| View previous topic :: View next topic |
| Author |
Message |
fourhorses
|
 Posted: 01/ 23/ 08 11:19 am Post subject: Warman's (alleged?) IP Address Discussion |
 |
|
Warman's (alleged?) IP Address Discussion
Fom the Free Dominion disclosure of the IP addresses used to post hate speech on the Freedom.org site, a debate has ensued about whether or not the IP addresses are an accurate portrayal of the identity of the poster.
These are the comments posted at Small Dead Animals:
| Quote: | Cable IP addresses tend to stay the same for long periods of time. Mark was on Shaw cable in Edmonton and he had the same IP address for three years.
We are using Cogeco cable now and we have had the same IP address since we set it up (a year and a half).
But, the IP address is only half the story. The operating system and browser were also a perfect match.
Freedomsite was a small web forum. The chances of two different people visiting that site within a couple of months with the same IP address, operating system and browser (a rather unique set-up that Warman admitted to having) are astronomical.
We are standing by the evidence we have presented, and we will be releasing more of it in the next couple of days.
Don't let them play the divide and conquer game!
Posted by: Connie Fournier at January 22, 2008 10:36 AM |
| Quote: | Generally, on domestic cable systems, IPs are assigned more or less permanently to your computer out of the ISP's block of IPs. A cable router holds the ISP assigned IPs for a multi-computer system, ie a home network, and matches the IP to the computer's network card MAC address when somebody powers up and logs on. Each computer gets its own external IP.
DSL systems dynamically assign a new IP (out of the pool the DSL ISP holds) to the networked computer or router with each fresh logon to the network, and the router dynamically assigns local IPs to MAC addresses (network cards/circuits, be they computers or other devices)
In both cases, the opposite arrangement can be structured, but the default typically is assigned fixed IPs on cable, dynamically assigned on DSL.
Posted by: Skip at January 22, 2008 11:07 AM |
| Quote: | "IP Addresses can be spoofed. They can change frequently. 66.185.84.204 could be assigned to one computer today and another computer tomorrow."
That's true, but somewhat irrelevant. A spoofed attack has a major weakness; the return address is spoofed. Thus it could not be used to post on a website as that requires two-way communication. Spoofing is generally used as a penetration aid or as a track-covering in a DOS attack. Perhaps you are thinking of using a proxy to hide your IP? Once again, that wouldn't result in what is being claimed. And from experience, and from the statements of the ISP, these kinds of addresses are very stable, unlike dial up connections.
Frankly, given the evidence, the only real possibility other than the one asserted by Freedominon is that the logs have been faked. That's why one should say "alleged" until it is looked at by the courts or the HRC.
Posted by: the rat at January 22, 2008 1:10 PM |
| Quote: | I would like to add further comments to the issue of the IP addressing. It seems to me that only one poster, "the rat" has understood how IP spoofing really works. For reasons that s/he has stated and many more, IP spoofing is simply a non-starter in this case. That is not what happened.
"My point is only that anyone whose "expert opinion" (as was stated in the affadavit) is that because the IP address is the same, the person posting must also be the same, ought not to be giving expert opinions about networking; because that argument can be destroyed (at least for courtroom purposes) in about 5 seconds flat by anyone who has a basic understanding of DHCP and network address translation."
The issue of static/dynamic IP address is another matter. Many posters have pointed out the possibility of dynamic IP addressing and the very real possibility that an IP address can be assigned to one computer today and a different one tomorrow by the ISP. While this is true, there are additional details that need to be mentioned even in the case of dynamic IP addressing.
The IP address in question was 66.185.84.204 . Each of the four components of the "dotted quad" have a range of from 0 to 255. If a personal computer is connected to the router of an ISP and the network connection is broken, the router (in dynamic IP addressing) may assign the IP address to another computer or it may also assign it to the same computer if that same computer wishes to establish another connection. The key is that the router is tied to the subnet described by the first 3 components (Class A,B,C) of the "dotted quad" (66.185.84) and the router assigns only the 4th component to the end user. In this case, the router assigned "204" as the 4th component (Class D) of the "dotted quad". To be assigned an IP address having the same Class A,B,C as Mr. Warman's computer would mean that the other computer in question was close physically to Mr. Warman's computer. That closeness would be a radius greater than his own neighbourhood but would probably not be more than a few miles.
Please consider the Browser/OS combination:
http://www.cdlib.org/inside/assess/cdlweb_stats/2002-12/browser.html
Both computers were using Windows 98. The above website says that the browser of choice (Mozilla) coupled with the OS of choice (Windows 9 in 2002 (less than a year from the time in question of the posts) is used by users 3.3% of the time.
So let us review the evidence again.
We are being asked to consider the possibility that a computer within a radius of about a few miles from Mr. Warman's computer, that was configured the same as Mr. Warman's which happened to be the same as only 3.3% of Internet browsers, that a user using this computer accessed a rather obscure Web site that is not of interest to general users within a time period of only a few months from when Mr. Warman accessed that site was actually the same as Mr. Warman's.
It was on the strength of this that yesterday I submitted my complaint to the Law Society of Upper Canada. I did not detail my argument this way but I will if they contact me for further information. I simply asked them to investigate.
I suppose that the strength of this argument was sufficient for the CHRT ruling. I agrre with John g that it is not sufficient to withstand the stronger demands of evidence in a criminal trial, it seems that it is sufficient to get a warrant to subpeona the records of Rogers. The logs of Rogers will be detailed enough to ascertain to whom the IP address was assigned to on the day in question.
I agree with others that the comments in question do not constitute "criminal hate speech". However, if these comments were made as part of a larger conspiracy to have Web sites shut down or to gain financial compensation through civil proceedings, does that not constitute a crime? If so, the logs from Rogers will be needed.
Does anyone know if police authorities are involved in this capacity?
Posted by: Brent Weston at January 22, 2008 4:39 PM |
| Quote: | On the IP addresses can be spoofed line. Sure. It's just highly improbable that this is what happened. Someone would have to want to get Warman in trouble to do this, and know, in September, what IP address he was using, when he (according to his own testimony) only registered an account in November.
Moreover, with that level of technical sophistication they'd only make posts over a month away from when he actually created his ID in November? Seems improbable.
More likely (though still presumably improbable), someone could have edited the log files at Freedomsite to make that IP look to be guilty of making the racist post about Senator Cools. I consider this unlikely, though I can't judge how unlikely. Again, it's an odd thing to do.
As for the idea that the address remained the same for over a month, that's certainly possible for Rogers subscribers (especially from that era). I know mine remained the same for over a year, despite repeatedly powering down the modem for extended periods.
Mr. Warman apparently argued that he did just that; unless he also (via command line tools or his router) released his lease on the IP address, this would be unlikely to have resulted in a changed IP address being assigned when he powered back up.
As Connie Fournier says, however, the fact that Windows 98 and MSIE 6 were being used is extremely interesting. According to W3schools.com, about 12.1% of their users were Windows 98 users in September 2003; about 10.9% in November 2003.
Windows 98 was an uncommon OS at the time, though possibly more common than 10% as visitors to the W3schools site tend to be browsing enthusiasts slightly more likely to have newer technology.
The figures for IE6 for around that time are about 70%; it was the most common browser. Nothing unusual there, though I suspect a lot of Windows 98 users were sticking with the less demanding IE5 at the time, making IE6/Win98 a slightly odd combination.
If we knew the browser resolution and colour depth (also available in most logs), we'd have another interesting datum to further narrow things down.
As for the poorly secured wireless access point argument, I tend to discount that, given that the September computer was running Windows 98. It would be unusual to find a machine that old running semi-current wireless technology. By no means impossible, and true, it could have been a business-class notebook (4-5 years old though?) that was so-equipped. (Any newer and a business-class machine would almost certainly have been running Windows 2000 or XP).
I'm afraid I don't think much of the expert witness, Mr. Klatt, and neither did the Tribunal. They appear to have concluded he was biased, and, having read his affidavit, I'm somewhat underwhelmed. He does not come across as technically sophisticated, and I think he overstates some conclusions. On the other hand, if he did the basic investigative work, that's a mark in his favour.
I don't think I could conclude beyond reasonable doubt that, assuming no tampering with the logs took place, someone using Mr. Warman's computer made both postings, but on the balance of the evidence, I think it quite likely. Perhaps even extremely likely.
Kathy Shaidle is correct to be cautious; as I've written above (and as others have noted) there are other possibilities, and without Rogers saying "Yes, this was Mr Warman's IP address at the time of the first posting in September" we cannot conclude anything beyond reasonable doubt.
Regards,
-Holmwood.
Posted by: Holmwood at January 22, 2008 4:51 PM |
http://www.smalldeadanimals.com/archives/007879.html |
|
| Back to top |
|
 |
Sponsor
|
Use PayPal to make regular monthly $20 donations to the free speech cause - quit any time! Or make a one time donation!
|
 |
fourhorses
|
| Posted: 01/ 23/ 08 11:20 am Post subject: |
|
|
Do the math….
We have notes posted suggesting that as low as 3.3%, and as high as 12.1 % of internet browsers would have that software combination.
We have other notes suggesting a possible IP address radius of up to 3 miles. As Warman is noted to live in Ottawa, a radius of 3 miles may encompass perhaps 25,000 – 50,000 people.
Stormfront is a US site and from the HRC files, it seems that some Canadians do post on that site.
The math:
America’s population: 330,000,000
Ottawa radius population: 25,000 – 50,0000
Software combinations: 3.3 % - 12.1 %
The probability of someone else posting:
Low end probability: 3.3% x (25,000/330,000,000) = 0.00025 %
High end probability: 12.1% x (50,000/330,000,000) = 0.00183 % |
|
| Back to top |
|
|
fourhorses
|
| Posted: 01/ 23/ 08 11:25 am Post subject: |
|
|
Possible correction ..
I did not include all of Canada's population, which would have been in the 30,000,000 range.
Add those numbers to the US population to capture Canadians with Americans, then calculate the Ottawa 3 mile radius and the software combination, and the probability would drop by about another tenth ? |
|
| Back to top |
|
|
 J.B. Stone
Joined: 11 Apr 2003 Total posts: 42062 Location: Northwest Montana Age: 61 Gender: Male
|
| Posted: 01/ 23/ 08 11:28 am Post subject: |
|
|
| fourhorses wrote: | Possible correction ..
I did not include all of Canada's population, which would have been in the 30,000,000 range.
Add those numbers to the US population to capture Canadians with Americans, then calculate the Ottawa 3 mile radius and the software combination, and the probability would drop by about another tenth ? |
I'm not all worked up on this...but, wouldn't you have to restrict your "calculations" to those with internet service...??? |
|
| Back to top |
|
|
Frankie
Joined: 30 Mar 2003 Total posts: 6591 Location: Ontario Age: 11 Gender: Male
|
| Posted: 01/ 23/ 08 11:32 am Post subject: |
|
|
| Quote: | Possible correction ..
I did not include all of Canada's population, which would have been in the 30,000,000 range. |
Is it even possible for the I.P. address to be from the United States?
I don't know much about the I.P. in question but I don't know anyone in the States who use my Internet cable provider.
_________________
The opinions expressed by the above poster are his own and do not necessarily reflect the views and opinions of the forum's moderators or owners. Questions and comments can be sent to the boy on the left. |
|
| Back to top |
|
|
fourhorses
|
| Posted: 01/ 23/ 08 11:39 am Post subject: |
|
|
| J.B. Stone wrote: |
I'm not all worked up on this...but, wouldn't you have to restrict your "calculations" to those with internet service...??? |
That would be one way of doing it. This just looks at possible "people other than Warman", who could post. - the population in that Ottawa radius vs the total population. If everyone had a computer and internet access, these would roughly be the odds.
If 80% had a computer and internet access, you would multiply both the Ottawa radius population by 80% and the total population by 80%, yielding the same odds.
You could get fancy and calculate how many in the Ottawa radius had internet and calculate how many in the total piopulation had internet access, and multiply out by those stats respectively - still the change in odds would be in a minimal amount, as I think you would find there is a similar distribution of internet access across America as there is in Canada or Ottawa. |
|
| Back to top |
|
|
fourhorses
|
| Posted: 01/ 23/ 08 11:42 am Post subject: |
|
|
| Frankie wrote: |
Is it even possible for the I.P. address to be from the United States?
|
No.
That's why the 3 mile radius limits the population to the Ottawa region. If anyone could possibly have that assigned IP address range, then the probability of anyone in the general population would may have posted it, would rise very significantly.
This is the issue these folks who posted on SDA are raising. They have already addressed the static / dynamic address concept and the power downs of the modem / routers. |
|
| Back to top |
|
|
| Mark Fournier Member
Joined: 06 Jan 2001 Total posts: 15602 Location: Kingston, ON Gender: Male
|
| Posted: 01/ 23/ 08 11:49 am Post subject: |
|
|
I have had the same IP address since moving into this house a year and a half ago. When I lived in Edmonton I had the same IP address for three years.
_________________
"If it takes force to impose your ideas on your fellow man, there is something wrong with your ideas. If you are willing to use force to impose your ideas on your fellow man, there is something wrong with you." - Entropy Squared |
|
| Back to top |
|
|
Frankie
Joined: 30 Mar 2003 Total posts: 6591 Location: Ontario Age: 11 Gender: Male
|
| Posted: 01/ 23/ 08 11:50 am Post subject: |
|
|
I found a few good pieces of info:
http://www.abika.com/help/IPaddressmap.htm
http://www.all-nettools.com/toolbox
This artcle was also interesting:
Few have the expertise to stay secret in cyberspace
By DAN RICHMAN
SEATTLE POST-INTELLIGENCER REPORTER
Online lawbreakers, beware. It is nearly impossible to remain anonymous on the Internet.
Music download scofflaws and child-porn traders alike are learning that the seeming anonymity of the Web is a myth.
"Most people don't understand the technology well enough to remain unknown," said Jim Graham, a spokesman for online security firm BayTSP Inc. of Los Gatos, Calif.
All computer users going online are automatically assigned what's called an Internet protocol, or IP, address by their Internet service provider, or ISP.
Users with always-on Internet service through their cable or phone companies may retain the same IP address for days or weeks. People using dial-up service may be assigned a new IP address each time they connect.
In either case, the ISP maintains a Dynamic Host Configuration Protocol log that records, to the second, who is using which IP address. That means an ISP knows every instant which of its customers are online. But it does not usually track where they go once they get online.
In cyberspace there are many destinations. Many people only know about Web sites. But there are also tens of thousands of newsgroups, which contain text and images devoted to extremely specific topics. Newsgroups, which were among the first practical uses of the Internet, can be accessed through Web browsers or dedicated reading software.
There are also peer-to-peer networks, which open part of each participant's hard drive to other people on the network.
A computer user's IP address will very likely be recorded upon visiting a Web site, and could be recorded upon visiting a newsgroup or a peer-to-peer network, Graham said.
Posting material -- a text file, an image, a digitized movie or piece of music -- to either a Web site or a newsgroup, as opposed to simply viewing material, significantly increases the odds that the poster's IP address will be logged or easily discoverable there. In fact, the IP address is often attached to postings.
As to peer-to-peer networks, sleuths such as BayTSP can enter the network and identify participants storing copyrighted or unlawful material on their computers. When the investigator is directed to any one participant, it's through the participant's IP address.
Once the IP address of a suspected wrongdoer is discovered, a publicly accessible database maintained by the American Registry for Internet Numbers, of Chantilly, Va., can link that IP address to an Internet service provider. The provider can then be contacted to determine the identity of the individual computer user.
If the user is outside the United States, agencies similar to the American Registry can be consulted and their databases tapped.
Internet service providers must usually be subpoenaed before they'll reveal a customer's identity, Graham said. Most providers warn customers they will reveal such information if compelled to.
Some computer users seek anonymity in visiting or posting to Web sites or newsgroups by using computers called proxy servers, known colloquially as anonymizers.
A computer user logs into a proxy server, which then assigns a new IP address traceable only back to the proxy server, not to the user through the Internet service provider. But the IP addresses assigned by the proxy server can be traced back to it, and so can be linked to the users, Graham said.
The Free Network Project (http://freenet.sourceforge.net/) claims to promote freedom of speech through anonymity achieved by using a decentralized network. It does provide a good measure of anonymity, but it's so slow that "it takes days to download a file," Graham said.
http://seattlepi.nwsource.com/business/166607_tracking27.html
Want to find out your info?
http://www.ipaddresslocation.org/
_________________
The opinions expressed by the above poster are his own and do not necessarily reflect the views and opinions of the forum's moderators or owners. Questions and comments can be sent to the boy on the left. |
|
| Back to top |
|
|
| Mark Fournier Member
Joined: 06 Jan 2001 Total posts: 15602 Location: Kingston, ON Gender: Male
|
| Posted: 01/ 23/ 08 12:10 pm Post subject: |
|
|
This reminds me of Rathergate in that the internet community is pooling its resources and abilities to uncover villainy most vile.
_________________
"If it takes force to impose your ideas on your fellow man, there is something wrong with your ideas. If you are willing to use force to impose your ideas on your fellow man, there is something wrong with you." - Entropy Squared |
|
| Back to top |
|
|
| Connie Fournier Member
Joined: 06 Jan 2001 Total posts: 22166 Location: Kingston, Ontario Age: 44 Gender: Female
|
| Posted: 01/ 23/ 08 1:08 pm Post subject: |
|
|
| Quote: | | I don't think I could conclude beyond reasonable doubt that, assuming no tampering with the logs took place, someone using Mr. Warman's computer made both postings, but on the balance of the evidence, I think it quite likely. Perhaps even extremely likely. |
I think I can help with that.
The logs were submitted as evidence and they were never challenged because they were pulled directly from the server and the last modify date was around the time of the Cools post (which was well before Lucy ever registered).
_________________
"...single men must have access to donor eggs and “gestational carriers.” - David Johnston, Governor General Appointee
(The man Stephen Harper calls "the best of Canada") |
|
| Back to top |
|
|
CdnRepublican
Joined: 10 Aug 2005 Total posts: 9431 Location: Jerusalem, beating back the hordes of the anti-christ. Gender: Unknown
|
| Posted: 01/ 23/ 08 1:43 pm Post subject: |
|
|
| Frankie wrote: | I found a few good pieces of info:
http://www.abika.com/help/IPaddressmap.htm
http://www.all-nettools.com/toolbox
This artcle was also interesting:
Few have the expertise to stay secret in cyberspace
By DAN RICHMAN
SEATTLE POST-INTELLIGENCER REPORTER
Online lawbreakers, beware. It is nearly impossible to remain anonymous on the Internet.
Music download scofflaws and child-porn traders alike are learning that the seeming anonymity of the Web is a myth.
"Most people don't understand the technology well enough to remain unknown," said Jim Graham, a spokesman for online security firm BayTSP Inc. of Los Gatos, Calif.
All computer users going online are automatically assigned what's called an Internet protocol, or IP, address by their Internet service provider, or ISP.
Users with always-on Internet service through their cable or phone companies may retain the same IP address for days or weeks. People using dial-up service may be assigned a new IP address each time they connect.
In either case, the ISP maintains a Dynamic Host Configuration Protocol log that records, to the second, who is using which IP address. That means an ISP knows every instant which of its customers are online. But it does not usually track where they go once they get online.
In cyberspace there are many destinations. Many people only know about Web sites. But there are also tens of thousands of newsgroups, which contain text and images devoted to extremely specific topics. Newsgroups, which were among the first practical uses of the Internet, can be accessed through Web browsers or dedicated reading software.
There are also peer-to-peer networks, which open part of each participant's hard drive to other people on the network.
A computer user's IP address will very likely be recorded upon visiting a Web site, and could be recorded upon visiting a newsgroup or a peer-to-peer network, Graham said.
Posting material -- a text file, an image, a digitized movie or piece of music -- to either a Web site or a newsgroup, as opposed to simply viewing material, significantly increases the odds that the poster's IP address will be logged or easily discoverable there. In fact, the IP address is often attached to postings.
As to peer-to-peer networks, sleuths such as BayTSP can enter the network and identify participants storing copyrighted or unlawful material on their computers. When the investigator is directed to any one participant, it's through the participant's IP address.
Once the IP address of a suspected wrongdoer is discovered, a publicly accessible database maintained by the American Registry for Internet Numbers, of Chantilly, Va., can link that IP address to an Internet service provider. The provider can then be contacted to determine the identity of the individual computer user.
If the user is outside the United States, agencies similar to the American Registry can be consulted and their databases tapped.
Internet service providers must usually be subpoenaed before they'll reveal a customer's identity, Graham said. Most providers warn customers they will reveal such information if compelled to.
Some computer users seek anonymity in visiting or posting to Web sites or newsgroups by using computers called proxy servers, known colloquially as anonymizers.
A computer user logs into a proxy server, which then assigns a new IP address traceable only back to the proxy server, not to the user through the Internet service provider. But the IP addresses assigned by the proxy server can be traced back to it, and so can be linked to the users, Graham said.
The Free Network Project (http://freenet.sourceforge.net/) claims to promote freedom of speech through anonymity achieved by using a decentralized network. It does provide a good measure of anonymity, but it's so slow that "it takes days to download a file," Graham said.
http://seattlepi.nwsource.com/business/166607_tracking27.html
Want to find out your info?
http://www.ipaddresslocation.org/ |
| Quote: |
Some computer users seek anonymity in visiting or posting to Web sites or newsgroups by using computers called proxy servers, known colloquially as anonymizers.
A computer user logs into a proxy server, which then assigns a new IP address traceable only back to the proxy server, not to the user through the Internet service provider. But the IP addresses assigned by the proxy server can be traced back to it, and so can be linked to the users, Graham said. |
He is right and that is the key. Even with a proxy or a virtual tunnel the receiving website will still store the originating IP address.
A proxy is useful only if you want to stop sniffing on the actual link to the site, or a transaction to that site. Once you connect to an end site and do something like post, the original IP is used. Ie. there is no dynamic way to hide your IP address at the end site. Proxies are useful to stop unwarranted sniffing and hide your identity but only to the point of the end site. |
|
| Back to top |
|
|
| Karthanon Joined: 10 Jun 2004 Total posts: 329 Gender: Unknown
|
| Posted: 01/ 23/ 08 2:01 pm Post subject: |
|
|
You could always run your own Tor node, I suppose.
Want to know who owned the IP on the days those posts were made? Ask the ISP (if they still have the DHCP server logs) - it should have a record of who was given that IP address.
Even better, if it snagged the MAC address of the originating network adapter that the IP was assigned to - well, there you are. MAC's are unique, and you would pretty well have physical proof that that adapter was used in a computer that was assigned that IP.
There are ways to modify your MAC, of course - if you have a flashable device (most NIC's don't have that). Could always post using a NAT router which clones your MAC, too, though.
You'd still need physical access to the NIC to check it, though. |
|
| Back to top |
|
|
| cinyc Location: New York Gender: Unknown
|
| Posted: 01/ 23/ 08 5:08 pm Post subject: |
|
|
| From what I understand based on the transcript in the Lemire case, Rogers no longer has the IP logs from 2003, in compliance with its IP log retention policy. They seem to keep the records only as long as legally required. |
|
| Back to top |
|
|
fourhorses
|
| Posted: 01/ 23/ 08 5:21 pm Post subject: |
|
|
| cinyc wrote: | | From what I understand based on the transcript in the Lemire case, Rogers no longer has the IP logs from 2003, in compliance with its IP log retention policy. They seem to keep the records only as long as legally required. |
If so, then we have the balance of probabilities by which things must be judged.
Until someone corrects my numbers, the probability fit is closer than DNA evidence. |
|
| Back to top |
|
|
Sponsor
|
Use PayPal to make regular monthly $20 donations to the free speech cause - quit any time! Or make a one time donation!
|
|
|
| Warman's (alleged?) IP Address Discussion |
|
| Goto page 1, 2 Next |
Page 1 of 2
All times are GMT - 5 Hours |
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
