How anonymous are you when you subscribe via RSS?


Earlier this week, I wrote about subscribing to a blog or webzine via feeds (sometimes referred to as RSS, although it comes in other flavors as well.) One commentor, Steve, disagreed with my analysis that the subscriber is anonymous.

So let me pull apart the pieces of the issue.

1) Is your IP address anonymous when you subscribe to a feed? Technically, not at all. If you subscribe using a web service like Bloglines, your IP address comes through to the web analytics as a “referral” from Bloglines every time you engage with the blog. If you read feeds with software like Thunderbird, the blog or ezine owner can always put a picture in the feed which your computer has to go out and pull off his server and when he evaluates his server logs, there is your IP address. (I always think this is the reason that Avinash starts every post with a picture of a flower. It is his tracking beacon. But I am just speculating.)

2) Just because someone has your IP address, do they have your identity? Sometimes, it’s not that hard to figure out. Lots of times, it is very hard (and I would venture, sometimes impossible. But the commenter, Steve, has done forensic web analytics and I never work to figure out who someone is because I’m not part of the CSI team. Notice that even he said, “It depends.”)

3) Does it matter if someone has your IP address?Probably not in the context I was setting up. Remember, I was pointing out that you don’t have to give out your email address when you subscribe via a feed (still true and still a nice benefit.) And you can unsubscribe without hurting the author’s feeling (still true, because the author won’t notice that your IP address doesn’t show up the way he would if you send in a “Please unsubscribe me from this email list” request.)

Robbin Steif

Our founder, Robbin Steif, started LunaMetrics in 2004. She is a graduate of Harvard College and the Harvard Business School, and has served on the Board of Directors for the Digital Analytics Association. Robbin is a winner of a BusinessWomen First award, as well as a Diamond Award for business leadership. In 2017, Robbin sold her company to HS2 Solutions and has since retired from LunaMetrics.

  • Avinash Kaushik

    Robbin: I wish that I were that smart, sadly I am not quite smart enough to “beconify” the post pictures. : )

    I love taking macro pictures of nature and have hundreds of them and the blog is my way of showing them off. No one has so far offered me a second career as a professional photographer. : )

    PS: In the whole IP address debate one other important thing to consider is the impact of DHCP. Neither at work nor at home do I have a static address. Most ISP’s (I was a DirecTV Broadband for a couple years) will charge extra for a static IP address so most people don’t choose that option.

    So on paper if you and I are on the same ISP you could have my IP in the next hour (less likely of course since you are in PN and I am in CA :).

    And I wonder what happens in this case when I am on my blackberry in HI?

    Ahhh… the complications of tracking!

  • Anonymous

    Avinash: love the pics. I had no idea they were your own? At risk of going photo nerd, are you working with film or have been dragged kicking and screaming into digital?
    Personally I’ve stuck with film for landscapes (slides and b&w), and digital for family pics. 3yo’s move so *fast*! 🙂

    DHCP is a funny thing. Like I said originally: It depends. 🙂

    The ‘D’ isn’t all that dynamic on most networks. There’s a lot of variables involved, but generally you won’t actually change IP addresses on a work style network. Possibly ever.

    Mainly depending on your sysadmins config of DHCP, the “lease” of an IP address is held for a period of time for you by the server – as well as your PC. So unless the dhcp server runs out of addresses for other people, it won’t need to change. Even between reboots.
    I’ve had the same DHCP address @ work for over 4 years.

    Your broadband style connections tend to work in a similar vein. Again it depends.
    When I first got an ADSL connection a few years ago, I had the same IP address for a year or so, until I chose to go static.

    Dialup isn’t like this at all. That’s more like: Dial in now get address A. Hang-up, dial again, get address B. Which could even be *wildly* different to A.
    I’ve seen it change to route out of a completely different state.

    I could go into the details of network addressing and such, but basically you can’t change address … easily while connected (Actually that’s not correct, but I’m struggling for the words here.. 🙂 ). Imagine you’re listening to.. oh I don’t know.. say a podcast by a celebrity analytics type. 😉
    Imagine what would happen if the address changed half way thru. Basically, you’d have to start again.

    So it’s not a normal occourance.

    Keep in mind that the RIAA, MPAA and other organisations are able – with some false starts – to successfully bring suit against anonymous music and movie sharers.

    Somthing like TOR makes it as near as impossible to track someone as we can effectively get. But it’s not exactly in widespread use.

    The trick from an investigatory side is to recognise that people leave tracks in multiple places. Email, Web sites, and so on. Use them all.
    One good friend who has quite serious concerns with stalkers and such, deliberately bounces all her email out via another friends server: in another country. Where the connection to same is encrypted and her original connection is stripped from the email headers.

    When you’re working down to a detailed investigatory level, you are more typically able to work both within and external to an organistation.
    That gives you access to all sorts of extra goodies. Eail server logs; Intranet logs; WINS & DHCP logs. Possibly internal intrustion detection systems, and network accounting trails – this last being what ISPs use to charge by volume style of thing. You can even use snmp to query network switches and sometimes reveal interesting tidbits.

    If you’re coming from behind a corporate firewall some other issues like NAT can make life harder to find a “person”. But you can still, possibly, get all sorts of tracks left behind.

    The part I personally find fascinating about all this is that there is a huge correlation between analytics of the type under discussion; and the more forensic/investigatory style analysis.
    In both cases you’re looking for patterns, understanding (well to a degree… 🙂 ). And typically the same sort of cost/risk benefit that you should apply to any business process.

    I should correct one minor detail – I haven’t done “forensic web analytics”. I’ve done IT Forensics. Of the type used as an expert witness, or to ensure sufficient evidence to satisfy process for staff removal and so on. This can mean detailed investigation of a single PC; or it can mean detailed investigation thru all the logs one can get your mitts on, across a global corporate network.
    Typically it helps to have multiple sources of verification. So that’s when you may use external references to back track someone. Or even to go the other way – from an external reference find the person. Harrassment cases can start this way.

    eg. I had one situation recently where a person was being online-stalked by an individual. One particularly *foul* comment was left on their website. Amongst several others just as nasty…
    The individual in question had tried to be clever and proxy their request, failing to realise that their original IP address was also passed along as part of the proxying headers and was logged. Their choice of proxy server was quite revealing too.
    Following the two addresses and using tools like dig, tracerooute & whois, I was able to identify a great deal of information about possible persons. Even down to suburb level. From that one could attempt more obvious overt methods – is there a web server at that end IP address? What does it return on a deliberate page not found request?
    With all that, and further evidence from other sources, a fair amount of information was able to be passed to the appropriate law enforcement agencies.

    Apologies for the length, but hopefully you can see the similarities between the fields. Certainly many of the concepts are the same. If better presented in web analytics. 🙂

    Robbin, your summary point tho is spot on. For the vast majority of cases it doesn’t ever matter about your IP address. To do the investigation I mention above was around 3-5 hours of solid work. Excluding the documentation phase. Possible, but surely unlikely, to expend that level of resourcing to find out who’s subscribed to a feed. 🙂


  • Avinash — I am in Italy! And you are so right about the Blackberry — just think, I am in a little Internet cafe in Rome. But there are some interesting Italian laws that I will write about wrt the Internet. Tomorrow. (I miss having the time to read *your* blog but my spouse thinks I should be spending my time at the Sistine Chapel and not on the Internet….)

    Steve, you should convince CSI that they need to hire you as a consultant. Really. If I had not just lost all power and this comment a few minutes ago, I would go back to find the post I did in February where CSI Miami resolves an IP address into an email address. They need someone with real IT forensic skills like you.


  • Avinash Kaushik

    Steve: On pictures, have been all digital for a while. It is interesting but I started with early digital cameras working myself up to early digital SLR’s as my needs increased. But after two kids I have been on a down curve, back to point and shoot. 🙂 I have a Sony DSC-H3 now.

    You obviously have done the networking things just a tad bit more than I have ! 🙂 Actually my comment for ISP and DHCP came from my work at DTV and when we started selling static IP’s the government forced us to switch IP’s at x amounts of times (obviously not in the middle of the session). This was to comply with statutes around false advertising.

    But you have illuminated a lot more possiblities around tracking that I was not aware of. Thanks. 🙂

    Robbin: Blogging is addictive. I am working on my latest post right after the kids fall asleep tonight. 🙂

  • Anonymous

    Avinash: I suspect I finally caught the photography bug in a big way when I first saw one of my B&W prints appear like magic in a tray of developing solution.
    That’s just a little too amazing. 🙂

    As my SLR’s are all Pentax, I’ve not felt such a strong … tempation to convert to a digital body. Too many lenses to start all over: too big an emotional attachment to my 135/2.8 🙂 The pentax digital slr offerings just haven’t grabbed me.

    Network? Yeah I’ve done a bit. [insert understatement here]. Debugging individual ftp packets and flows thru multiple layers of firewalls, so you can identify which vendor needs a major bug report, can be rapidly illuminating to understanding.

    Not to mention headaches. I used to dream of a problem that the Ops staff would send my way that could be solved in less than 2-3 days of staring crosseyed at monitors filled with hex dumps.

    “… comply with statutes around false advertising”.

    Wow! That’s a little overzealous on their part. Different countries, different rules I guess. I’m not aware of any such ruling here (Aust.). Hmm. Just checked a friends domain – he runs it off his “dymanic” ADSL connection. It hasn’t changed since early May. Implying his IP address has been stable for nearly two months – even tho dynamic.
    Shrug, You live and learn! 🙂

    No worries with the additional ideas, only too glad to assist. I’ve learnt heaps from your blog. One earlier posting being widely dispersed at work. Seems only fair to return the favour. 🙂


Contact Us.

Follow Us



We'll get back to you
in ONE business day.
Our Locations
THE FOUNDRY [map] LunaMetrics

24 S. 18th Street
Suite 100

Pittsburgh, PA 15203


4115 N. Ravenswood
Suite 101
Chicago, IL 60613


2100 Manchester Rd.
Building C, Suite 1750
Wheaton, IL 60187