Wednesday, August 02, 2006

Common Internet Myth #12 - An IP address represents a single user

The Explainer is a column on Slate that is usually good at explaining annoying minutia or trivia. This latest column fails short of the mark. The column cover how the MPAA finds people who share on p2p networks such as bittorrent, heres' their factual error

"At this point, the security firm will have the screen name and the IP address of the person they suspect of trading copyrighted material. An IP address is a unique identifier that your computer gets whenever you log on to the Internet."

Well yes and no. While in individual has an IP address it may not be a true routable IP. For example my computer has an ip address of 192.168.1.100 because I have a home wireless network (192.168.1 is a no routable IP and commonly used in home setups). My wireless linksys router has internally assigned IP address that my ISP uses but once again is not a true (ie routeable on the Net) IP address of 10.3.241.11 .

The IP address that shows up when I use http://www.showipaddress.com/ is 67.131.78.241. In fact anyone using my local provider (Desertgate is Las Vegas NM) shows this very same IP address. In short an IP address is less a unique identifier and instead it's a machine (in this case Desertgate's outgoing router) on the network.

The post is inaccurate for several reasons. You assume that everyone on the net is assigned a routable IP. This simply isn't feasible anymore. Large networks such as AOL have similar cacheing and routing schemes. True IP addresses are expensive and giving every user a routable IP just isn't feasible.

This the problem with the explanation for certain networks, the IP address of all the users would be the same. Yet the explanation implies that the ip address is unique to each user. While a user indeed has a unique IP address, very often that IP address is not routable and is private to the ISP. Yet the security firm is only able to see the public facing IP (which in all likelyhood is a router). The post leaves the impression this is akin to a fingerprint and a unique identifier.

This highlights the problems with the approach that MPAA has taken. The find out the IP address and then send out blanket lawsuits to the people who could have that IP. Most people lack the financial means to fight them and simply settle for 2-3K . Leaving out the fact that an IP addresse can represent hundreds or even thousands of users means it's less of a smoking gun and more of a smoky haze. Sure there's a fire there but you have no idea may be responsible for it.