Why is it scary if someone leaks your IP address? (i.e., How does doxxing actually work?)

1.96K viewsOtherTechnology

I am *really* not a computer guy, and this question has kinda been on my mind since I found out about doxxing/IP grabbers ages ago. I didn’t really care too much, since I am not a fan of putting people in danger over twitter like a dickhead, but can someone tell me generally why it’s a serious issue if someone leaks your IP?

Since this sounds as if I’m trying to doxx someone: I’m posting after searching my own IP & I found that most websites pinpointed my address to a different country entirely?? (Still a country next to mines, but definitely more than far away enough for me to care if mines were leaked). Famous people who get doxxed online always move away for safety, so I’m really confused why that is when the website I used to check my own IP address on a bunch of places online at once usually all ended up being a whole country off.

Even though I shouldn’t need to state this outright; **don’t give a step-by-step guide on how to doxx people**. I don’t want to know that. I just want to know why IP grabbing is such a big deal and how doxxing is possible vaguely in a way that forces people to move cities.

In: Technology

40 Answers

Anonymous 0 Comments

The IP in itself, can be used to DDoS someone, which is the process of flooding someone with requests to overwhelm it. This isn’t that bad, and since most domestic IPs are dynamic, your router will crash, reset, and your IP will likely reset. It could also be used to sniff out vulnerabilities in your network, that without the IP they couldn’t have done in the first place.

But used in conjunction with other information about you, it can be used to narrow down your location. If you have a consistent background in your selfies, that can narrow down your location, but without knowing the general area that’s going to be a monolithic task, having an active IP you can ping, you can get a hop 1-100 miles away from you (hot singles in #TOWN NAME# area), which may be enough to track down your street address.

From there you can then use basic details to continue narrowing it down, till you get an exact address (car type/color, domicile type, windows/floor).

Every drip of information, when used in combination, exponentially increases the value of all the other parts, if someone really wants to doxx you. When given to the general public, they’re not of any real interest, specially when in different locations, or for a normal user who doesn’t have that many people interested in them. But when you have 1,000s or 1,000,000s of people interested in you, the chance that just 1 of them is malicious enough to socially hack you, becomes higher to the point of almost a given.

From there, either they can be the stalker type, where they just obtain this information and try to gain access to you. Scary, but for the most part an annoyance. Or they can use this information to maliciously hack/ransom you. Think of all the things that are locked behind questions like address, favorite X, phone number, many different types of information that can be obtained from these social hacking techniques. Before even contacting you, or getting anything directly from you that isn’t just publicly available as an influencer for instance.

Anonymous 0 Comments

On its own, your IP address can be used to figure out your city, or, for large cities, neighborhood, and ISP. This isn’t really that much information, but it does help to narrow down who somebody is. In most cases, your ISP will vary periodically, though the exact rules will vary by ISP, service plan, and even possibly location.

Your IP address is also basically public information – any website or server you access gets it. The only way to hide it is to use VPNs, but, even then, your VPN will know your IP address – its the final server that it gets hidden from.

One important thing is that you likely access multiple services using the same IP address, meaning if your IP address gets leaked across multiple services, I can possibly link those accounts together to give me even more information about you that you might not want me to know. This process is also made even easier if you use the same username across services as then I don’t even need your IP address across the services.

When combined with other data, your IP address can be used for doxing, but on its own, its not enough. Notably, if you give your name (even just first name!) out to somebody and they manage to link that to your IP address, it can really narrow the search down to only a handful of people. With a username that hints at your real name, or just giving your real name on a public forum, it becomes much easier.

>Since this sounds as if I’m trying to doxx someone: I’m posting after searching my own IP & I found that most websites pinpointed my address to a different country entirely??

There are two likely answers:

1. You are using a VPN, which will mask the IP address the website sees. That is basically the sole benefit of using VPNs.
2. You are using a cellular or wifi connection that are crossing locations.
1. This is much more likely if you live near a border or major shipping lane. 5G has a range of about 3mi/5km, while 4G has about 4mi/6.5km

Anonymous 0 Comments

IP address gives away your general location, which narrows you down usually to a 50km radius or less. It doesn’t do much on it’s own but you have to realize that people leak all kinds of “harmless” stuff online.

For example their real first name and some hints about their hair color or such things. Also using the same username everywhere means that your others accounts will be also found, which can include more private information.

If you now combine this with the IP addresses location data then nothing stops the doxxer from searching up places of interests like schools near you (if you are a teenager) where an image of you would be up.

Anonymous 0 Comments

on its own, IP can be used to somewhat narrow down what geographic area you’re in, that’s about it.

Anonymous 0 Comments

If somebody knows your IP address, they may be able to narrow down the rough area you live in, within a few miles.

That *by itself* isn’t too bad, but if you’ve ever posted a picture of your lawn or your house, that’s probably good enough that they can then look up satellite imagery on Google Maps to find out exactly where you live, and now they have your house address.

Anonymous 0 Comments

“IP grabbing” doesn’t do much for most people. The basic attack is DDOS which will disrupt your internet. If this happens, you can call your ISP and they will give you a new random IP address. If you’re playing an online videogame against someone that knows your IP, they could time the DDOS to give them an unfair advantage against you – this used to be very common but videogames have done a better job at not revealing your IP to everyone over the past 10 years.

If you’re running servers at home or hosting videogames, someone could scan for vulnerabilities and, if found, potentially get into your computer – If you’re a random IP address, you will get random attacks / scans that are most likely to be unsuccessful, assuming you update your OS and browser regularly.

The danger is if someone has the ressources necessary, wants to hurt you AND have your IP – they could use more sophisticated attacks like using new vulnerabilities in your OS/browser before they are patched and get into your computer.

Anonymous 0 Comments

Why is an IP address any more dangerous than a URL, which you publish freely?

Anonymous 0 Comments

You don’t “have an IP” – your ISP lends one to you, temporarily and tomorrow they may lend you a different one, or they may keep using the one you have today. It’s not yours, it’s theirs. This often means that “geo-ip” at best gives you a general area, like a city – it’s not an address, it’s definitely not yours. And even that isn’t always right. Depending on how your ISP’s infrastructure is setup, your “global ip” may show up in a different state. You need a time span to be able to force the ISP to show which address used it through a court order – and even when that happens, it’s your address – it doesn’t indicate it’s you.

For DOXXing you need a lot more than this. Your identity online is a lot more than your IP. Standard browsing tells about your browser, the computer you’re using and with standard session cookies you can often extract identity information (not your password). That’s some of the information hackers steal to sell, or worse the web-site you’re visiting sells about you.

So when you get your “signature” from many different sites you can put together a profile of that one computer’s web-sites. That’s what markets and data minors do, sell and why what you think is free, actually costs you quite a bit – your information.

Anonymous 0 Comments

IP address except for very old supposed methods where people would contact your ISP and impersonate a law enforcement officer and get them to give the details of what address that IP address is allocated to does nothing except give a Geolocation of nearby the server your connected to. I knew Cosmo the God who DDoSeD Cia’s Website and VISA’s website went to juvie at around 15 years old and knew of many Doxers and Swatters on Xbox 360. I knew AK47 who jacked the Halo Pros account T2 and GodVLights who stole Major Nelson’s account and other people like Predator and others who also swatted people. Nobody with just an IP address ever did anything that I was able to confirm even people who ran big IRC botnets and swatted and jacked Xbox Live gametags I knew could do anything except DDoS it. There were old methods where you would call Microsoft impersonating someone and with just the Gamertag get support to give you all the billing details attached to the account but last I heard about that was in 2013. People used to also sell swatting services back in 2009-2010ish for only $200-$300 and they had “crews” and they would dox and sometimes swat other people in other crews who claimed they were undoxable. It never was just from an IP address though and most used VPN’s constantly. I was using a VPN on Xbox 360 in 2009 for years being in parties sometimes with those people. I never did it although I did use to DDoS a lot but nothing past that. I was mean 🙁

Anonymous 0 Comments

IP address alone isn’t really a big deal, no one besides your internet service provider knows where exactly that IP address is located. To everyone else, they just know a general area, but not the exact location (for example, for my IP address, google just said it was located somewhere in the city next to where I actually am, and that’s the best a random stranger on the internet will see as well)

Fun fact: there is actually a company that is dedicated to keeping a data base of IP address and there known exact coordinates and it caused a huge headache for the person who happened to live exact center of the US.