OT - Last night the report on Eschelon has me wondering...

greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread

does the NSA with all of the techno-geewiz electronic sophistication that exists today, have the ability to monitor "LURKERS" at various sites.

I understand the principle of how e-mail can be "legally" intercepted as you send it from N.Y. to L.A. and it goes via London to Ottawa to L.A.

But does anyone out there know if there is a system in place that can not only tell how many "hits" a particular web site gets per day, but also the ISP of the viewer, and the individual PC telephone number from which the site is being viewed?

I'm not talking about hackers or crackers, just regular Joe computer users that (for example) observe at www.yourdon.com but do not participate. Any answers?

-- Marc (Marc@bigsky.now), December 14, 1999


The information you mention is *not* stored in a central place. For example, the web host logs number of hits, etc., and your ISP *may* know your phone number, but there is not a single "system in place" that allows regular Joe to know any of the information you mentioned.

-- Wingman (-@-.-), December 14, 1999.

Your unique identifier number is logged on the server (and others it goes through) and CAN be traced back to you. Even if you just LURK, the fact that you went into the server at Yourdan's can be detected (by intercept anywhere along the lines) and backtracked to your account. The technology does exist for this and by government standards, is low-tech to them by now. Your internet travels MAY not be as private as you think. With a few keystrokes and maybe a phone call, you are known.

Janet Reno has given permission for so many intercepts (can't remeber the qualifications) but I have yet to see where the Gov. obeys their own rules.

-- Rob (maxovrdrv51@hotmail.com), December 14, 1999.

Oh, BTW, if you wish to visit sites with a little more privacy, you may want to search out an anonymous server. I think Anonymizer.com (http://www.anonymizer.com/3.0/services/index.shtml) offers some surfing privacy. I sure wouldn't count on complete anonymity though, even at that. FYI.

-- Rob (maxovrdrv51@hotmail.com), December 14, 1999.

Traffic over the internet always has some kind of an address on it. When you click on a hot link, you are sending a message containing an explicit request that the page be sent to you, and your address. In return, the server sends that page to the address you supplied, as a package with the address on it, pretty much like a post office package. All these messages go through a limited number of machines, and sometimes many machines on the way to you, but there is no single machine that carries all the traffic.

So a data-collection tool, reading all the traffic going over any one machine, could get a pretty complete picture of all the sites visited by any one person. Doesn't matter whether you looked, lurked, posted threads, whatever. It would take a real cruncher to handle all that information, but it's possible.

Anybody else with more web experience than me, feel free to chip in.

-- bw (home@puget.sound), December 14, 1999.

Difficult but techicnally possible. Probably the biggest factor is what info is your ISP tracking and what are they willing to give up short of a court order.

Btw, where your computer goes is NOT the same as where you go. I write programs (in Java) that interface with search engines and then filter out unrelated sites by visiting them and checking to see if they contain the data the program is looking for. Sometimes they continue crawling the web using links found at these sites. Web 'snapshot' programs like Teleport Pro (which is a good general-purpose tool) do similar things.

Now anyone looking at my IP log won't know what to make of it because these programs go EVERYWHERE. There is no way for anyone to know what I was 'looking at' when my machine is connected to 10 different sites at the same time. It's just not a reliable indicator of what a person is doing/reading.


-- TECH32 (TECH32@NOMAIL.COM), December 14, 1999.

Not even especially difficult. A couple of years back I was having problems with a disruptor on a forum I was running. The forum required you to self-register but phoney email addressed could be entered. Each time his account was deleted, he simply re-registered under a different name.

Repeated requests for the disruptor to leave were ignored. When the disruption turned to threats against forum participants, I tracked the poster to a high school library in Minneapolis. Turned out the disruptor was a 16 year old student with too much time on his hands.

Unfortunately, because of his age and the fact that his threats were directed against various racial and social groups, his acts fell under hate-crime legislation and he was charged accordingly.

A simple sniffer/packet capture utility was all that I needed to identify the trouble maker and provide documented evidence to law enforcement officials. Certainly, even better technology and access is available to law enforcement directly.

By routing your posts through anonymizers (such as http://www.anonymizer .com/3.0/index.shtml), you can make the task more difficult but far from impossible.

But by far the easiest way to identify someone is by the content of their posted messages. A profile can easily be developed based any number of criteria that can be determined - frequency and time of posting, language analysis, depth of knowledge, etc, etc. - the more frequently you post, the more information you provide to the profiler.

So no, there is almost no chance of you hiding your real identity from any person or organization determined to discover who you are. The more resources and access available to the investigator, the easier the task at hand. And social engineering is by far the single most effective tool in this arsenal.

-- Arnie Rimmer (Arnie_Rimmer@usa.net), December 14, 1999.

Your answer can be found at


-- **** (@ .), December 14, 1999.

If you want to know what machines your traffic passes through on its way here, do a traceroute.

If you're using Win9x or NT, open a command prompt and type:

tracert www.greenspun.com

Or, if you're using Unix, type:

traceroute www.greenspun.com

Anything else and you're on your own.

-- Ron Schwarz (rs@clubvb.com.delete.this), December 14, 1999.

Moderation questions? read the FAQ