Left Bay’s Musings on the Media

Searching for answers in sales and marketing

Archive for Internet Security

How private are IP addresses? YouTube says “very,” but…

The Wall Street Journal recently ran an article titled “Court Order for Viewer Data on YouTube Stirs Privacy Concerns.”

The gist of it is that Google (YouTube’s parent) has been ordered turn over log-in names and IP addresses of its YouTube subscribers. Viacom, which is pressing a copyright case against Google, is seeking the data to help prove how often its copyright-protected content helps draw users to YouTube. Which in turn helps make Google money.

Google originally resisted turning over that info, saying it would allow Viacom to “likely be able to determine the viewing and video uploading habits of YouTube’s users.” Well, no duh! But now that the ruling has come down, Google has tried another tact: It has asked Viacom for permission to obscure info that might help personally identify YouTube users.

So what information is so sensitive?

It’s the login names of YouTube users, and when that’s not available, it’s their IP addresses and “cookies” that YouTube captures from each user.

IP addresses, for those that don’t know, are numbers that are assigned to each user by an internet provider, like Comcast or a DSL company. Sometimes the IP addresses change at some interval — those are called “dynamic” — and sometimes they’re “static.” Some IPs can’t ever be linked to individual users because they’re in public places, like a library or internet cafe, while others are assigned to companies and corporations.

The judge in the case says most users don’t use their real names when creating accounts. And IP addresses can’t easily by themselves be used to identify individual users. Viacom, for its part, says it will handle the data in a “highly confidential matter.”

The big question: Can an IP address be used to tract activity on the Internet that users think is private?

My take: For the most part, no. It’s a piece of the puzzle, that along with cookies, country of origin, user-agent hash and other identifiers, helps an investigator identify an individual user. But that’s just the point — it’s a piece. When tracked — which practically all companies do with their logs — it’s a piece of our privacy that’s given up so we can have access to websites.