Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

More on PII and IP addresses

More on PII and IP addresses

  • Comments 1

In a follow up to the blog post from Google arguing against IP addresses being Personally Identifiable Information, I have a couple of more comments.

A couple of months ago we ran into the exact same issue.  While Whitten does make valid points that a laptop user can move their IP address around (from home to the office to the cafe), there is another case. What about the home user that has a static IP address on their home server? Perhaps its reverse DNS is mail.homeuser.com or something like that. In that case, their IP address would not be subject to change and therefore you could, quite conceivably, learn their identity.

That seems to be the situation that the EU is targeting. I don't really agree with it since it only identifies a machine and not a user. A home PC can be infected with malware that sends out spam.  Somebody other than the traditional user could be browsing to a web site.  However, the question is a legal one and not a technical one.  Of course, if it were a technical question, it still wouldn't provide absolute proof of identity, it only suggests it. 

Leave a Comment
  • Please add 2 and 8 and type the answer here:
  • Post
  • "However, the question is a legal one and not a technical one."

    It's hard to separate the two types of question, and Google has no interest in separating the type either.  The sooner the technical problems with exposure of PII are solved the sooner the seemingly complex legal issues resolve.  Fact is that the law need not be settled prior to the commission of a stupidity, just ask FaceBook.

Page 1 of 1 (1 items)