Privacy Implication to streaming movies and giving up your IP address

It is dangerous for you to put out this kind of misinformation about IP addresses - your statement is patently false. An IP address is not akin to giving out your house address. Even using the ARIN database to do a reverse lookup on an IP, the most you find out is that the block of IPs it is in is registered to a particular ISP. Our IP addresses are given out constantly - to every web site we visit, every message we post in forums, and in many other ways.

It is fine to raise the issue and your original privacy concern was fine, but don't add to it with something that is just not true. That kind of hyperbole doesn't suit anyone.

Actually, Chris, it's *more* dangerous in some ways.

There are plenty of websites / newsgroups where I could plunk down your IP address and get you into looooads of trouble.

For example, using IP spoofing I can visit illegal websites with your IP address (*I* can't see the content, but that's not the point. I just want to get your IP address in their logs)


I can also invade your computer from afar. Invading your house from afar would be quite tricky.

Using a DOS attack I could probably keep you from going into SL by causing massive latency on your box.

I agree, it's not exactly the same, but if you are savvy you'll find it's a host to all sorts of new and different dangers.

And, yeah, but given some of the stalking, h8, business relationships going sour, and personal relationships going sour, I would be worried about handing out my IP address to fellowers SLers than I would be to anonymous websites which really have no investment, emotional, business, or otherwise in me or anything about me.

If you don't believe me, come visit my parcel and its streaming media and I'll show you what I mean.

Mooahahahahah!

I hope nobody can read this!

Heh, ran nmap, what, a mail server, web server, a shout cast server or two, maybe my VPN ports, and a few others. Oh my, I'm getting scared. Btw, if you scanned me, then my firewall logs have you already and my other services have you logged as well. Oh my goodness, I have your IP!!! Guess what, you've just demonstrated how easy it is for anyone to get your IP address on the internet. Just demonstrating again, how you have an affiniatey to localize your rederick on everything involving SL in some form or another.

As for your assumption I don't run a firewall, needless to say, you're quite wrong, in the tune of several thousand dollars worth of firewall and IDS. What you see is what I want the world to see.

As for what does having an IP do? As others have mentioned here, its in no way your IP provides anyone any other information other then the approximate region (which by using tunnels/VPNs, PNAT, private leased line or other mechanisms such as anonymous proxies can easily be wrong) and does not provide nessarily provide any meaningfull information. Its not your SIN or any other meaningful information.

Maybe in the hands of skilled individual, it may be somewhat valueable, but generally, as said before, most people are using firewalls that won't even acknowledge SYN or ICMP echo packets from other hosts on their outside interfaces. Hmm, you may be exposed to a DoS attack at worse (more your ISP).

As for your whole "I can spoof you and get you in trouble" arguement, sorry, never seen a spoofed packet get someone into trouble. Furthermore, spoofing is not very useful for any stateful connection and so "visiting illegal sites" goes out the window. We're talking about a situation where it won't even make it to most application's logs as a SYN is sent, but the SYN ACK goes to the wrong place and ignored, so no session gets established. Hmm, the most you may do is generate a log entry in a firewall or a few lines if someone is sniffing?

I agree with Chris hole heartedly. You are once again running around like "chicken little" to cause false alarm and concern. Maybe a less technically savy audience would be concerned at this point, but it seems for the most part, all the individuals in here are not that concerned with your rederick. The most you have done is reinforce the advice of running some sort of firewall.

As for Jack and his ramblings, he has a great point. How easy is it to get an IP address of any given box on the internet? Even the lindens pointed out how easy it is to bypass the ****** in the field for streaming with a simple netstat. Having said this, what value is my personal desktop computer versus the countless boxes out on the internet that handle countless thousands of dollars worth of business at any given time or handle valueble data?

Another point, all of the servers I operate have 20+ active connections at any given time. So who's who? I don't see any "IP Such and Such = Blaze Spinnicker". Sure, correlation could occur, but its still tough.

Finally, most people in second life are using third party shoutcast and video sources, as they don't posess the finacial funds to do it themselves. Having said this, does Club 977 have any clue who the hell you are, and that you are infact "Blaze Spinnicker" inside of a metaverse called "Second Life"? I think not.

Here's a question, does anyone out there (and don't answer this one Blaze, its for others), share Blaze's paranoid point of view? We're kind of one sided right now and Blaze needs a hand.




I agree, this is more of a problem. This is where "getting an IP" is much more of a problem. Of course, everyone is welcome to use my own shoutcast servers on their land, but often others cannot afford to get big stream servers. I guess its just a limitation we have to live with in the implementation of the streaming. Don't get me wrong, I really don't see any other effective way for LL to provide us our audio/video streaming capabilities, but its somewhat understandable about "URL stealing" being a pain to many.

How about, we get provided the info, and we decide invidually what it means to us and how to react to it. If somebody wants to post what the information could actually be (or not be) used for, that's fine. I didn't see Blaze say anything like "immediate and serious threat you must take action immediately!!!". He just said...if you didn't know, here ya go.

You see? Even a technically savvy dude like yourself doesn't even know all the stuff he's running. I suggest you nmap yourself. You'll find it a bit surprising.



Well, I could have been running nmap from a cracked box.



Heh heh, OK you sound like you know what you're talking about. However, I guarantee the vast majority of SL does not and breaking into insecure boxes is fairly easy to do these days.

As for what does having an IP do?



Information like this, when used in conjunction with other data points, can be used to develop a profile.



This is not the worse.


OK, you could be right about this. However, it will set a firewall log entry. I could probably hit a bunch of military sites with your IP and the FBI would put you on a watch list.


No, you are, like everyone around here, are inferring alarm and drama. I happen to find, intellectually, that this is an interesting problem. I even proposed a solution (proxies) to the problem.

Trimda what you've done, and I won't bring this up again, is developed a personal perspective of me and you are using it to color any discussions between us. Clearly, you're a very technical and bright fellow and I found your post to be the only truly interesting one on this thread. Too bad it has to be packaged in such emotionally colored language.


Again, excellent excellent advice. I should have suggested it myself.



I don't understand. Someone enters your parcel, and a log entry in your apache logs appears about quicktime. It's pretty obvious where it's coming from..



True. The vast majority of SL can not use this.. But if you would like to control your information, it's good to be aware.



Ahah. Fortunately for me, appeal to popularity is a logical fallacy.

Let's just say, I've seen some very very ugly things thrown around in this forum and in the WA.

Certainly, some of these people are technical, and I can see them wanting to 'strike out' against one another. You can't do this physically over the internet, but given the right info you can do other, very damaging things, across the internet.

Giving away your IP address is one tool you are providing people who may be very angry at you for no particularly good reasons.

Welcome to 1995

Edit: Oh and if you really want to impress us with scary scans, use Nessus. Nmap is so ... plain.

Now the FUD is out of the way, the truth is most people are at far greater risk simply browsing the internet. Not much can truly be done with an IP address. Yeah yeah I know about GeoIP etc. Im not very concerned, and I wouldnt recommend anyone else be either.

I don't know about LindenLabs, but did you know that they keep all the doors locked at EverQuest headquarters?

There's a reason you need to be extra secure when participating in these types of environments.

Imagine if for example, someone thought you had scammed them out of money because one of your casino machines was cheating people. Imagine now, they wanted revenge!

I fail to see the relevance to anything. Most companies keep their doors locked. Its called security. If you are insinuating that someone might show up at my house ... well thats what shotguns are for hun. Thats assuming they were able to actually derive my address from my IP, which they most likely cannot.

Hmm, you didn't read this thread, did you?

I'm insinuating that SL has its fair share of the crazies out there, and a little extra precaution probably wouldn't hurt. The firewall suggested above is a good idea..

A firewall is mandatory as far as I am concerned just to be on the internet in the first place.

SL does not pose any greater threat than the numerous worms that are already in the wild. In fact if your box can be pwned by a 'sploit then chances are it is already part of a botnet anyway.

Much ado about nothing

Yes, but worms are randomly destructive. People are conciously so.

I tell you what though, I'll make the same offer to you that I made to Christiano. If you don't think it's a big deal, why don't you hover over my parcel with streaming turned on?

Or if that is too much trouble, post your IP address in the forum in the same way Trimda did.

Its a moot point. If you already got pnwed then its over long before you get to SL. Not only that but in general, worms et al generally "phone home" to IRC anyway and let their owner know he has another boxxen for their collection. At that point it becomes as malicious if not more so than if it was someone in SL.

Here is the short rundown:

IF you are on the internet running and insecure setup, you WILL have your computer compromised. And it will happen QUICKLY. Average time from connection to full exploitation of a Windows XP computer (SP1) out of the box is 20 minutes. SP2 takes a little longer (no its not immune LOL! It has to be patched too).

All the time, people are constantly using Nessus all over the internet. If you have a visible IP, you are getting scanned for weaknesses. Period. SL does not add any sort of signifigant risk on top of that. Not by a long shot.

Anyone on the internet should EXPECT hostile action toward their computer at ANY time. Period. Trying to spread FUD about SL streaming media giving away an IP address is pretty much hand waving.

-AP

My streaming is on. Give me a reason to be there sometime and then you can get it I dont mind but I am not going out of my way.

Bear in mind that I do have IDS and I do report/press charges against those who attemtp to compromise me in any way.

So DoS away. Hopefully they will let you continue to play SL from prison

-AP

That's not really the point.

The point is you hesitate and you are obviously concerned, or you would have freely posted your IP address much in the same way Trimda did.

Now, think of someone who doesn't know what IDS stands for?

They're going to be pretty vulnerable and haphazardly handing out their information without knowing they're even doing it is pretty risky.

Also, our anonyminity in SL is a big part of the experience. We can fail or make a complete fool of ourselves without worrying about the ramifications.

My particular IP address would reveal to anyone who bothered to check that I live in a fairly small community of a few thousand, for example. It wouldn't be particularly hard from there to figure out who I was because of my various technical affiliations.

You are rehashing the same thing over and over again.

If the person who didnt have ANY firewall protection etc is on the internet with an unpatched computer THEY ARE PROBABLY ALREADY COMPROMISED.

SL does not add a signifigantly higher risk of anything. THEY ARE ALREADY COMPROMISED AND PWNED. If they took the steps necessary to prevent being compromised in the first place, then SL adds no extra danger.

Worst case is a DoS. Then, they dont have to even have an IDS (much less know what it is). They just call their ISP with a problem, who then discovers some dingleberry is DoSing you.

-AP

Also, while I have never hacked anything in my life, I have managed an architecture team for a dot com. We had a number of break ins and DOS attacks. We couldn't get the FBI interested unless the attack costed us more than 20$K in damages.

You have my deep admiration if you think anyone will pay attention to your concerns.

Oh and here is my IP address LOL:

192.168.1.34

Ahaha. You see what I mean? Scaredy-cat.

You'd be surprised what knowing the right person can do for ya.

No, honest. That is indeed my IP addy.

It can do alot. Just like knowing the right people to give your ip address to

Yes, and my IP address is 192.168.1.15 ... err, actually 192.168.1.56 (sorry)