I know what the web people are using the logs for. Most of the stuff they could likely do without an IP address.
If we have performance issues, a drill down might be performed when the right people are involved. And in a few cases we have located some low and slow attacks and ended up blocking IPs. Usually 1 or 2. So it is crucial for operations to pinpoint specific IPs for say a month. I also know, that the Bluetooth MACs used for traffic mapping are hashed with a key that changes every 6 hours to provide anonymity. But here there is no need for the specific MAC. Telecoms are tracking tourists phones and selling the data. Anonymous of course. But selling info on hotel used, and tourist destinations visited. This is abuse and overstepping any privacy expectations. But an IP address is different. We can’t map it to a person. The legal system can map it to a physical location unless that location has shared WiFi, VPN or is a tor exit node. I have all 3. I see the abuse if my son surfs on Fortnite sites and I start getting fortnite ads. And he gets lawnmower ads. Then somebody assumes more from an IP address than they can do with any certainty. Last attack we tracked down to 2 IP addresses. Same city. Different Chrome on OSX. Same C net. We could then use these 2 IPs to find their interests. Newest iPhone. And see a Samsung galaxy visiting women’s fashion. This together with the IP and port number was something the engineer at the police where happy about. Would make it easier for them to talk to the criminals. We were not able to find any physical person or address. And we will not know about how the case goes before we are awarded damages after conviction. But the police engineer has repeated that they want as much info and background as we can get them. We don’t send armed police in confiscating everything here in Denmark. Often it is just a friendly knock on the door and a talk/confession. _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
