Hello FLAGRANT violation of my privacy. You morons.

[bladespark]

When you comment in a community* the community moderators and the owner of the post you commented on can now see your location. Country, state, and city. Which means that people living in small towns who do things like... oh... call out a scammer on their scammy posts, for one example I've seen happen a lot, can now be found. Physically. Where you live. By people who might have a reason to go and hurt them.

You can't turn it off. You can't opt out. It doesn't draw from the fields you voluntarily fill in either, far as I can tell it's pulling the info from your IP address. And it's retroactive so every comment you've ever made in any community EVER now has your real location attached to it.

Bra. Fricking. Vo. Livejournal. Bravo. If anybody gets hurt because of this I hope you get sued into oblivion. This is almost enough to make me leave lj, permanently and for real this time, even though this is my primary internet "home" and social hub.

Morons. What the HELL were they thinking of when they did this? WHAT THE EVERLIVING HELL.

(And yes, I know that by posting people's IP addresses they've effectively been doing the same thing all along. But there is a big difference between "If somebody knows how and wants to go through the effort they can see where you live" and "HERE'S WHERE YOU LIVE FOR ANY IDIOT TO SEE RIGHT NOW, NO EFFORT REQUIRED." That kind of thing puts ideas into people's heads. It begs for abuse. It's just pleading for somebody to do something stupid.)

*Update: Apparently it's not all communities. Since I don't own any communities to test with I'm not sure what settings are required, I'm hearing conflicting answers from different people. There's some protesting going on in the latest lj news post, but it looks like most people haven't noticed the change yet. LJ itself has said nothing at all about this, neither notification it was starting nor defense of it continuing.

Update again: They've removed the feature. And there is a poll (and good comments discussion) about the IP logging here: http://lj-feedback.livejournal.com/16181.html

Update some more: Oh GODS I'm glad they removed this. It told people specifically when you move/go on vacation. Ie. if you post from a new spot it displayed (New location(Formerly Old Location)) That is such a bad idea that I can't even come up with words for how much of a bad idea it is! And it means that you can't retroactively proxy it to fix the problem, as it will then say (proxy location(formerly real location)) WHAT THE HELL WERE THEY THINKING?

Yay, one more update: "Generally, when you run an IP addresses (past and present) through a search engine, it defaults to the largest town within a certain radius, thus preserving some sense of anonymity. What is being broadcasted on lj, however, is much more specific.

In one instance I entered an IP address from location x into a search engine and it showed my location to be ~20miles from x. LJ reported my location to be ~5miles from location x. (And, incidentally, the town lj announces is not even shown on some road maps.)"

From a user's complaint on the well-hidden post from livejournal that mentioned this "feature" in passing. (Which I finally dug out.)

Now will people please stop treating me like I'm some kind of idiot and admit that I had reason to be concerned? Thanks so much.

Comments

[harliquinnraver.livejournal.com]

not. cool. ever. at all. *shakes head* appalling.

[aburamechan.livejournal.com]

:c That sucks, even though I've never lived in too tiny of a city.
This is why I disliked facebook too. But I guess if someone had the time and patience to come find me based on my ip, I would probably be amazed.

[bladespark.livejournal.com]

Yeah, I've stuck to lj and avoided facebook even though many of my friends have moved over, just because of this sort of stupid privacy thing. If lj's going to behave the same way I might as well give up on it and just put up with facebook.

I'm really hoping the next new thing comes along soon. :( And that's it's better than frigging facebook is now.

[ekmahal.livejournal.com]

Could you do me the lovely of PM'ing me what turns up when I comment, hon?

[bladespark.livejournal.com]

I'm not a community, so I get nothing but your IP here. You'd have to comment to a post I made in a community. You can make a test post here if you want: http://cute-plush.livejournal.com/573555.html

[beavisfreak.livejournal.com]

Wow, I had no idea this was happening here. I hope nobody gets hurt because of this. :/

[mariahpixie.livejournal.com]

what! is it just in communities then??? omg that is awful :C

[draggo.livejournal.com]

I guess it's time for the IT dragon to post and networking is his specialty.

Trying to track down someone's physical address through the use of an IP address all I can say is "good luck" because you are really going to need it.

The IP address will definitely allow you to find the datacenter that has the gateway where the data packets leave the non-routable IP address subnets and are then translated to a routable IP address through the NAT protocol.

Something else to take into account is the use of the IPv4 protocol which has a very limited number of valid IP addresses. The various IP addresses used by the different ISPs will have their all of their IP addresses divided into seperate subnets. All of these IP addresses are then placed into a different DHCP pools which are then assigned to individual subscribers as needed.

The DHCP protocol will assign an IP address in the pool of available IP addresses. Then that IP address will be removed until it is no longer being used. In a one hour internet session you might end up going through 10 or more IP addresses without even knowing it.

If whoever is posting using a Static IP it would be much easier to track them down by using their IP address. It would still also be rather difficult to do though. Also a static IP address is much more expensive and are usually reserved for business and enterprise level accounts.

Typically data centers where the IP traffic is routed onto the public internet are usually not in the same city where the traffic is originating from unless you live in a large city such as Dallas. Sometimes the data center may not even be in the same state. That is very common for anything that uses a cellular network.

Regarding IP addresses I could easily get that from a very large number of sources such as email or IM. Also that is nothing new either.

Now if you really want to find out where someone lives there are FAR MORE effective and easier ways to do that. You would be surprised as to what is available through public records.

If you are really worried about someone getting your IP address hiding your own IP address is almost a trivial task. I am not going to give out any instructions on how to do that because it can be technically illegal depending on how you implement it.

Also I am certified in Network Security and working on moving into IT Security right now.

There is a LOT more when it comes to IP addresses.

[bladespark.livejournal.com]

Then how the FUCK does livejournal know where I live to stuff it on all my posts? I don't give a damn about the IP thing, I want "Eugene Oregon" NOT attached to my comments.

[draggo.livejournal.com]

Send me an email if you want it to say something like Moscow, Russia. Because of potential legal issues I am NOT posting it here.

[bladespark.livejournal.com]

I'm not asking you to tell me how to do it. I'm ASKING you how the HELL livejournal knows where I live to begin with.

Also, if you're so sure that one's IP address doesn't tell what city you're in, how does http://www.geoiptool.com/ or the dozens of other things like it work?

[draggo.livejournal.com]

I just tried it and it says that I'm in Frisco, TX which is about 60-80 miles away from where I actually live. These websites are not that accurate in physically locating someone.

I miss my wireless datacard. That thing would cause websites like this one to say I live in some random city somewhere in the US with no effort on my part.

[bladespark.livejournal.com]

Well I guess you're farking lucky then.

[bladespark.livejournal.com]

P.S. I was curious, so... I've shipped to you before, and Frisco is 35 miles by road from your town. Not 60-80. Straight line it's more like 20.

[draggo.livejournal.com]

That was true when I used to live in Richardson. I moved in 2007.

[bladespark.livejournal.com]

I'm using your 09 address.

[bladespark.livejournal.com]

Also, you seem to have completely, absolutely, 100% missed my point. This isn't about IP. It doesn't matter where lj gets the addresses, really. It doesn't matter if they're not completely accurate. The fact is that they are giving strangers that you do not know on the internet, the place where you live, without your permission and with no way for you to hide that information. Even if it's wrong most of the time (which I do not for an instant believe is true, despite your arguing to the contrary) being right some of the time is enough to get people hurt. It's a violation of privacy and it's completely wrong of them to do it.

[pointytilly.livejournal.com]

From what I've heard, people could do worse with your name and full birthday?

Google keeps trying to make my full name public, which bothers me a lot more than my IP, since it's annoyingly unique. Though I also wonder what this feature is meant to do, because when it's accurate it will creep people out, and when it's not it's no help (and the people up to no good likely already know how to mess with their IP).

That site gets me...Brookfield. That's oddly specific, and also on the opposite side of Milwaukee to where I actually am.

[bladespark.livejournal.com]

I'd be more willing to put up with this feature if it were actually useful in any way, shape or form. *nods* Though even then I'm not sure I'd like it much.

Google makes my name public too, but it's my maiden name, and the one I do business publicly by myself, so at least that hasn't personally affected me much. Not that I really love their lack of privacy either, people should opt in to displaying personal information, not have to go to great lengths to opt out.

[draggo.livejournal.com]

Basically your ISP's data center happens to be located in Eugene, OR.

[bladespark.livejournal.com]

Bull honky. And everybody I know who's upset about this also, just happens to have their data center right where they live?

[draggo.livejournal.com]

Livejournal thinks I live in a city that is 80 miles away from where I actually live.

[nambroth.livejournal.com]

I am not clear on what is happening here, and I'm not trying to argue at all, but LJ (and other sites that look at my IP) think that I am posting from a location 93 miles (via car) from my home, which is where my ISP's nearest Data Center is....
But, I also live quite far from any city.

[jordanis.livejournal.com]

You're either out of date or broadly applying something protocol specific. My IP address doesn't change until my cable modem is turned off long enough for the address to be released.

[draggo.livejournal.com]

It's called DHCP. It also depends on how the DHCP server is setup and how long the lease is set for each IP address which can vary a lot.

[jordanis.livejournal.com]

I am quite aware of what DHCP is. Like everyone with more than one computer, I have my own adorable little DHCP server on my desk.

The problem is that you've gone and started exaggerating to make your point. You know and I know that running a DHCP server with that short a lease turnover is a ridiculous way to run a railroad. Unfortunately, you've fallen in love with showing your technical superiority to the knowlessmen by telling them how groundless and silly their worries are. If I had to hazard, I would guess that this is a habit so long-running as to be nearly reflex after a career of dealing with flighty managers and panicky secretaries.

Alas, this is exactly the sort of condescension that invariably drives casual users screaming from the FOSS community: you are calling people stupid for feeling that an issue is, in fact, an issue. In your haste, you are missing the key point: LJ is divulging information about a user that was not previously available without that user's consent. Yes, it's nothing that you couldn't look up before, but LJ users aren't IT professionals. Most of them did not previously know how to do anything with IPs except match them to find sockpuppets, if even that.

Further, you're ignoring the lazy-ass programming that went into this. The information is available to community mods and /the poster/ of the post in question to a community. You know, the poster that someone is calling out as a scammer, con, or liar? It's lazy inheritance of permissions from the parent object without the least bit of thought.

Finally, you're ignoring how normal people think! An IP address attached to a comment is glossed over. An IP address instinctively means something to very, very few people. When a username is attached to 'Bedford, TX', though, the information is automatically and instinctively relevant to anyone reading it. It feels and reads completely different to normal people, and it should come as no surprise to the LJ team that people react differently to it. They are professional developers of a social networking service, and thinking this would fly with normal users (particularly since the users left on LJ are the ones who rejected Facebook's anti-privacy crap) is remarkably nerd-tunnel-vision of them.

[ekmahal.livejournal.com]

This!

(I'd replied to Captain Knowitall above before reading your reply, Jordanis.)

[ekmahal.livejournal.com]

You know, you completely missed the point. Not to mention the condescending tone (I really hope you don't work with end users in your dayjob, because if so I feel sorry for them).

The point is not to pat SPark on the head and say "it's OK dear, technology is complicated!"; the point is that a generally non-IT-savvy userbase are having a previously obscured - because the average joe does not speak IP addresses, or bother doing IP lookups on them - piece of information partially decoded and displayed, without any consent being obtained from them.

Pull your head out of your education and apply it to the real world and real people for five minutes, and you'll see that this is a perfectly valid concern.

[galadrieltypo.livejournal.com]

You're right, it's not all that difficult to pinpoint somebody with just their IP. There are a fair number of websites where you just put in the number and a finger will fall out of the sky and nail you.

[draggo.livejournal.com]

And the best way to fight back against this is to turn this "feature" into a big joke by making it display your hometown as some random city somewhere in the US.

[bladespark.livejournal.com]

....Oh sure. Right. And in order to do that I need those possibly illegal instructions that the average joe has no access to. It is NOT a valid form of mass protest if most people aren't capable of doing it.

[draggo.livejournal.com]

It is free and legal if done right.

http://anonymouse.org/ :)

[bladespark.livejournal.com]

Then what the hell was all your BS about giving me instructions on making my IP report that I'm in Russia? Which because of potential legal issues you weren't going to post?

[draggo.livejournal.com]

Do it manually and you need to have permission from whoever owns the server you are going to be using.

Some large servers are setup for that particular purpose mainly by spammers.

Also I really do not answer a million dumb questions created by id-10-t errors from those trying to do something they should not be allowed to touch at all. (burnout is not fun)

[bladespark.livejournal.com]

And so you couldn't direct ME to the legal option, you had to give me the illegal one?

[rimspace.livejournal.com]

Huh, is this set on a per-community basis, as a couple of communities I'm in appear to show nothing new.

[bladespark.livejournal.com]

Apparently it does depend on the community's security settings, and I believe in particular if they log IP addresses or not. Though I've seen somebody say that he turned off the IP logging on his community and the locations are still showing up, so I'm not sure exactly how it works. I've gone and looked through several of my various community posts though and I definitely see locations, my own included, on the comments.

[rimspace.livejournal.com]

Strange. According to their release notes, the location information is supposed to be "only visible to the journal owner, community owner/maintainers, or author of the entry if it is posted to a community with this feature enabled". Which in itself is moronic enough, but if you're seeing other people's details and you're not the owner of the community or journal, they screwed up implementing the access control on the feature too!

[bladespark.livejournal.com]

No, that's what I meant. I'm the owner of the post in question, but not the owner of the community. Like this post: http://cute-plush.livejournal.com/573555.html

[aurora77]

If someone logs the poster's IP address, they can do a lookup and possibly get a rough idea of where the poster is located. Sounds like LJ went the next step and now does that lookup for them. It's a little creepy, yes, but technically it's not really info they didn't have access to before. Most people just didn't used to bother doing the lookup.

[bladespark.livejournal.com]

Did you even READ what I wrote? To a technical person there may be no difference between an IP address and a location, but to the average joe, to all that stupid but dangerous creepy stalkers out there, the ones who didn't know, suddenly instead of some harmless numbers that nobody really thinks about there's something they instantly recognize. You're now SCREAMING your location to them, Obviously. Clearly. On every single comment, over and over. There IS A DIFFERENCE. Maybe not to you, but to a lot of people out there.

[aurora77]

I did read it, yes. I also acknowledged the difference. It's a difference between someone having making an effort to find out where you are and it being handed to them. The previous one at least gave an illusion of privacy.

[bladespark.livejournal.com]

It's not just "handed" it's rubbing their nose in it. And also I'm seeing a lot of comments from people saying that the LJ location was showing them more accurately than their IP, ie. the IP pointed to a large city nearby, the lj location was correctly pointing to their small town, so something else might have been going on here as well. I don't know. It's been turned off now, so I guess it's all moot.

But it's really frustrating to me that everybody is trying to pat me on the head and say that it's all okay and nothing is wrong with this, and ignoring my explanations of what IS wrong with it.

[bladespark.livejournal.com]

http://lj-releases.livejournal.com/67287.html?thread=4994519#t4994519

Try reading that, if nothing else I've said has made any impact.

[bladespark.livejournal.com]

Oh, and there's this too: "Generally, when you run an IP addresses (past and present) through a search engine, it defaults to the largest town within a certain radius, thus preserving some sense of anonymity. What is being broadcasted on lj, however, is much more specific.

In one instance I entered an IP address from location x into a search engine and it showed my location to be ~20miles from x. LJ reported my location to be ~5miles from location x. (And, incidentally, the town lj announces is not even shown on some road maps.)"

So it was being much, much more specific than IP lookup.

[bladespark.livejournal.com]

I should apologize. I am sorry for my comments being snappish. I'm not having a great week, and this mess was just enough to push me over the edge. I shouldn't be attacking friends.

However, I will say that making this comment, explaining something I already know, and to me at least sounding like you're dismissing my concerns as invalid, is not really something I appreciate. Just because I am not a tech person, that doesn't mean I can't have valid concerns about tech related things.

[aurora77]

I'm sorry you feel that way. None of it is talking down. This is how I would talk to any of my colleagues about it. And I don't understand how acknowledging that it presents info people otherwise wouldn't have made the effort to look up is invalidating concerns. Again, I'm sorry if it didn't come across as intended.

[bladespark.livejournal.com]

"but technically it's not really info they didn't have access to before" and "an illusion of privacy." made it sound (to me, I know I was probably just putting in that interpretation because I was getting so much argument on the subject from other people) as though you were trying to argue that it made no actual difference (on an illusory one) and thus shouldn't be worried about.

[chiscringle.livejournal.com]

I know someone who put a widget in their signature that did that, but only to the people looking at it. So it'd tell you YOUR info. I've never been happy with that arrangement and this sounds like laziness combined with the sort of wide-eyed web 2.0 naivete that seems to plague sites like this. Users should control their own data.