IP address question

[Anarchist420]

Do websites that have access to their viewers IP address have access to anything other than the IP address of their viewers?

By that I mean could they find out what websites you've been to and search your browsing history if they know your IP address?

 

[seepy83]

Every single web server you visit knows the IP address you're coming from. They need to know what your IP address is, otherwise they wouldn't be able to send data back to you (which means you wouldn't ever see their page).

No, they can't search your browsing history. To do that, they would need get some malware installed on your computer that collects that information and sends it to them.

 

[Blackjack200]

Every single web server you visit knows the IP address you're coming from. They need to know what your IP address is, otherwise they wouldn't be able to send data back to you (which means you wouldn't ever see their page).

No, they can't search your browsing history. To do that, they would need get some malware installed on your computer that collects that information and sends it to them.

Well, they know your ISP's IP address, your ISP then forwards the data to whatever private IP address they've assigned to you. Right?

 

[seepy83]

Well, they know your ISP's IP address, your ISP then forwards the data to whatever private IP address they've assigned to you. Right?

No...the HTTP GET request is coming from your IP (your router's WAN IP in a typical home internet setup, because it's probably performing NAT). The web server send it back addressed to your IP, and the internet routers between the web server and your home router figure out the best way to send the data to get it to you.

edit: I guess the web server would only know an IP address for your ISP if your ISP is performing NAT and handing out private IPs to their customers...but I've personally never seen that done.

 

[Anarchist420]

Thanks: )

 

[warr666]

.....e something like browser info. also, they may know ur browsing history; malware not needed.

 

[MrColin]

Do websites that have access to their viewers IP address have access to anything other than the IP address of their viewers?

By that I mean could they find out what websites you've been to and search your browsing history if they know your IP address?

If you have javascript enabled in your browser there could be all kinds of that going on. There's probably some other tricks to get more info without js too.

 

[Aluvus]

No, they can't search your browsing history. To do that, they would need get some malware installed on your computer that collects that information and sends it to them.

Some time ago, an attack was seen in the wild where a site would snoop through your cookies to detect other sites that you had visited. IIRC, the browser vendors tightened security on the cookie jar to fight this.

More recently, a practical attack was generated that snoops your browser cache to determine web pages you've visited.

Neither attack has anything to do with knowing your IP address.

 

[Modelworks]

Try a couple of these test.
Shields up will scan your connection for open connections.

http://www.grc.com/default.htm

 

[Fallen Kell]

At the minimum, a webpage will have your ISP's IP address that was used, the port that the connection was made on from that IP, and the browser's "user agent" information. The browser's user agent will typically include what OS you are running, what the browser is, and the build/version the browser.

With flash plugin or javascript, even more data is accessible. Javascript will allow the complete history:

http://www.physorg.com/news/2010-12-web-surfing-history-accessible-javascript.html

With flash, they can set a persistent cookie which they can use to uniquely identify your computer/browser and then follow you from website to website (assuming something like your add network extends across multiple websites, or you run/operate multiple sites, or have data trading/sharing relations with other sites). These flash cookies are not cleared like normal html cookies and are typically not known about by people outside the tech industry.

 

[MtnMan]

If you have javascript enabled in your browser there could be all kinds of that going on. There's probably some other tricks to get more info without js too.

^^^^ this

If they have java script imbedded in their webpage, and your browser allows java scripts to execute by default, they can do just about anything they want to, and you will never see anything to indicate it is happening.

Having your public IP (which in reality is your router) is not much of a threat, however having code running on your computer while your are connected is a big hole in your security.

This is why I run FF with NoScript.

 

[Binky]

This site might show some interesting history on you.
http://www.youhavedownloaded.com/?q=

 

[MtnMan]

Well, they know your ISP's IP address, your ISP then forwards the data to whatever private IP address they've assigned to you. Right?

Maybe some DSL single computer setups are like that. C

Typically your ISP provides a public IP address to the internet side of your router, where responses are sent. the router then 'translates' to the internal IP of the PC (uses port numbers to track which PC sent the original request).

 

[uOpt]

Well, first of all there is of course the referer in the http header.

Second, spying on the brower's history to see what else you visited is from casual observation the most commonly exploited security flaw in the better up-to-date browsers during 2011.

Then there are all kinds of game with having elements on one page on different servers to utilize cross-server tracking.

If you visit something wacky, use a separate browser instance on it's own profile and copy and paste the link in, don't click on it. Better yet, don't visit wacky websites from your main computer if you aren't sure of the implications

 

[MtnMan]

sandboxie anyone?

 

[LiuKangBakinPie]

Banner ads and other adds collect your data. Good way to check is to use http headers live and see what they ask