Like even if they have nothing else they could just leak IP is there any law against it ? Or any technical aspect stopping them ?

  • henfredemars@infosec.pub
    ·
    edit-2
    10 months ago

    An IP address by itself isn't going to let you dox users unless you have access to the databases that map these to the subscriber accounts. Typically, you would need to be an ISP or law enforcement to do this, but you can also purchase this information from a data broker if you know what you're doing.

    With that said, there is absolutely nothing stopping the instance operator from getting your IP address. You're connecting to his or her computer which they own, so they can easily see where you're connecting from.

  • bloodfart@lemmy.ml
    ·
    10 months ago

    Nothing stops them.

    Don’t worry too hard about the ip though, there’s plenty of servers still running versions with insecure pms and that seems like a much bigger problem than ip addresses.

    What are you concerned about? maybe I can help you figure out a way to mitigate it.

      • bloodfart@lemmy.ml
        ·
        10 months ago

        Well, ip leak would be useful for me if I were trying to figure out your general location, the specific edge device that you’re behind or if I were compiling a massive dataset to find a vulnerability.

        In the first case, don’t worry about it. Ip addresses are allocated to the provider and dynamically assigned such that without a huge corroborating dataset or at least a couple of recent delivery records cross referenced to an online order someone can’t reasonably figure out your home address from it.

        The second thing is inherent to the design of the internet, but the danger of someone knowing the ip of the edge device you’re sitting behind can be mitigated by securing that device. The easy stuff would be like turning off web console or snmp on wan, picking a good password, making sure its firmware is updated etc. if you’re forwarding ports or self hosting it gets more complex but that’s how you can make it “okay” that anyone could know your ip.

        The third thing is complex and at this point requires a fundamental change in the way you view computer&web usage, communication and most likely a subscription to some scrubbing service. Sorry, we live in the bad timeline.

        All three can be either mitigated or assisted by the use of a vpn. You have to pay for a vpn, the free options are monetized by bundling and selling the data that goes through them.

        If there’s something I missed or whatever, lmk.

          • bloodfart@lemmy.ml
            ·
            10 months ago

            Get a vpn. It’ll make you less worried.

            The gold standard is mullvad paid for with cash, but lots of stuff blocks their exit ips so if you get pissed off by that, use express or nord or whatever gets high ratings from websites that see if their exit nodes are blocked.