database is covered by the data protection act. Getting this information from an ISP requires Garda intervention and a court order. For someone on the ISP's staff having access to it and giving it out to a member of the public is a huge breach of the data protection act. There is no conceivable way it's possible to do legally just from a IP address.

No need to address the methods mentioned in the thread then, we'll just take your word for it.

UCDVet

Zab wrote: »

You can typically get within 30m via wifi alone, and you don't need to be on a phone to do it, any PC with a wifi card will suffice. Also, it would be within 30m of where one of my friends lives so you'd hardly have to be Einstein to make to connection. Furthermore, that wasn't even the method that Knasher was mentioning, and browsers ask before revealing your location.




No need to address the methods mentioned in the thread then, we'll just take your word for it.

Can you explain how that would work? I have a wifi card; does that mean anyone with my IP address can tell where I am, within 30m?

say_who_now?

BaZmO* wrote: »

That's assuming it's an apartment of course.

Well I was just using this as an example, where if I pull up a list of the Wi-Fi broadcasts around me, there are ten connections on UPC alone! So even with an HTML5 page with hidden code to get my location from my IP, this is only an APPROXIMATE location. It doesn't pinpoint me specifically and certainly doesn't give my home address. So even as one poster alluded to earlier, simply knowing their friend's name, even knowing their ISP their friend uses, and even assuming they used their real name and not a false one, does not give them their friend's actual home address.

PogMoThoin

Zab wrote: »

No need to address the methods mentioned in the thread then, we'll just take your word for it.

I've seen no valid methods. I've seen lots of posts from people with a very poor knowledge of networking talking up how it is possible though. If you feel you're knowledgeable to explain a method please do.

fasttalkerchat

Nice ending to a terrible story if its genuine but I somehow doubt it too.

Also AFAIK that can't be done legally without a court injunction which he claims not to have done... could have thought about his story before putting it online.

Knasher

say_who_now? wrote: »

Straight up Knasher, if I pull up goolge maps on my N8, it gets me to an accuracy of within 100 metres indoors using a combination of GPS, Wi-Fi positioning and mobile mast site triangulation. Pretty accurate you might think, until you realise that google street view will leave you in front of an apartment complex with over 100 apartments.

If you are indoors then you aren't using GPS, which has very poor signal penetration, if you were then it would by quite a bit more accurate, and the accuracy of WiFi positioning can vary wildly by location (for example at my workplace it is accurate to about 20 meters using WiFi alone).

That being said I was actually editing my comment when you posted yours to say that I don't think 690 meter would be accurate enough to start throwing accusations around, so I don't think that is what happened, I was just mentioning the paper because it was relevant to one of the earlier comments if not to the story itself.

However if you could pin the address down to a smallish location (say within 50 meters) by tricking the kid into clicking on the geo-location thing in HTML5 and you knew only one other person in that area. Then it might be reasonable to consider this person is the most likely candidate and it could also be quite easy to rule them out, even without tipping your hand (for example if they are on UPC where your IP almost never changes, then next time he is visiting just ask to use their internet and away you go).

say_who_now? wrote: »

Therefore, there is no LEGAL way, you as an individual, can locate and identify a person simply from their IP address, let alone pin-point their home adress.

I'll admit I'm making a lot of assumptions and probably most of the time you would fail to track people like this. All I'm saying is that it isn't beyond the realm of possibility that it could work the odd time. Maybe he is lying and he used illegal methods to track him, maybe this is just an attempt to drum up page hits, honestly I don't know and I also don't care.

say_who_now?

Zab wrote: »

You can typically get within 30m via wifi alone, and you don't need to be on a phone to do it, any PC with a wifi card will suffice. Also, it would be within 30m of where one of my friends lives so you'd hardly have to be Einstein to make to connection. Furthermore, that wasn't even the method that Knasher was mentioning, and browsers ask before revealing your location.

No, you'd have to be psychic!

Your approximate location.

UCDVet wrote: »

Can you explain how that would work? I have a wifi card; does that mean anyone with my IP address can tell where I am, within 30m?

Yes, but only if you're on your own in the middle of a very big field-

http://www.netmagazine.com/tutorials/getting-started-html5-geolocation

LostPassword

I can often identify a specific location from an IP address in minutes. The first step is to use traceroute to follow the IP address back across each hop in the route - many ISPs use geographically informative names to identify their routers, so it is often possible to identify the last router before the user's name - try it and see - you just have to type tracert [IP Address] on a command prompt. This allows you to identify the most local router to the user's home which allows you to greatly narrow your range of possibilities. Even when non-informative names are used, you can often find identifying information on the net (network graphs, previous uses of the same IP address logged elsewhere, etc, etc).

There are loads of ways that you can further investigate who the user is - many users run poorly secured network services (e.g. web servers, media servers, the routers themselves, etc, etc) and these have often got informative names (e.g. JAMES-DILLON-PC) which you can get at with a little bit of knowledge of common and well known low end protocols such as UPnP.

Of course many of these services are unsecured or trivially unsecured and you can simply walk into them and look around the network to see what traffic is going on. That would be questionably legal though.

In general, I find that, more often than not, unless the user knows what they are doing (<0.00001%) somebody who understands network security will be able to narrow the range of possibilities down to such an extent that the suspect pops out fairly quickly.

say_who_now?

LostPassword wrote: »

I can often identify a specific location from an IP address in minutes. The first step is to use traceroute to follow the IP address back across each hop in the route - many ISPs use geographically informative names to identify their routers, so it is often possible to identify the last router before the user's name - try it and see - you just have to type tracert [IP Address] on a command prompt. This allows you to identify the most local router to the user's home which allows you to greatly narrow your range of possibilities. Even when non-informative names are used, you can often find identifying information on the net (network graphs, previous uses of the same IP address logged elsewhere, etc, etc).

There are loads of ways that you can further investigate who the user is - many users run poorly secured network services (e.g. web servers, media servers, the routers themselves, etc, etc) and these have often got informative names (e.g. JAMES-DILLON-PC) which you can get at with a little bit of knowledge of common and well known low end protocols such as UPnP.

Of course many of these services are unsecured or trivially unsecured and you can simply walk into them and look around the network to see what traffic is going on. That would be questionably legal though.

In general, I find that, more often than not, unless the user knows what they are doing (<0.00001%) somebody who understands network security will be able to narrow the range of possibilities down to such an extent that the suspect pops out fairly quickly.

And you'd have the book thrown at you for invasion of privacy and using illegal means to obtain personally identifiable information. Still won't give you a person's home address from their IP either. The author as Bazmo quite rightly said, has dug themselves an awful hole, first by suggesting that the Gardai do not take death threats and malicious intimidation seriously, and then by suggesting that his IT genius friend managed to obtain confidential information by "perfectly legal" methods.

Zab

PogMoThoin wrote: »

Zab wrote: »

No need to address the methods mentioned in the thread then, we'll just take your word for it.

I've seen no valid methods. I've seen lots of posts from people with a very poor knowledge of networking talking up how it is possible though. If you feel you're knowledgeable to explain a method please do.

Please address my posts in particular

UCDVet

The only way I see this being possible is if they setup a bogus website; and the troll connected to it using a smart phone or tablet with GPS enabled AND voluntarily allowed it to disclose their location -or- if they suspected it was a friend and created an elaborate scheme of giving each friend a different link to visit on a site they controlled and recording the IP address of each friend in that fashion.

I'm pretty convinced it's impossible to reliably get an address from an IP address. I'm not saying you can't find someone hosting a webserver on their machine that has their home address on it; but I'm saying I don't believe it will work for the vast, vast, vast majority of IP addresses.

What Is My IP - WhatIsMyIP.com
Your IP Address Is: 109.255.10.90
No Proxy Detected

But I'd love for someone to walk us all through the process and put and end to the discussion.

Zab

UCDVet wrote: »

Zab wrote: »

You can typically get within 30m via wifi alone, and you don't need to be on a phone to do it, any PC with a wifi card will suffice. Also, it would be within 30m of where one of my friends lives so you'd hardly have to be Einstein to make to connection. Furthermore, that wasn't even the method that Knasher was mentioning, and browsers ask before revealing your location.




No need to address the methods mentioned in the thread then, we'll just take your word for it.

Can you explain how that would work? I have a wifi card; does that mean anyone with my IP address can tell where I am, within 30m?

No, this method actually doesn't involve your ip address. Using a database of known wifi network locations combined with the networks your wireless card can see, your browser can work out roughly where it's located. Web pages can request this information from your browser but it's usually run by you first.

UCDVet

Zab wrote: »

No, this method actually doesn't involve your ip address. Using a database of known wifi network locations combined with the networks your wireless card can see, your browser can work out roughly where it's located. Web pages can request this information from your browser but it's usually run by you first.

Do you have a particular implementation you feel is more accurate than others? If you're talking about the generic HTML5 based geolocation stuff; I was under the impression it was far less accurate than you're saying.

http://html5demos.com/geo <--- Says I'm on Dame Street, Dublin if I use Chrome.

The same site, in Internet Explorer, says I'm on Meispl Road in Dublin.

In both cases I have to voluntarily allow the site to collect my geolocation information (which I'd be unlikely to do if I were in the middle of criminally harassing someone). And both of those locations are really far from my actual location.

PogMoThoin

Zab wrote: »

Please address my posts in particular

I've gone through your posts, I still don't see any logic there. Yes someones IP is visible in an email header and through Skype, but what has this got to do with pinpointing a single person out from an IP address if you don't know who you're looking for?

Matt_Trakker

Delighted to see so many Boards readers trolling this chap's Guardian article calling shenanigans :cool:

Zab

UCDVet wrote: »

Zab wrote: »

No, this method actually doesn't involve your ip address. Using a database of known wifi network locations combined with the networks your wireless card can see, your browser can work out roughly where it's located. Web pages can request this information from your browser but it's usually run by you first.

Do you have a particular implementation you feel is more accurate than others? If you're talking about the generic HTML5 based geolocation stuff; I was under the impression it was far less accurate than you're saying.

http://html5demos.com/geo <--- Says I'm on Dame Street, Dublin if I use Chrome.

The same site, in Internet Explorer, says I'm on Meispl Road in Dublin.

In both cases I have to voluntarily allow the site to collect my geolocation information (which I'd be unlikely to do if I were in the middle of criminally harassing someone). And both of those locations are really far from my actual location.

Are you using wifi? If not then I assume it just uses ip address geolocation.

Zab

PogMoThoin wrote: »

Zab wrote: »

Please address my posts in particular

I've gone through your posts, I still don't see any logic there. Yes someones IP is visible in an email header and through Skype, but what has this got to do with pinpointing a single person out from an IP address if you don't know who you're looking for?

It doesn't and I never said it did. This whole thing was predicated on the person already being a friend or in communication. I made that clear, and it's the same situation that the blogger was in.

scamalert

say_who_now? wrote: »

Straight up Knasher, if I pull up goolge maps on my N8, it gets me to an accuracy of within 100 metres indoors using a combination of GPS, Wi-Fi positioning and mobile mast site triangulation. Pretty accurate you might think, until you realise that google street view will leave you in front of an apartment complex with over 100 apartments.

So then you think- "well I know the IP address, and I know the computer it came from". That's STILL no use to you without a specific house address, and you have no way of getting my house address. So even if you were to go round the hundred or so apartments with the electoral register (which we'll assume is up to date, to make things simple!), asking who lives there and crossing the names off (assuming again people won't tell you to naff off!), you still will only get the names of those living there over 18.

Therefore, there is no LEGAL way, you as an individual, can locate and identify a person simply from their IP address, let alone pin-point their home adress.

And that's also assuming that if you were to try illegal means to correlate the IP address with customer details, that the ISP is like eircom and keeps their customer database unencrypted and without reference numbers! :rolleyes:

your such a tool :rolleyes: my n8 points me less then 5 meters from my house without wifi or triangulation crap on.As for finding a person IP is enough,i could bet my neighbor who drives eircom wan would easily give up the address within 5 minutes if offered him 100e just by using his blackberry you think so lame that nobody could trace you down.Once the IP is known and time are known,you only need to speak to certain people and youll be chewing curb in no time,Fair enough for the OP as he approached his parents and basically forgave the kid.As if it was someone else he might be found in 5 different counties.Even the parcels he sent with ashes and flowers could be easily traced back to post office and then receipts and cameras.
Not so long ago someone tracked down half of anonymous group,although they are hiding behind 5 walls and without any help of cops,and yet you think its impossible to track 17y old dork.

PogMoThoin

scamalert wrote: »

your such a tool :rolleyes: my n8 points me less then 5 meters from my house without wifi or triangulation crap on.As for finding a person IP is enough,i could bet my neighbor who drives eircom wan would easily give up the address within 5 minutes if offered him 100e just by using his blackberry you think so lame that nobody could trace you down.Once the IP is known and time are known,you only need to speak to certain people and youll be chewing curb in no time,Fair enough for the OP as he approached his parents and basically forgave the kid.As if it was someone else he might be found in 5 different counties.Even the parcels he sent with ashes and flowers could be easily traced back to post office and then receipts and cameras.

You missed the bit where the blogger said he did it perfectly legally, giving an Eircom guy €100 is not legal, it's a huge breach of the Data Protection Act, a criminal act that could land you in jail.

scamalert

PogMoThoin wrote: »

You missed the bit where the blogger said he did it perfectly legally, giving an Eircom guy €100 is not legal, it's a huge breach of the Data Protection Act, a criminal act that could land you in jail.

after the kid confesses threatening to murder wife or before ? :cool:

28064212

LostPassword wrote: »

I can often identify a specific location from an IP address in minutes. The first step is to use traceroute to follow the IP address back across each hop in the route - many ISPs use geographically informative names to identify their routers, so it is often possible to identify the last router before the user's name - try it and see - you just have to type tracert [IP Address] on a command prompt. This allows you to identify the most local router to the user's home which allows you to greatly narrow your range of possibilities. Even when non-informative names are used, you can often find identifying information on the net (network graphs, previous uses of the same IP address logged elsewhere, etc, etc).

This won't get you any closer than a geolocation lookup on an IP address

LostPassword wrote: »

There are loads of ways that you can further investigate who the user is - many users run poorly secured network services (e.g. web servers, media servers, the routers themselves, etc, etc) and these have often got informative names (e.g. JAMES-DILLON-PC) which you can get at with a little bit of knowledge of common and well known low end protocols such as UPnP.

"Many" is something of a stretch. And a simple media server won't expose itself to the outside world without the user doing something monumentally stupid.

Mickey H

Bambi wrote: »

I'd post the ashes back to his house. let the f**ker sweat it out for a while.

What he should have done when he received the above was to get a box and take a big aul sh1te in it. Then put a little note on top saying "You've given me enough of your sh1te. Now you can have some of mine." And then post the new box back to the troll.

After reading the piece, I thought that the blogger handled it very well. I doubt if I would have settled for a handshake.

St.Spodo

He is also strangely unwilling to speak about this on the radio or on the television. They wanted him on RTE, he declined.