Can a web site tell who I am?

When you visit a web site with typical web browser software such as Mozilla or Internet Explorer, your software does not normally volunteer any information that can be used to identify you directly. Your email address is notgiven to the web server. Your web browser does hand over the following information:


1.Your current IP address. This is the address your computer currently has assigned to it on the Internet, and looks like this (just an example): When you dial out and connect to your ISP, you are assigned a temporary IP address, and your address typically changes again when you call in later. Your IP address can only be used to identify you if your ISP chooses to cooperate with the investigation, which they may be forced to do in a legal proceeding. Under the USA Patriot Act and the DMCA, the government can force companies to hand over such information, and even before those laws there were already cases of ISPs handing over such information in response to a subpoena. Your ISP’s records can be used todetermine who called into what account at what time, and what address was assigned to them during that time.


Some users do have “static” (unchanging) IP addresses, which run a greater risk of revealing your identity.


2.The page you came from, known as the “referring URL.” This is a useful convenience for webmasters and does not normally compromise your privacy, as the site still does not know who you are. There are products available that will block reporting of this and other information, however.


3.Miscellaneous information less important to your privacy, such as the name of your web browser software.


4. Cookies. Web sites that wish to know whether the same person has returned again another day have the ability to set a user-identifying “cookie” which is recorded by your computer. In theory, this is harmless because the site only knows that you are the same person, returning again — not your name. However, the trouble begins when you give your true identity to one site that requires cookies. Now, that site does know your real name, and they can pass this information to other sites you visit, which can then set a cookie of their own to establish their own lasting awareness of your actual identity.


These are the pieces of information that are given out under normal circumstances. Security bugs in your web browser software can be another source of potentially serious privacy problems. When a serious security bug is found in a web browser, it can be explited to run any program on your computer.


Taking the following steps can enhance your privacy:


  • Read the privacy policies of web sites before giving them any personal information. Remember, however, that companies can be acquired, and the acquiring company may not be bound by the privacy policy.
  • Install security fixes for your browser. Always obtain these directly from the organization that created your browser! In the case of Microsoft Internet Explorer, make sure you are using the free Windows Update service. In the case of Mozilla and/or Netscape, I recommend keeping up with the latest stable version available from
  • Set your browser to ask first before accepting cookies. In some cases you may need to go ahead and accept them, but most sites will let you in without them.
  • Use a personal proxy server that strips out as much identifying information as possible.
  • Consider using a public anonymizing proxy server. Of course, this is not perfect. As of this writing you can find a useful list of such proxy servers at the multiproxy and anonymous proxy list site (warning: fairly annoying ads).
  • Use a proxy server shared by many members of the same organization, giving them all the same apparent IP address; make sure this proxy server is configured to log no information at all.

Of course, there are many other ways to compromise your privacy on the web, but these also apply to traditional off-line businesses. Giving your personal mailing address, email address and phone number to a company that later goes bankrupt and sells its assets, including its customer lists, is a common way to find yourself on many new unwanted mailing lists.