Ed Brayton responds on IP address leaks
Larry, you muddleheaded moron, ScienceBlogs doesn't "leak" your IP address to me, it's logged every single time you leave a comment.
Ed, you stupid fathead, it is a continuous leak rather than an intermittent leak, but it is still a leak.
I have complete control over the content of my blog, including content left by commenters.
That "complete control" was given to you by Scienceblogs software.
And this may come as a shock to you, since while we both inhabit the US you seem to live in fantasy land, but this isn't the UK.
And it may come as a shock to you that I said that I was talking about the UK and not the USA.
Jesus Christ, Larry, how freaking stupid can you possibly be? The 4th amendment is a limitation on what the government can do.
Wow -- this time you did not even use your trademark minced oath, "for Chri-ing out loud." Where is the government mentioned in the 4th amendment? Also, there is no general rule that the Constitution applies only to the government -- for example, private entities have been convicted of violating the 14th amendment that protects civil rights and the 13th amendment that prohibits slavery. One of my favorite Supreme Court rulings -- I wish I had the citation -- is that someone invoking a law need not show that the law was intended to benefit him.
mark said under Ed's post ( March 30, 2007 10:33 AM ),
You mean if I write you a letter, you're allowed to read the return address? There oughta be a law!
A person sending a letter has the option of maintaining anonymity by either leaving out a return address or by giving a post-office box. Also, a return postal address cannot be used to invade a computer.
Also, rules do not easily transfer from one communications mode to another. For example, people can ask to not receive junk telephone calls but cannot ask to not receive junk postal mail.
mah9 said ( March 30, 2007 10:59 AM ),
I'm pretty sure you're not selling this info on to spammers etc, and not using it for any other nefarious purposes (unless Fafarman actually believes that you are cyber-stalking him), you should not have anything to worry about.
Even if Ed Brayton himself doesn't cyber-stalk me, someone else who sees his posting of my IP address might try it -- fortunately I do not have a unique static IP address.
Matt Penfold said ( March 30, 2007 11:40 AM ) --
You are mistaken on a point of UK law. It does NOT matter where you or your blog server are located . . . .
A number of US based companies have fallen foul of this as Europe has tighter controls over the use of personal information held by third parties. Storing personal information on a EU national in the US is a criminal offence in the EU unless explicit consent has been given and the organistion holding the data has undertaken to abide by the principles of EU law regarding data protection.
Well, thank you for that piece of information. So if I were an EU -- or at least a UK -- national, then Ed and Scienceblogs would be breaking the law.
That all said the person complaining is talking bollocks. IP addresses do not constitute personal information unless accomponied by other information,
No thanks this time. For starters, Ed Brayton's posting of ID addresses was "accompanied by other information." Furthermore, if the IP address is a static IP address uniquely associated with a specific personal computer, then that IP address may be used to attack that computer.
Also, Article 2 (a) of the EU's Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 says,
. . . an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity
An IP address -- particularly a static one uniquely associated with a particular computer -- is an "identification number."
. . . . and in anycase posting a comment on a blog would constitute agreement to the data being held.
Wrong -- Article 7(a) of EU Directive 95/46/EC says,
Member States shall provide that personal data may be processed only if:
(a) the data subject has unambiguously given his consent; or . . . (emphasis added)
Matt Penfold said ( March 30, 2007 12:06 PM ) --
. . . the law is intended to catch companies and organisations, not individuals.
The European policies and laws do not distinguish between individuals and companies/organizations.
doctorgoo said ( March 30, 2007 12:37 PM ) --
This guy is so crazy! Almost every time he has posted here recently as "Anonymous", he denies that he's Larry and expresses surprise that his posts keep getting deleted.
But then he goes to his own blog and starts complaining about being banned . . . and thus basically admitting that he is Larry.
That's it -- blame the victims.
BTW, doctorgoo, I don't see you posting under your real name.
Alex Whiteside said ( March 30, 2007 10:27 PM ) --
Unless I'm greatly mistaken, an IP address isn't considered a bit of special, private, protected information by common law or statute in England or Scotland (while we share statutes, don't fool yourself that there's such a thing as "UK law"), or for that matter the EU as a whole. It's like your phone number or a return to sender address on a parcel - as long as someone's not posting it up on the internet and instructing people to letter bomb you, or performing DoS attacks with it, no offense is being commited.
You are "greatly mistaken." A static IP address uniquely identified with a specific personal computer -- and there are some such static IP addresses -- can be used to target that computer for harassment, harm or theft of confidential data. And Ed did post IP addresses up on the Internet.
Beren said ( March 30, 2007 03:00 PM ) --
It's impossible for any upload or download to occur on the Internet without an exchange of IP addresses . . . . in general, using a web site means you are broadcasting your IP address, unencrypted, over publicly monitored communication channels.
Not necessarily -- posting a comment is just a one-way communication and the commenter does not need to give his correct IP address. Also, even if posting a comment were a two-way communication, Article 6 of EU Directive 95/46/EC says that the commenter's IP address should be retained for no longer than the time necessary to complete the communication:
1. Member States shall provide that personal data must be:
- - - - - - - - -
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed . . . .
Anyway, it is nice to know that these folks are reading my stuff.
Labels: Internet censorship (1 of 2)