-1

For example if I send an email from my home IP address, people can see my location of where I am when I sent the email. If I used a VPN, and changed the location, people will think my device was in a different place than it actually was but in an email can give away that it was my actual device that sent the email?

edit: let's say I create an email and send an email, or create a website and post on the website, besides my IP address, what else gives away the device/location I am posting/writing from?

I'm sorry, I'm not very well versed in this technical aspect of communication so I apologize if I'm asking questions are unrelated or that don't make sense.

Question:

Let's say I create an email and send an email, or create a website and post on the website, besides my IP address, what else gives away the device/location I am posting/writing from? So someone said that posting on a website and sending an email are very different things, what is different about them in terms of finding out who send/created a blog or email?

I am asking about tracking a specific device and user rather than asking about finding out what kind of device is being used.

Basically the situation is this:

Someone (Person A) created a blog and an email using fake credentials and a VPN. Person A said defamatory things and impersonated another person on a blog. Person B is now suing person A and is subpoenaing the blog site as well as Person A. However even though Person A is used a VPN, is there anything besides the IP address that could be used to identify person A and/or the device Person A used.

user81864
  • 31
  • 1
  • 1
  • 4
  • Why do you think that your home or device IP is attached to the email? – schroeder Feb 11 '18 at 19:57
  • 5
    Possible duplicate of [What IP address is used when replying on an email while using a VPN?](https://security.stackexchange.com/questions/151984/what-ip-address-is-used-when-replying-on-an-email-while-using-a-vpn), [How can I send an email from my laptop anonymously?](https://security.stackexchange.com/questions/166608/how-can-i-send-an-email-from-my-laptop-anonymously). – Steffen Ullrich Feb 11 '18 at 19:57
  • @schroeder I have no idea, I'm sorry if I'm assuming wrong things. I guess a better question is, let's say I create an email and send an email, or create a website and post on the website, besides my IP address, what else gives away the device/location I am posting/writing from? – user81864 Feb 11 '18 at 19:59
  • @schroeder, because sometimes it is. When I send an email, the first "Received" header contains not only my home IP address, but the name of the machine on my home network that I sent it from. – Mark Feb 11 '18 at 20:01
  • @Mark How can I prevent this from happening and what kind of email service do you use? Is there any way I can find out which emails do this and which do not? – user81864 Feb 11 '18 at 20:01
  • I'm assuming that when you say device IP, you mean MAC address right? @schroeder – user81864 Feb 11 '18 at 20:05
  • @user81864 no, I mean device IP, to allow for the case where your mobile device has its own IP on the cellular network. – schroeder Feb 11 '18 at 20:08
  • @user81864, send yourself an email and look at the headers. Virtually any email client has an option called something like "view message source", "view headers", "show original", or similar. – Mark Feb 11 '18 at 20:09
  • @Mark the OP's question is not a bad one. This is why I asked the question. If the OP's IP is not exposed, then there is no need for protection against exposure. – schroeder Feb 11 '18 at 20:09
  • @user81864: are you asking about tracking down the specific device (like hiding a stolen phone) or tracking down the user? Also, sending mail with SMTP is very different from posting something on a web site - in the latter case there are way more ways to track a user. Please limit your question (in the question, not a comment) to your specific case and to what you really fear to expose (device or user). – Steffen Ullrich Feb 11 '18 at 20:11
  • @user81864: this question is still too broad in my opinion. You have examples for web and mail - but like I said, these differs a lot so please limit yourself to your actual problem. Also - what do you mean with "device and user" - is the actual device used really important? And what kind of device is it and how it is connected, a phone in a mobile network, a notebook behind a router... And, who you are trying to protect from: the ISP, the government, some non-technical user ... . Please be as specific as possible. – Steffen Ullrich Feb 11 '18 at 20:51
  • @SteffenUllrich I'm really sorry, I tried explaining the situation as best as possible – user81864 Feb 11 '18 at 21:26
  • @user81864: the latest edit is distinctly different from what you asked before. In this case the question is what the VPN owner and the hosting provider from the blog have for information logged (which is different from what could have been logged) and if they provide these information. For example - it is unlikely that they've tried to track down the real user and log associated information given that it was not clear up-front that harm will be done. In other words - it does not matter what ways would have been available to track down the user but only what data were logged. – Steffen Ullrich Feb 11 '18 at 21:39

1 Answers1

0

If you're using a browser, there are techniques available to statistically identify/fingerprint you via your browser settings (e.g. browser program, language, plugins, time zone, platform, cookie policies etc.) in an attempt to track you. See https://panopticlick.eff.org/.

HTKLee
  • 1,812
  • 15
  • 30
  • is there any website you know that detail how to protect yourself from being identified/fingerprinted via browser settings – user81864 Feb 11 '18 at 22:31
  • @user81864 The only current way to avoid that is to use Tor Browser with its default settings. Every other browser is fingerprintable (even if Panopticlick says otherwise, since it's not very accurate, unlike, say, AmIUnique). – forest Feb 12 '18 at 02:27