Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Eir Hostnames for ISP service - WAY too much human readable info

  • 30-07-2024 12:36am
    #1
    Registered Users, Registered Users 2 Posts: 169 ✭✭


    I hadn't been using Eir as an ISP for a long time, but I'm just noticing that they're giving away HUGE amounts of information on their public hostnames.

    Most ISPs give something like 99-22-33-44.broadband.blahblah.ie

    Eir gives you 99-22-33-44@agg2.ExchangeName.BiggerExachangeName.eircom.net

    The exchanges are given as 3 letter mnemonic codes, which are very definitely publicly available info.

    Basically, it's enough to narrow someone down to a suburb of a city like Dublin or Cork, or a small town or even a village potentially. It seems utterly unnecessary and it's basically personal data.

    Obviously IP addresses aren't private info, but they shouldn't be resolving to hostnames that provide that level of geographical info.

    Basically it means that search engines, advertising spammers and all sorts of other data mining entities on the web and in other services can potentially pull a lot of info from an Eir IP address that they can't realistically get from other ISPs.



Comments

  • Registered Users, Registered Users 2 Posts: 7,521 ✭✭✭jmcc


    In terms of geo-location, Eir hostnames are not unusual and often cross county boundaries. It was a major problem with ad targeting in the past. There were some algorithms developed that used timing measurements to locate IP addresses more accurately. Eir is not alone in this using host names with geographical elements. Other ISPs (globally) use geographical identifiers in their host names. Some ISPs don't have any hostnames for their ISP IPs. Geo-location and network mapping use sources well beyond hostnames.

    European IP (RIPE) lookups used to provide organisation and customer details including names. That stopped a few years ago as the organisation name was deleted from some of the publically available data. It is often stilll available with a website lookup. Maintaining databases of IP ranges and their owners is complicated even without the ISP issue. Approximately 4 million IP addresses belonging to the Seychelles in Africa were "acquired" by non-local operators and have been resold/leased to largely Hong Kong and Chinese businesses. In America (ARIN), IP ranges often change hands so what may have been a company IP range last year could be a Cloud hosting range this year. When Microsoft ran out of IP addresses for its Cloud operations, it acquired Brazilian IP ranges (LACNIC). At an IP level, the Internet is much more complex than people realise.

    Regards…jmcc



  • Registered Users, Registered Users 2 Posts: 169 ✭✭PixelCrafter


    Regardless of the origin though, it seems potentially not very aligned to the spirit of GDPR.



  • Registered Users, Registered Users 2 Posts: 7,521 ✭✭✭jmcc


    Apart from GDPR making the Web more unsafe (the redaction of WHOIS data), the Eir host names are not personally identifiable data and typically apply to dynamic IP addresses. Dynamic IP addresses are different from static IP addresses as they only assigned for a limited period to different users. Static IP addresses assigned to users are typically business IP addresses. Sometimes they have identifying hostnames but many do not. Eir has a large pool of IP addresses due to its size and also due to various acquisitions.

    Regards…jmcc



  • Registered Users, Registered Users 2 Posts: 8,061 ✭✭✭10-10-20


    In my opinion there is no GDPR issue as the hostname does not identify an identifiable natural person directly or indirectly, but is a unique naming system akin to a postcode. As there is no link to your personal information (other than that held by Eir), there isn't a GDPR concern.

    In very many cases you could trace public IP's down to a region by simply performing a traceroute and then looking at the resolved names of each hop to work out a region, and such.



  • Registered Users, Registered Users 2 Posts: 7,521 ✭✭✭jmcc


    That's basically how one algorithm that was either granted to Google or assigned to it works. It is timing based. At a webserver level with website IP addresses, the ease with which the country of an IP address can be changed causes a lot of problems for IP geolocation based simply on the IP ranges published by the IP registries.

    Virgin (in its previous incarnations) used to frequently get caught with this when accessing services like Netflix because the larger range of IP addresses might have been allocated to one of its European operations and the Irish IP addresses were not included in some of the IP to country lists. Even with Eir static IPs, it is not unusal to see up to three different geographical locations (all in Ireland) for the same IP address.

    Some of the web hosting providers publish geofeeds with IP ranges and their associated countries. This helps. (I run a website IP address survey each month on about 250 million domain names including all the gTLDs to build a map of the web hosting markets by country.) Eircom used to be a major player in the Irish web hosting market but now it is outclassed by some of the larger Irish hosting providers (it was down to Eircom being repeatedly taken over and taking its focus off web hosting).

    Regards…jmcc



  • Advertisement
Advertisement