|User Identification question|
| 8:09 pm on Jun 25, 2001 (gmt 0)|
I'm hoping this is an appropriate place to post this question as a favor for a friend.
Thanks in advance.
Below is the information he provided:
Recently I was informed by the moderators of a public web forum that doesn't require a login that they could identify me exactly even though the last two sets of numbers in my IP Address changes each time I dial in and I do not accept any cookies. Are they indeed able to completely identify my machine without a shadow of a doubt?
Below is my computer information.
Thank you very much,
Machine: iMac DV
Processor: G3 400 MHz
RAM: 192 MB
OS: Mac OS 9.1 w/ all applicable updates
Dial-up with Mindspring
MS Internet Explorer 5.0 (2022)
Shockwave Flash NP-PPC 5.0 r41
SVG Plugin 2.0
Other Relevant Software:
MS Outlook Express 5.02 (2022)
| 10:00 am on Jun 26, 2001 (gmt 0)|
If the ip doesn't match, then the only way I know is via an educated guess based on the host name and the browser agent. That is very risky business. Either the site isn't all that concerned about identifying users accuratly, or there is something else they are using. IP, Host, Agent, and Cookies are the only real way you can identify a repeat user. Only cookies are accurate since they are the only data bit that goes to and returns from a machine.
| 12:40 pm on Jun 26, 2001 (gmt 0)|
Thank you Brett.
| 4:07 pm on Jun 26, 2001 (gmt 0)|
The site doesn't use java or other browser site scripting does it?
| 12:32 pm on Jun 27, 2001 (gmt 0)|
I checked with my friend and he wasn't certain if the site uses java etc., but would keep that in mind. He appreciated your input on this and I would like to thank you again for your attention to this.
| 4:10 pm on Jun 27, 2001 (gmt 0)|
> IP, Host, Agent, and Cookies are the only real way you can identify a repeat user
Brett, you forgot log-in :)
But then again that's only usefull for Extranets and would not count in this example.
Also, there are applications that use a more advanced method using data mining modelling where you build user profiles based on all the data you can collect, like behaviour, screen resolution, OS, etc besides the usual things.
I know this, and I know it works, 'cause one of our major clients use it for a very advanced chat system. Users can get kicked out if they don't behave well in there. Some users think they can trick the system, so dial up on a new IP, they reregister again, erase the coockie etc but they soon realise that the system can recognise them :)
If you set up such advanced modelling in combination with a network package sniffer then you can completely cut of any agent or user you want from your servers - maybe not 100% of the cases - but very close to that.