Helping people with computers... one answer at a time.
Instant messaging programs often do not actually connect directly to the other person. Even when they do the IP address doesn't tell you much.
I recently joined a Website for "Singles" which allows instant messaging between interested parties. I was warned by one of my friends that there are people on this website who have multiple profiles. These people could IM you using one profile today and another profile tomorrow.
My friend suggested that one way of knowing for sure whether these two profiles are two different people or the same person with two profiles, is to check their IP address when the IM window opens in front of you.
Does that work?
Having said that there are a couple of very rare exceptions where you can kind of, sort of, maybe tell. But not really.
Let's look at how this all works and why the IP address tells you pretty much nothing.
To begin with, you didn't say which IM service is being used. There are of course many possibilities including MSN Instant Messenger, AIM, GTalk, and others. In addition, your dating site may well have implemented their own IM system - it's actually not that hard.
The single biggest problem with IP addresses and most instant messaging services it this: you're connecting to the service, not to the person you're IMing.
It looks more like this:
When you create an instant messaging conversation, you're not connecting to the person you're talking with at all. Instead, your instant messaging program connects to the servers that are used by the IM service. When you send an IM your message is sent to those servers, and then from those servers sent on to whomever it is you're IM'ing.
In fact, let's look at the IP's in use when I have a conversation with an MSN Messenger user. Using TcpView during the conversation I see the following connections associated with my IM client, Trillian:
If I then use the whois lookup at arin.net to see who owns the IP addresses involved, I find:
220.127.116.11 - is owned by Yahoo (Trillian is configured to include my Yahoo account)
18.104.22.168 - is owned by Google (Trillian is configured to include my Google Talk account)
22.214.171.124 - is owned by Microsoft (Trillian is configured to include my MSN Instant Messenger account)
126.96.36.199 - is also owned by Microsoft
188.8.131.52 - is owned by AOL (Trillian is configured to include my AOL Instant Messenger account)
184.108.40.206 - is also owned by AOL
Nowhere in there is the IP address of the party to whom I'm speaking. (To confirm, that "other party" is my wife's place of business, so I know what the IP address would be should it have been visible.)
Now it's easy to say that "most" IM clients connect you through their servers, but it's also true that some do not. In fact, some instant messaging services allow you to establish a "direct connection". I believe that AIM allows you to switch to this type of connection, and some other services such as Skype actually often operate this way natively in some configurations after the connection has been made.
So let's assume, then, that using TcpView during an IM conversation you're able to capture the IP addresses used by your IM program, and one of these represents a direct connection to the person you're messaging.
What can you tell from this IP address?
Pretty much nothing. Still.
They could be behind a router or proxy provided by their ISP. This means that any number of people could "appear" to use that same IP. There's no way to tell which user that is(*).
Similarly, they could be behind a router or proxy provided by their school or place of work. Once again any number of people could "appear" to use that same IP, and there's still no way to tell which user that is(*).
They could be behind their own router at home as I so often recommend. Any number of machines could be behind that router, and there's no way for you to tell which machine you're conversing with.
And finally, even with the IP address of a specific machine or location, there's no way for you to tell where that machine is located(*). The best you can do is identify the ISP that's providing the internet connection to the person you're conversing with.
(*) Yes, there is a way to tell exactly what machine is represented by an IP address in most cases. But you can't get it. You need the cooperation of the ISP that provides that other person's internet connection, and that typically requires a court order or other law-enforcement involvement.
So unless you can convince law-enforcement that they should get involved, even having the IP address tells you pretty much next to nothing.
You simply cannot rely on an IP address to mean the same person. IP addresses could be shared, and you can't even imply that an IP address changing means that the person has changed - IP addresses could be reallocated. While you might be able to make some broad generalizations; for example if one IP resolves to an ISP in the United States, and another resolves to an ISP overseas, then perhaps it's not the same person. But then again, to someone really dedicated to hiding his or her identity, even that can be circumvented.
Bottom line: don't read anything into the IP address until or unless you can involve law enforcement. It's just not a reliable enough indicator.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.