IP tracking is simply the logging of the IP address (Internet Protocol address, the number assigned to your computer that lets other computers talk to it) that corresponds to each hit on our site. Pretty much every webserver in the world does this rudimentary kind of logging. Whenever you do anything on the internet with your computer, your computer sends it IP address to any other computers that it communicates with. You can not stop this from happening. When I used the term "IP Tracking" in my email I was refering to the logging which is described in the abuse abatement policy, no more, no less. IP logging is used for several purposes. One purpose is to gather statistics about how a site is used, another purpose is to have some kind of audit/accountability trail to track down those who would crack, deny or interupt service on a server. It is rarely possible to actually find the individual person associated with an IP address but it is often possible to deny access to an IP address which effectively blocks attempts to crack from that location. Some sites (very few sites), including some (but not all) IMC sites have choosen to disable IP logging. This decision was made in the wake of attempts by police to obtain web server logs from the Seattle IMC last year. After much discussion with the tech group, the administrators of groogroo (including myself), and the steering committee a policy was consensed upon that people believed would address the dual concerns of the system administrators (including myself) to secure their system (which is certainly in the interests of the IMC) and the interests of users to not have a record of their IP addresses on the system. The current structure for turning on IP tracking is covered in the website abuse abatement policy which is linked from the front page of the UCIMC site. During this past week the UCIMC (and several other IMC's with which we are coordinating our investigation) has been hit by rapidly posted SPAM messages from a single individual. These messages monopolize the shared resource of the newswire and are not allowed as per our consensed website use policy. When this began the person who was spending many valuable volunteer hours to verify and hide these messages spoke with members of the tech group and with me (the system administrator) about the situation. This took the form of informal discussion among trusted friends, not as an official activation of policy. Under our abuse abatement policy this discussion alone would not have been grounds for activating IP logging, consensus of tech would have been required. During the course of the conversation, however, it became clear that besides simply spamming the site this person was also launching a denial of service attack against the site by repeatedly temporarily disabling the comments posting feature of the IMC software. Once I learned that that was happening I unilaterally made the decision, as was my right by consensed policy, to turn on IP tracking on emergency grounds. The reason for this was that this person by disabling comments had shown themselves to be more than a nuisance but an actual threat to the functionality of the site. We do not yet know how the comments posting feature is being disabled or what is "re-enabling" them. Details (like IP address) in logging is the only way to sort through the mountain of data about website hits to find the cause of this and to fix whatever bug in our software is allowing it. It was very possible that this user was launching other attacks against the sites besides the one we had noticed. By figuring our the IP addresses of this user I am able to monitor any traffic coming from those IP addresses. I am currently doing that. This is not spying. This is making use of information that is sent to my computer in the normal course of interacting with my website. All data that I gather will be deleted within 14 days as per policy. I am also contacting the ISP of this abuser to notify them of these activities. Once I have enough data about what this abuser is or isn't doing I will decide whether a complete blockage of those IP addresses is warranted and I will block that address. I want to take every measure possible to avoid having to actually block traffic from any IP address range. The system administrator must have the ability to make emergency decisions to pretect the integrity of the web server. Just as a staffer at the IMC must have the ability to use a fire extinguisher or call 911. The fact that I as a system administrator spoke with several trusted IMC members to get a sanity check does not mean that the decision was made by that small group of IMC members. The decision was made by me. This decision has been backed up by the consensus of the tech focus group. And full details will be presented to the steering group. When you are connected to the internet there are a lot of people you must implicitly trust and if you do not trust those people you must take explicit steps to protect yourself. The IMC does not log IP addresses but IP addresses still get sent with every request. It is quite easy for me to log IP addresses without anyone knowing, but you trust that I don't and you trust that if I did one of the other IMC community members who co-sysadmins the IMC server would notice. It is quite easy for our ISP (or their ISP) to log IP addresses without us knowing, but you trust that they respect their clients trust enough to not do that. You can use a web anonymizer which is a service that takes a web request for you and then re-submits it, but that means you have to trust the oeprator of the anonymizer and all the ISPs between you and it. On the internet you really just can't hide your IP address, even if you do trust a lot of people. It is quite possibly and highly likely that the federal government's carnivore system is installed on some ISP between you and the IMC's server. So really you can't trust that the government doesn't know what is happening on your IP address. You can only trust that it is nearly impossible for them to process all the data they are probably gathering with carnivore. Now, however, you _can_ hide your identity. An IP address doesn't encode who you are. At most it encodes roughly _where_ you are. If you post from the IMC people who find out the IP will know that the post came from the IMC but they will still not know who made the post. If you post from a lab on campus people will not know which of the many lab users posted (unless you had to log into that lab machine and the same people can also get access to the labs login logs. If you post from AOL then the AOL people might know exactly where you are since they know the phone number you dialed in from, but other people, people operating websites that you access don't have any idea at all because all AOL IP addresses seem to come from the same central location. It all depends on the organizational and technical structure of the organization providing your IP address. A good analogy is telephones. If you want to make an anonymous call, use a pay phone. The IMC is probably bugged (just as our ISP might well have carnivore), your home phone is easily mapped to you yourself by caller id...but they can't track and bug every payphone in existance. I have been a systems administrator of large production grade systems since 1993. The first system I ran was a 2000 user, 4 node unix cluster and an associated LAN with hundreds of network drops and several file servers for a high school. The first lessons I learned were about the massive responsibilities that come with the powers of the system administrator. I learned that even though the sysadmin could read any users email or find out any users passwords that that MUST NOT be done without a search warrant no matter who is asking you to do so. I learned that when looking at potentially sensitive information of which you only need to find some small technical part to fix something, to take off my glasses so it was easier to ignore the text flashing by on the screen. I learned to build a case, to document proof, against site abusers before locking them from the system. I take great pride in my abilities as a system administrator both technically and ethically. I have never compromised the trust that my users have put in me. When policies are available I follow them. When standard internet tradition is relevent I follow it. The IMC has chosen to allow me (and several other IMC volunteers) to be its system administrator(s). I am aware of the respsibility this places on me and the amount of trust that has been placed in me and I am _always_ open to questions.