Privacy Disaster: Type IP Address, Get Internet User’s Phone Number
#1
[Image: spy.jpg]Websites can’t function without them and a user must be allocated one before he or she can begin using the Internet. Without doubt, IP addresses one of the most important elements underpinning today’s online experience.

While website IP addresses are necessarily public information, IP addresses of individual users are by their very nature a lot more sensitive. Rather than identifying a web server designed to attract traffic, IP addresses operated by regular Internet users are often considered personal information.

Of course, it’s fairly common knowledge that the IP addresses of file-sharers become publicly visible when they enter BitTorrent swarms for example, but matching those IP addresses to real-life identities is a complex process wrapped up in privacy laws designed to protect the consumer. During the past week, however, it became evident that users of a Scandinavian ISP could be traced back to their real-life identities simply by using their IP address.

Discovered by Norwegian site Dinside, this privacy disaster stems from the software installed on routers supplied by local ISP NextGenTel. By simply entering the IP address of another NextGenTel user into a standard web browser, users were presented with a webpage containing router status information. The page also revealed the telephone number of the user behind the entered IP address.

Armed with a telephone number and a directory site such as 1881.no, all it took was a few clicks to find out the name and address of the person behind not only the telephone number, but also the original IP address.

After being alerted to the issue NextGenTel took action to fix the security hole by updating the relevant software, but the episode is a shining example of how years of care over personal information can be undone in an instant.

One of Norway’s biggest privacy cases in recent times involved a BitTorrent user who allegedly leaked a hit local movie to The Pirate Bay. Law firm Simonsen had the IP address of the leaker but desperately needed to convert that into a real-life identity in order to pursue legal action. That case went all the way to the Supreme Court when the ISP behind that IP address refused to hand over its customer’s private details.

Needless to say, that lengthy process would have been endlessly easier if that customer had been a NextGenTel customer. Simonsen could’ve accessed the Internet via NextGenTel, entered the IP address into their web browser, and used the telephone number to reach their target there and then – or called round for a visit, whichever was easier.

In a comment to Dinside, NextGenTel CTO Jørn E. Hodne said his company were taking the matter seriously and were attempting to put things right by fixing software and reporting themselves to the country’s Data Inspectorate.

“We’ve started the [software] update and even reported the matter to the Inspectorate,” Hodne said. “The world we live in is very complex, but this is our responsibility.”

Source: TorrentFreak, for the latest info on copyright, file-sharing and VPN services.

source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Crypto is the best way to bust Internet censorship Ladyanne3 6 893 Mar 10, 2024, 15:52 pm
Last Post: maskaw
  Apple is tracking you even when its own privacy settings say it’s not Resurgence 4 11,345 Nov 11, 2023, 06:54 am
Last Post: lustrous
  US: Hidden anti-cryptography provisions in Internet anti-trust bills Resurgence 0 10,284 Jun 23, 2022, 00:57 am
Last Post: Resurgence
  US: Twitter to pay $150m fine to resolve data privacy violations Resurgence 0 10,272 May 29, 2022, 00:52 am
Last Post: Resurgence
  US: Tech industry groups are watering down attempts at privacy regulation Resurgence 0 8,717 May 27, 2022, 00:41 am
Last Post: Resurgence



Users browsing this thread: 1 Guest(s)