>I dunno. I think I have a pretty good guess of who 192.159.10.227 is, or >at least who it was as of 14:35 -0800 today.
Well, let me ask you you think 171.70.120.60 is. I'll give you a hint; at this instant, there are 72 of us. Here's another question. Whom would you suspect 171.71.241.89 is? At this point in time, I am in Barcelona; if I were home, that would be my address as you would see it, but my address as I would see it would be in 10.32.244.216/29. There might be several hundred people you would see using 171.71.241.89; One of the big issues with the Tsinghua SAVA proposal in the IETF is specifically the confusion of the application layer with the IP layer. They propose to embed personal identity into the IP address, and in that there are a number of issues. Internet Address != application layer identification. What we can do with IP addresses is conclude that the user of the machine with an address is likely to be one of its usual users. We can't say that with 100% certainty, because there are any number of ways people can get "unusual" access. But even so, if one can show a pattern of usage, the usual suspects can probably figure out which of them, or what other "unusual" user, might have done this or that. That is the model forensic analysts follow. And the address is personal information to the extent that it limits the set of usual suspects to a set that includes you or I.
