Link to home
Start Free TrialLog in
Avatar of nickg5
nickg5Flag for United States of America

asked on

Fully explain how IP data can be embedded in an image?

I see this quote:

"digging for IP data (embedded image on a link) posted on some website.

This implied that data that can identify an IP address is embedded in images.
How does this work and how to avoid being identified.
Businesses and the like often have a need for anonymity.
SOLUTION
Avatar of ktaczala
ktaczala
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
This actually depends on the full context of the quote.

IP can mean either Internet Protocol (what you are thinking of); or
IP can mean Intellectual Property (like the exif data that ktaczala posted about).
Avatar of nickg5

ASKER

IP address...
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of nickg5

ASKER

It was written exactly as shown above.
It was in the context of person A not wanting to be identified by I/P address.
I wondered how images can contain such data.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of nickg5

ASKER

"digging for IP address data (embedded image on the link provided). Here are the links (without further tricks)."

That is the quote.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
No, I was digging for IP address data (embedded image on the link I provided to C-D).

If that is the correct statement you are looking at, from the Topix forums, then I believe you are reading it out of context.  He is not talking about IP addresses in an image.  He was talking about finding an IP address (and posting the image) for another poster on the forum.
Or are you talking about the fact that servers get your IP address for every file you download from them and display in your browser?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of nickg5

ASKER

If that is the correct statement you are looking at, from the Topix forums, then I believe you are reading it out of context.  He is not talking about IP addresses in an image.  He was talking about finding an IP address (and posting the image) for another poster on the forum.

Yep that is it. They took pictures or screenshots on that site.
Several people said their account had been terminated for one reason or the other and of course they go back with proxies.
If proxy's and IP addresses, when combined with "images" is not anonymous then that is what my question was about. IP address data imbedded in images.
http://www.topix.com/forum/who/THJMDHGTVNOF8CJL9/p244#c10198 Is that the link? If so you can't track someone down reliably this way, the forum or system administrators of ANY site can see your IP address, they don't need it embedded into an image, and if you login with an account you can suspend/delete that account with no need for the IP, you can ban an IP but it's pretty much useless since you can proxy or get a new ip from the isp in no time.
I am going to unmonitor this question now...
-rich
Generally, when a proxy is used, all web page content (HTML, CSS, Javascript, images, etc.) is downloaded via the proxy IP address.  However, some proxies set a HTML header which identifies the original IP address (namely X-Forwarded-For).  In terms of images, I'd take into account the experience of the author making the statement, perhaps they are speculating without any real technical data to back up their comments.  I would ask for proof before you assume anyone here is misunderstanding the "threat", especially those who perform penetration testing for a living.

Going back to your initial quote:

digging for IP data (embedded image on a link) posted on some website

This infers a web server log file somewhere revealing the IP address.  I say "somewhere" as it's possible a given page is vulnerable to XSS attacks, is part of an ad network, or otherwise permits an image to be embedded which is hosted by the attacker, or a server the attacker has access to.  Once the image is downloaded by the client the attacker reviews the log to see the IP address of the requesting client/proxy.

I am going to unmonitor this question now...

I second that...
Avatar of nickg5

ASKER

I find that an odd statement since businesses with business licenses have to publish their addresses.  Advertisements usually include addresses too.  What kind of business doesn't want to be found and identified.
...........I've seen two questions on EE in recent days that said their company used a proxy. Proxy is not a "criminal intent" tool.

Or are you talking about the fact that servers get your IP address for every file you download from them and display in your browser?
..............maybe, most people who post on that website post weblinks. The person who made that comment stated in my question is quite knowledgeable about the subject matter of that comment. Their comments have been noted before and don't appear to be talking BS.

You un-monitor ones appears fearful to discuss proxies and why they are practical to use for many reasons which you fail to recognize as practical. Multiple questions on here in recent weeks asked by other EE members stated their company uses proxy. And they are not selling drugs or counterfeit money.
Avatar of nickg5

ASKER

Unmonitor is a tool to avoid answering a question. Typical for this site.
Why do they even offer grades B and C.
Why not A only.
1. No one here asserts proxies are only used for "criminal intent"

2. To digress further, it's unlikely a criminal with nefarious intent would "register" with accurate identifying information as they clearly would want to avoid prosecution.  So yes, legitimate businesses would register with legitimate contact information to ensure their own profit.  I don't see any opinions expressing the contrary.

3. Regarding URIs (e.g. links), the target would need to click on the link in order to be identified.  Of course once the link has been clicked, the web server hosting the target page would reveal the IP address of any requesting client.  This wouldn't be constrained to images, but again any HTML code, javascript, image, etc. being served by the server.

4. Your interpretations are possible interpretations and not the truth, so long as you remember that much upset can be avoided in your own life.  If I have fear it's of using my time unwisely.  You seem set in your way of thinking and not particularly open to being contributed to (again a possible interpretation and not necessarily the truth), hence my decision to unmonitor this thread.  Put another way, I don't see an effective exchange and acceptance of ideas taking place, rather digression and counterproductivity.

All that needs to be said has been said.  Good day and good luck.
I find that an odd statement since businesses with business licenses have to publish their addresses.  Advertisements usually include addresses too.  What kind of business doesn't want to be found and identified.
...........I've seen two questions on EE in recent days that said their company used a proxy. Proxy is not a "criminal intent" tool.
Your response does not appear to have anything to do with my statement.  Proxies are used for many things other than hiding you identity.
Avatar of nickg5

ASKER

Correct but when people ask questions about proxies, people run for the hills.
Just search other proxy related questions and answers are quite sparse.