How to hunt somebody down on the internet – Part 1.

Hunting01

What I’m going to show you here requires no technical skills – anyone with a basic knowledge of surfing the net can do it. What is does require though, is some imagination, patience and a degree of persistence. It’s totally legal and is not hacking, though it uses some of the techniques of the reconnaissance phase of a well-constructed external security breach. The intent is to give the ordinary person some basic techniques which they can build on in their own time. If you do happen to have some technical skills, you’ll be able to add a lot of additional methods yourself.

Some caveats and guidelines before we go any further.

There is no guarantee that you’ll find whoever it is you’re after. To a large extent, success or failure depends on how much time, creativity and effort you’re prepared to put into it. Where it’s come down to a choice between being strictly accurate in a technical sense and clarity, I’ve gone for the latter because of the intended audience, but it’ll still be functionally accurate and I’ll try to flag those points up where required.

As usual with any topic that’s even just a bit technical, there’s always more to everything that’s going to be discussed, but I won’t be diving into an unnecessary level of detail because I want to keep this article clear and uncluttered for the people I hope it will be useful to. Yes, there are quicker and slicker ways of doing some of the things I’ll be demonstrating, but again I’ve gone for simplicity.

I’ve added several links to relevant articles on this blog in the text. Feel free to click them or not, they’ll open up into new tabs, so you won’t lose your place in this article. If you decide to do some hunting yourself, I’d recommend you reading them all. In this area, the 6 P rule definitely applies.

A couple of years ago, I wrote an article about my interactions with a person wishing to play some comment games here under an anonymous name. I went into some detail doing an analysis of each of their comments, but from the viewpoint of picking out grammar tics which could be used to track them down and identify who they actually were. When I’d collected enough of these tics, I unleashed what I called my spiders to crawl the net to find them, which they did.

Before getting into the detail of the methods by which you can do that, it’s necessary to step back and consider the problem from a higher level of abstraction, but even before doing that, there are a couple of relevant misconceptions about the internet that you need to be aware of.

The first one is that whatever you’re doing on the internet is private. It’s not.

The internet is really one giant big tape recorder. Everything you do on it is logged by your internet service provider (ISP) because they’re obliged to do so by force of legislation, except when it comes to the NSA, GCHQ and similar organisations who steal most of their information directly – if you don’t believe me, just ask Angela Merkel.

Everything digital is logged; all internet activity, any email interaction and the same applies to your mobile phone for calls, texts and internet usage. It doesn’t need a specific court order or anything, because everything that everybody is doing gets logged. It’s very democratic like that; absolutely everyone is being snooped on. That’s the reality. Nominally, the only people who can access those logs are law enforcement and the internal and external security services.

Your phone calls, your texts, your emails, your web surfing – they all in the end come down to electronic packets of information shuttling back and forth between computers. Think of the whole lot of them as old-fashioned letters.

Every time you post one, there’s a guard standing by the mail box who writes down your name, the name of the recipient and some details about the content. When a letter arrives at your house, there’s another guard posted in front of your door who writes down the equivalent details of anything coming through your letterbox. If you are a person of interest, all letters will be opened and photocopies taken.

Wiping your browsing history off your computer or clearing the call history on your mobile phone is irrelevant, because all the logging has already been done by the respective service provider at their data center. In the case of serious crime, the first thing law enforcement does is to pull those logs.

It’s an irony of the modern age that the most secure method of communication an ordinary person can use is a hand-written letter posted at a random location to an agreed accommodation address for pickup by the recipient. Despite all the advances of modern technology, it can’t be used to open every letter. Even intercepting them is almost impossible, most especially if someone else is doing the posting or collection for you.

It’s a useful anachronism that many countries still need an individual court order to legally open your mail, and I’ve heard stories of things like a surveillance-aware individual posting twenty letters at as many widely spread locations, timing each posting to be minutes before the box was due to be emptied. Try getting a court order from a judge quick enough to cover that lot before the letter is safely hidden in the millions of others in the postal system. Pulling moves like that is how you wreak havoc on even a good surveillance team.

Anything on a digital medium has to be considered as already compromised, but there are ways around that. A piece of paper as I’ve already said, is obviously immune. The Syrians got within touching distance of completing the construction of a weapons-grade nuclear refining facility before anyone knew a thing about it, by rigidly enforcing the rule that any and all communications about it were to be on paper. The Israeli air force hurriedly levelled it but the lesson was pretty stark. Because of a dependence on high-tech, super-duper technology, a clever off the grid low-tech approach had slipped completely under everyone’s digital radar for years.

Interestingly, within hours of the strike, the Israeli PM sent a message to what passes as the Syrian PM, the essence of which was – if you don’t do the unprovoked Act of War whinge to your Arab brothers, who anyway won’t be that pleased at what you’ve been up to, we won’t crow about penetrating deep into your airspace undetected and flattening your most vital project. There wasn’t any reply, but not a word of the raid ever hit the headlines in either country.

The second misconception is that you’re anonymous while on the internet. You’re not.

Every message between the computer you’re using and the computer you’re communicating with has both a sender’s and recipient’s Internet Protocol (IP) address. An IP address is a number which uniquely identifies every computer connected to the internet. When you click on a link and in response a new web page appears on your screen, the computer that sent it had to know which computer on the internet to send it to. It used the return IP address on your original click message. Using the letter analogy again, the front of the envelope containing any communication has the intended recipient’s address written on it and the sender’s on the back.

There are many techniques, some technical, some physical, to mask your IP address for a while or to ensure that when a back trace has eventually burned through to it, you won’t be at that location. Interesting though they are, they’re not germane to this article, but I would like to talk about them at a future date for a different article on internet privacy.

The big message here is that if you’re considering doing something naughty, don’t involve anything electronic in it. Hunting them down like a mangy dawg is one thing, taking your revenge on them in some criminal way is something you do at your own risk. If you’ve gone to the trouble of exercising imagination, brains and creativity to find them, then using those same talents to redirect their efforts into activities more favourable to you is a bigger payoff. Failing that, I suppose there’s nothing wrong with mounting their head on a stick as an example to others.

Okay, hopefully you’ve now got a context for the jungle we’re about to go hunting in. Final equipment check, lock and load, and in we go.

As a private individual, there are only three broad methods you can use to identify them; their IP address, social engineering and something, which for lack of a term which doesn’t sound like an obscure branch of calligraphy, I’m going to christen Fist Analysis, because that’s actually what it is. FA for short, by the way.

I was tempted to give it the grandiose name of fistology, but I tend to avoid ologies and anyway, it occurs to me that particular name might be open to some pretty rude connotations. Then again, depending on how evil your intentions are, it might actually be quite accurate. I’ll be moving on to what exactly social engineering is shortly, and yes I know, stop calling you that.

If you have their IP address, it usually narrows their location down to somewhere in a general area, which though useful, is not precise enough. If you don’t have their IP address, it’s not an option. If you do happen to have it and can convince a court to compel their ISP to turn over their name because a civil or criminal offense has arguably been committed, you’ve got them.

However, a court order issued by a magistrate in British Columbia to an ISP located in Murmansk will most likely end up in a Russian paper bin. Also, it really doesn’t need much technical expertise to leave a misleading IP return address behind on a one-way communication like a comment dropped on a blog. As no reply to the sending IP address is required, a spurious return address causes no problems. For a private individual, IP addresses are rarely a realistic option.

The second is to use what’s called social engineering, which is just a fancy name for tricking people – in this particular case getting them to give you their name or enough identifying detail to find them. There are absolutely a zillion ways of doing this but they all come down to research, reading the mark correctly and how imaginative and daring you are. The height of cheek works brilliantly. When you get it right, there’s no better buzz.

The method is best illustrated by discussing a few examples of it in action.

For instance, if they’re a real domineering type, join his gang because every bully will always accept the attention of a new and suitably meek follower. Just create your own troll identity and slowly ingratiate yourself as one of their fawning lackeys. Start slagging off the climate criminals, the deniers and anyone else they don’t like, but always wait and follow their lead. I find getting in touch with my submissive female side is particularly successful with those personality types. Even in cyberspace, the faint possibility of a shag works wonders.

Please them, stroke them, be shameless, flutter those Betty Boop eyelashes at them. Swallow your ego, become a lackey, join Henchmen R Us. Take your time, flatter them, wiggle your sweet ass at them coyly while flicking them that old over the shoulder come hither glance. Move slowly towards an off-blog email conversation and they’ll begin bleeding information about themselves.

If you’ve stayed in role convincingly but still don’t have their name, all you have to do is wait patiently for something like their birthday, when you’ll of course want to send them a card or little present in grateful recognition of their sterling leadership against the denialist hordes. Bingo, you’ve got them! Personally, I always send the present because that particular approach is a relatively large investment of time that’s only justified if you want to keep on-going track of someone of interest. If they’re leaking interesting stuff, why blow a good information pipeline to satisfy nothing more than personal pique?

If you read them as some sad angry individual starved of attention in the real world, why not cast yourself as the alpha male, irrespective of whether you’ve got dangly bits or not? Go butch, occasionally throw them a few grudging sugar lumps of recognition and watch them trying to wheedle their way into your affections. If you’ve read them right, you’ll soon have a bingo, and possibly a few presents from a grateful lackey arriving at an accommodation address.

The reverse, a quick frontal assault approach, can work once in a while. Again, it just depends on your reading of them. The angry ones tend to be easy to manipulate. Years ago on James Delingpole’s blog at the Telegraph, a very aggressive troll calling himself Ruari burst onto the scene, challenging anyone who disagreed about global warming to meet up with him for a fight or shut up. If you thought being a skeptic was a tough gig nowadays, you should have seen the pure hatred directed at us five years ago when climate hysteria was at its peak.

After a period of fun taunting him mercilessly so he’d lose his rag, I accepted his challenge, giving him an email address I’d just set up to arrange a venue. He duly sent me a message from his troll email address, which I taunted him for not having sent and calling him a coward. Everyone else, as if on cue, started giving him hell for ducking out of a fight he’d picked. He got so enraged at me (an effect I seem to have on some people) and successive emails apparently not getting to me, the idiot finally used his personal email. Bingo, a name!

Of course I outed the violent little thug and by the time the skeptics there had finished picking over the sad bastard’s real internet life and generally giving him a hard time, he ducked out and back under the slimy rock he came out from under, never to be heard of again. I couldn’t find that exchange at the Telegraph, it was probably deleted when that discussion killer called DISQUS was introduced. If anyone can or has a record of it, please post a link.

It was a pity he bingoed so quickly. I had intended to eventually name a date, time and a suitably remote and desolate location for the big rumble but with absolutely no intention of turning up and every intention of slagging him off for not appearing there. Never give a sucker a break, never mind an even one – always manoeuvre them into the lose-lose zone.

Angry in-your-face trolls like Ruari have no long-term utility, but they’re a good way of sharpening up your quick people reading skills. They come after you hard, so read them, turn them, twist them, burn them and spit them out the other side. Use their anger and momentum against them; it’s internet Jujitsu.

The lesson here is that before plunging straight into more technical methods of locating them, always try to read them, get a feeling for who they are and what they want, and think of a way of utilising it. To do that, you should scour the internet for any and all comments they’ve made. In the second part of this article, I’ll go into some techniques on how you can do that more precisely.

Sometimes when doing the research, the information you’re looking for is found just a few clicks away from a comment they made elsewhere. On hostile turf, they’ll naturally be careful, but on what they think is safe ground they sometimes let down their guard. An example of exactly that was reported by a lady called Creeperoo on this blog. I hope she’ll forgive me for saying so, but she was far from being a technical whizz kid and yet once she read it was possible to find them, she still bingoed the creep once she went looking for him.

The big advantage a social engineering approach has for the ordinary internet user, is that it requires no technical expertise, but it always requires some research, imagination and a slightly cheeky personality.

Despite my best intentions, this article has already comfortably cruised through the three thousand words barrier and is still heading north, so I’m going to cover the fist analysis approach in the next instalment, but I’d like to leave you with some overall thoughts and a few guidelines on using social engineering.

Everyone is always en garde against a frontal assault, so they focus on that axis of attack. What they are rarely prepared for is the unthinkable, because by definition it actually is unthinkable. Never go after them with a tomahawk from the front, but rather something totally out of left field. Get in close, wiggle yourself into the protection of their closed ranks through any available chink in their armour, become a virus floating along in their bloodstream which they’ve long ago ceased to notice. Think the unthinkable, plan carefully, do the preparations and when you’re ready, be resolute in execution.

If you’re a regular visitor here, you’ll probably have realised by now that I’m fond of using the method, but usually for longer-term objectives or the occasional bit of fun or devilment – though which is which, take your pick. Breaking through a troll’s anonymity undoubtedly has a momentary satisfaction, but its effective exploitation over a few years pays bigger dividends. It’s usually slower than the fist analysis approach but when that fails, it’s always my reliable fall back.

To do it successfully, you absolutely have to get inside their head. That’s vital. If you can’t do that, you’re unlikely to succeed. Do your homework, take your time, read everything of theirs you can find. Study them, see the world through their eyes, find a way to love them. Mull it all over and when you’ve done all that, a natural approach usually suggests itself.

Then you have to use your intelligence, imagination and your keyboard to weave a beguiling but false reality for them, one you’re sure they’ll really want to believe in. It’s a sort of courtship. If you’ve read them accurately, they’ll fall for it because they want to. Late into the relationship, they might even begin to vaguely suspect, but they won’t want to know for sure. By that stage, you’ve got a lot of ammo on them and they’ve actually got nothing on you. You own them.

If you take on a persona, then maintain their legend, not only the broad details but the continuous day-to-day evolution of their life, their travails, their ups and downs as well as the obvious mechanical things such as setting up their own email account. Be them, live them online but never ever link them electronically to yourself. They are your cut-out. If it all goes pear-shaped, you should be able to just walk away from them at a second’s notice.

If they don’t take the bait, it’s because you’ve misread them or been clumsy. Dump the approach persona, go back to researching them and after a few months take another pass at them.

If this all sounds vaguely like espionage, that’s because it uses the same deceptive elements and some basic internet tradecraft, but we’re talking the subtlety of John le Carré here, rather than the shoot the Baddies approach of the James Bond fantasy.

Be safe. Your intention should always be to get nuggets of information out of them without ever giving them a single damn iota of useful information about yourself. If you realise you’re the one bleeding information, get out of there – they’re playing the game better than you.

At its heart, this piece is about empowering you. You do not have to endure malicious, aberrant or anti-social individuals persistently spoiling your enjoyment on the internet. It’s up to you. They are findable, you yourself can do that, and once found, even the merest hint of naming and shaming them is enough to rid yourself of them forever.

Be careful, but do give it a try and happy hunting. Let me know how you get on.

©Pointman

Part 2 of this article is here.

Related articles by Pointman:

Anatomy of a computer hack.

Moderating, trolls, soup ladles and Ethics.

Social engineering as a long game.

Social engineering as a short game.

Intentions, profiles and predictability.

Let’s be safe out there.

Click for a list of other articles.

 

 

 

Comments
31 Responses to “How to hunt somebody down on the internet – Part 1.”
  1. brennan says:

    Interesting post Pointy, looks like this could be fun.
    Some years ago I worked for an investigator and learned a lot about tracking people and finding out information about them. This was when the net was in it’s infancy, so it was all leg work, bluff, bravado and determination, but finding the person or the information we were looking for was a buzz.

    I look forward to reading the rest.

    I like the graphic at the top too: two of my favourite movies there.

  2. philjourdan says:

    Excellent – you have learned well young Jedi!

    One exception to your logging story – if YOU are the ISP (or you work for them in the critical area), you can cover your tracks pretty effectively.

  3. Wijnand says:

    Hi Pointman,
    Found your blog by accident and got hooked. Very enjoyable, thank you!

    In the above piece I love the link to judith’s where you have toyed with that incredibly annoying Joshua who soils every single comment thread of Judith’s otherwise excellent blog, constantly pulling Judith’s ponytails hoping for a response – which never comes – or derailing the thread with quasi intellectual word games and arrogant put downs.
    I am actually surprised to see you hinting at the fact that he is a she, unless I misunderstood?

    • Pointman says:

      Hi Wijnand,

      Look at their last comment in that exchange. Not many men are prone to leading the verbals with a “male identity issues” attack but women with Daddy figure problems often do. On balance and for some other reasons, I’d say Joshua is a Jane. The fact that someone so fixated on me went silent immediately I raised the suspicion, is enough confirmation for me.

      P

      • Wijnand says:

        Hi Pointman,
        Haha yes I was thinking the exact same thing when she went silent after your “Jane” comment…

      • Jens says:

        A good article. I look forward on the next part. What were the other resons?

      • Pointman says:

        Hi Jens,

        The other reasons aren’t anything you’d take to court but they’re indicative.

        For instance, “Joshua” has been literally commenting for years on Judy’s blog, mostly fixated and venomous barbs against its author or anyone daring to give her support. It nearly verges on stalking.

        The most vicious critics of successful women are usually other women who’ve rationalised their lack of success because of being a poor little woman being discriminated against.

        P

  4. M Simon says:

    On the “no direct approach” . B.H.L. Hart called it “the indirect approach”. His book “Strategy” deals mostly with military affairs but he also touches on politics which is germane. I highly recommend it.

  5. M Simon says:

    The prototype for Bond was Georgi Rosenblum/Sigmund Rosenblum/Sidney Rosenblum/Sidney Riley. He was quite adept with the ladies. His last move got him killed.

  6. hoppers says:

    Poimtman,

    Would be very interested to know if climate change enthusiast trolling was in decline. I have no way of confirming this myself, but you would presumably have a handle on it.
    I ask, because after the brief and noisy outrage at the repeal of the carbon Tax over here, I’m getting this weird feeling that the alarmists may have shot their bolt.
    All seems strangely calm.
    Are we in the eye of the storm I wonder, or close to breaking through?
    On the other matter, it has been at least 7 years since I last made a comment on the web that I would not happily stand by. I use my primary email address, you can find me any time you want.
    This is the way it should be. Defacing another persons property (their blog) is downright disrespectful.
    In saying that, Troll hunting sure does sound like fun! Look forward to part 2.

    • Pointman says:

      Hi Hoppers (doesn’t sound right, does it?),

      I share your impression that climate trolling has been steadily declining. It’s indicative of a movement that has lost popular momentum. Looking at the hit rates of alarmist sites, they’ve all been going south for the last few years – which probably explains people like Willy Wiki abandoning their moribund sites to go trolling around the skeptic ones to drum up some business.

      My opinion of the anonymous aspects of climate commenting are in the “be safe” link in the piece above. Just last week, an employee of a fracking company had their house fire-bombed by green “activists” – it’s still a dangerous business being a skeptic, and while that’s a risk I’d be prepared to run, it’s not one I’d ask my family to share.

      P

      • hoppers says:

        I should add that I only comment on blogs I like and trust, so I have no fear using my real email address. I read the others, but never comment on them. Were I to decide to, I also would need to consider a safety first approach.

      • philjourdan says:

        which probably explains people like Willy Wiki abandoning their moribund sites to go trolling around the skeptic ones to drum up some business.

        Interesting observation. While the number of trolls from alarmists may be down, I have noted, as you did, that the number of name brand alarmists trolling other blogs has increased. Specifically Nutty, Apple and Wiki Willy. They are popping up on blogs they have never been to before – and invariably, they spam links to their own work

  7. PaleoSapiens says:

    Domo arigato, Vielen Dank, спасибо (Spasibo->Spasiba), Pointman. I couldn’t spot a woman with ‘daddy figure problems’ even with it tattooed on her forehead and dancing…in front of me.

    Same goes for the technical aspects of tracking down someone on the Internet. You’ve opened up an ocean of knowledge to discover…

  8. nofixedaddress says:

    Hi Pointman,

    I will probably leave the tracking of trolls/disrupters to yourself and others that have the patience to track them BUT I appreciate that you supply this information along with your other internet focused articles.

    Much appreciated, thank you.

    In the thread at Judith Curry I was pleased to see the reference by Beth Cooper to “Heretical Thoughts about Science and Society – an essay by Freeman Dyson” (http://edge.org/conversation/heretical-thoughts-about-science-and-society)

    I was reminded of an address to the 1974 Caltech commencement class given by Richard Feynman that he titled Cargo Cult Science and if you haven’t read it then I thoroughly recommend it.

    It is the final article in a pdf booklet that can be found at http://www.chem.fsu.edu/chemlab/isc3523c/feyn_surely.pdf which is titled Surely Your Joking, Mr. Feynman. (there is a book available on Amazon as well)

    With your leave I will provide this quote,

    “But there is one feature I notice that is generally missing in cargo cult science.

    That is the idea that we all hope you have learned in studying science in school–we never explicitly say what this is, but just hope that you catch on by all the examples of scientific investigation.

    It is interesting, therefore, to bring it out now and speak of it explicitly.

    It’s a kind of scientific integrity, a principle of scientific thought that corresponds to a kind of utter honesty–a kind of leaning over backwards.

    For example, if you’re doing an experiment, you should report everything that you think might make it invalid–not only what you think is right about it: other causes that could possibly explain your results; and things you thought of that you’ve eliminated by some other experiment, and how they worked–to make sure the other fellow can tell they have been eliminated,

    Details that could throw doubt on your interpretation must be given, if you know them. You must do the best you can–if you know anything at all wrong, or possibly wrong– to explain it.

    If you make a theory, for example, and advertise it, or put it out, then you must also put down all the facts that disagree with it, as well as those that agree with it.

    There is also a more subtle problem. When you have put a lot of ideas together to make
    an elaborate theory, you want to make sure, when explaining what it fits, that those things it fits are not just the things that gave you the idea for the theory; but that the finished theory makes something else come out right, in addition.

    In summary, the idea is to try to give all of the information to help others to judge the value of your contribution; not just the information that leads to judgment in one particular direction or another.”

    Cheers
    NFA

    • Pointman says:

      Hi NFA,

      Thanks. The Feynman book you linked to. “Surely Your Joking, Mr. Feynman”, is one I’d heartily recommend to the average reader. It’s an intriguing mix of his early youth, interests, his contributions to science, lock picking, taking up residence in a strip club, learning to play a musical instrument, a very understated account of losing his young wife whom he loved deeply and so many other things. A totally enjoyable read and a peek inside the mind of a mercurial but modest genius. He always had his feet firmly on the ground.

      Click on that link and enjoy!

      P

    • Dreeber says:

      I bought the hard copy of that book many years ago but I didn’t know it was available as a .pdf file. Thanks very much!

  9. Geoff Sherrington says:

    Pointman,
    See if you are clever enough to find my IP and email me if you succeed at sherro1 dot com dot au

    • Pointman says:

      Hi Geoff,

      As you might have gathered from the piece, I put little store in IP addresses. There’s a lot more to IP addresses that constitute the techie detail, but because they’re so easily misleading or cloaked, they weren’t worth diving into. They’re rarely worth pursuing and I myself go to some trouble to always provide the same static, but misleading one.

      And I do know how to pick an IP address out of an email header …

      For instance, an IP address may be dynamically assigned by your ISP, which means it changes every time you log into the net, the person may be war driving, on a burner smartphone, using an internet café, a simple proxy server or software like TOR to mask their true IP address. If people don’t know what any of those things are, don’t worry – they’re irrelevant to accomplishing the task at hand.

      I’ve no problem with people protecting their IP address, I do and I think it only prudent.

      P

      • Geoff Sherrington says:

        Hi,
        Sorry for being late to reply. Illness has intervened.
        Pointman, I really like your style. Think of me as a fan.
        The test I proposed above was really a try-on, to see what sort of responses would come out of the woodwork.
        Apologies for my fooling around.
        Your response was careful and considerate, thank you, and the fan status remains.
        Keep up the good work Geoff.

      • Pointman says:

        No problem Geoff,

        Given my sense of humour, it’s only fair and I do know when someone else is having some fun with me. It did give me a chance to drop a few techie buzzwords, which I cut from the article that the curious can google, for which I thank you. Hope you’re feeling better. I did though leave a hint for you further down.

        P

  10. Colin says:

    Interesting read pointy. A couple of questions. How do you look up an ip address, why isnt it precise?

    • Pointman says:

      Hi Colin,

      Ranges of IP addresses are assigned for the exclusive use of various ISPs. If they used each others IP addresses for their own clients, chaos would of course ensue. You can sort of look up a particular IP address in a central database (whois), but the best you’ll find is it’s one of a range owned by an ISP.

      If you click on this link, it’ll note the return IP address on your click and if you click on the “Lookup IP Address” button there, it’ll display some general information (eg you live in Melbourne) on your IP. If you happen to have their IP address, you simply type it in to get the same general info.

      P

  11. stan stendera says:

    Naughty Pointman teaching people how to hack AND how to protect themselves.

    On another topic. I am really interested in writing something you might be interested in posting.

  12. Anon says:

    I’ve always thought that (if I wanted to) open wifi at shopping centres (etc) would be the ideal solution; purchase a traceless wifi enabled phone, walk through the shopping centre, send the email from your pocket – obviously writing a comment /email would be a bit trickier, but with auto send when in the wifi zone one could just walk through (with hundreds of others) and away it goes. From a security camera point of view, your phone is invisible in your pocket, you are identical to the other persons walking through. Basically a modern form of letter-drop. Heck, you can keep both hands exposed. Or have I missed something?

    • philjourdan says:

      You have eliminated the static IP and carrier (ISP), but there are still issues. #1 is you have to have a legitimate email address from someone. Which can be traced back to your home or at least your phone. A little harder, but not too difficult. 20 years ago, you could simply use your device to send mail, but most mail carriers will reject mail that is not authenticated through a reverse look up now (it is an anti-spam safeguard).

      So when the message comes from 123@abc.com, abc.com will know everywhere you signed on to the account (GMail and Yahoo now show you that stuff for free – so you know they can share it). But even if you set up the email during one of your strolls, the MAC address of your phone is captured when you connect to the Wifi. And phones are not traceless (there is just the non-contract ones, but there is still a record of your purchase, and the MAC address designates who made it).

      Bottom line is you can make it harder to track. But everything and everyone is trackable on the Internet. Just look at it this way – all those “Anonymous” hackers who are more savvy that the whole lot of us put together – still get caught. It just takes longer.

      • Perhaps not anon. says:

        Good points; a further question.

        Assuming the phone is stolen / obtained at a dodgy pawn shop, the phone is anonymous; it’s only connection to the ‘outside’ world will be the wifi. The creation of a gmail account will tie the phone to the email account/address, and will thus tie in with phone/address/wifi access times, dates, data sent/when and where [within a 200m or so].

        However no one knows I own or have the phone….correct? There is no sim in it, and I am walking through the shop with 300 other people. Sure, they know the phone is using the wifi, but who is using the phone?

        You can match wifi -> phone -> nasty email. But how can you electronically match me to the phone? [Fascinating topic…thanks]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: