This is more a privacy question but I could not figure out a forum for
it.
Given that one can track IP addresses of people that visit a website,
and given that IP addresses of all mail, including Usenet posts, is in
the header, is there an automated way of checking all Usenet posts by
IP address? To see if a particular poster who visited a particular
website also posted certain messages on Usenet or elsewhere? This
would be done by the webmaster of the website visited. Is there a
program to do this? Not manually, which anybody can do, but a
software program.
Don't mix websites with email with Usnet. They are different protocols
with different characteristics.
Every modern NNTP server, or Usenet server if you wish, supports the
use of the "NNTP-Posting-Host" header, described in RFC 2980 and other
RFC's. This was finally implemented widely because of the history of
forged cancellation messages by the cult of scientology. (No, I'm not
kidding, loolk up the history of alt.religion.scientology and forged
cancel messages and Usenet spew by cult members trying to bury a
newsgroup.)
This is *NOT* the IP address of the sender. It is the IP address of
the NNTP posting hosting host, which may be connected by any client by
any means that server accepts and may display no record whatsoever of
the connecting client. But it is the host that first submitted it to
Usenet, accoriding to the handling by all other NNTP servers. But it
is enough to do a lot of backtracking to the site that is hosting the
abusing spammer or canceller or troll, and it's been helpful
I recall years ago some stock forensic accounting firm working with
the US SEC developed some kind of software--or was it off the shelf?
You can't backtrack material, even with voodoo tools, if the
intervening hosts didn't record the data in the message or in their
own system logs where you can access it. Few sites bother to keep such
logs, or react kindly to requests for such information, especially
without a warrant. Of course, if you're the NSA, you can just place
illegal but federally forgiven taps on the nation's fiber-optic
backbones. (Look up the AT&T fiber-optic tapping case: it was nasty.)
that's my question--that allowed you to tell, by comparing IP
addresses as well as sentence syntax (sentence syntax is difficult, so
it was probably a custom program) who (by IP address) posted what on
various penny stock bulletin boards and chat rooms. Then they were
Bulletin boards are not NNTP. Like Wiki's, they typically have logs of
the incoming connections and their IP addresses which can be read, or
if necessaary their traffic can be sniffed. Once a Usenet message
message gets to you, though, those connections have been broken and
may be very awkard to track.
NNTP does suffer from header forgery, but the NNTP-Posting-Host has
been very helpful in reducing abuse: it allows tracking back to the
host that accepted the message, or at which the header was forged,
pretty effectively.
able to subpoena the internet provider to find out the real world
identity of the particular person who had that IP address assigned to
them on a particular day of a certain posting (assuming it was not a
permanent static address).
Getting such a subpoena is pretty awkard: I've tried, and was told not
to wast the time of the otherwise friendly law enforcement if I was
not the person suffering demonstrable monetary loss over a pretty
generous limit. (It was $30,000 over 10 years ago, I'm sure it's
increased since then.) They wouldn't be able to justify the manpower
and the subpoena.
