Moderator Concern...

LPCap,

What Curtis and N.A. said is not really outside of their scope of authority on this website. Also, it has been stated repeatedly to not say too much about your company. For someone like me, I post from my personal computer, so they really could not use that IP to easily track me to my employer. Another thing, employers could also do the tracking themselves. How many of you know whether or not someone in your own company's hierarchy are involved with the moderation on such sites? I would be willing to bet that few really know. I am also pretty sure it would take more than the word of a moderator on a website forum to get someone fired. If you keep records of what you type, or have access to it, you can CYA as well. Seems like we really don't have much to worry about.

Every website you visit has your IP information, should they choose to view and access it. Every site admin who has access to your IP address also has access to Whois. That isn't down to SIW, that's just how the Internet works.

Thank goodness, the honor system has more or less worked for a majority of webstes until now.

The Internet is like a public men's room. You hope like hell it's private, but anyine can see you going in and out. It's extremely usefull, and can be an immense relief when you find what you came for, but it smells bad no matter how much air freshener they spray, and much of it is too disgusting to look at. If you don't take the proper precautions, you can get a nasty virus. Your mother would cry if she ever took a close look at it. And, for goodness sake, wash your hands when you're done.

Well, it's not QUITE as public as a men's room. I don't go into the men's room and throw my wallet on the floor so anyone who wants to can look at my driver's license, nor do I have to give my address and phone number to the attendant before I can use the facilities. The fact that I have entered the men's room IS public information because anyone can see me, but otherwise I enter and leave completely anonymously in terms of my private personal information.

While it is true that the IP addresses of visitors are available to site administrators, I too was a little disturbed that a moderator would use the IP address for any reason other than to deal with misconduct or a violation of the rules. In fact, it was used here merely to satisfy the moderators' curiosity, which is a lot like a police dispatcher using NCIC to check up on her neighbors, as far as I can see. You do that, and say goodbye to NCIC access.

The fact that the moderators did not disclose this information to the rest of the forum does not excuse the fact that they themselves abused the IP information, any more than the dispatcher would be excused because she was nice and didn't tell anyone what she found on NCIC. The individual who was posting did not disclose the name of her university to anyone voluntarily (say, in a PM) or in any other way consent to disclosure EVEN to the moderators.

I think we do need some better policies in place, and NCIC policies are probably a pretty good place to start as to what is "authorized" use of the privileges of moderators, and the specific permissible reasons (likely limited to specific misconduct, etc.) that would make it appropriate for a moderator to "snoop" on forum members in any way.

I'm sorry if this offends any of the moderators, but in my opinion this was inappropriate.

^ this is what I should have said, instead.

I agree. Police departments are audited to ensure that NCIC access is justified and the penalty for abuse is up to 2 years in prison where I live.

Whenever people start "investigating" other people because of a difference in opinion, we are well on our way to a police state.

Could we get an opinion from Geoff/Administrator?

Being an administrator for several years on another site I think that what was referred to was a simple WHOIS trace of the an IP address that will only give you a general location then through simple deduction a knowledgeable person may know of a security co. in that area. A few years back you could get more personal info but those days are long gone unless you want to pay $30.00 per look up. BTW anyone can use a WHOIS. http://www.dnsstuff.com/ If you know someones IP. Hope this helps.

I will openly admit that I am my no means a computer or I.T. expert and despite asking about IP addresses I still can't grasp it (tell me something about psychology and no problem LoL).

I trust that the moderators on SIW have NOTHING but the best interests in our security in mind, case in point; the few "trolls" that have been nailed and booted off the site.

I personally have made it a point not to say exactly where I am located or who I work for, though there are a very small number if members here that do know as I volunteered such to them in confidence.

Just as we are on the lookout for 'bad guys' they too are on the lookout and the ummm "better bad guys", at what they do or more organized, will do their intel on our properties and ourselves as well. Perhaps I sound paranoid, but Id rather be paranoid than fired for saying something that would affect my employer and end up affecting my job.

If you have nothing to hide, you have nothing to fear. I wouldn't doubt for a moment that people aside from our moderators are looking us up here too and monitoring conversations I.E. Government security agencies... And no I do not put tinfoil in my hat either, I just think I would monitor a site like this if I was in that position...

I also think that any person new to this site should be looked up, some may hate me for saying that, but I want a place where security professionals and those aiming to better there own careers can chat among themselves. As I said before, If you have nothing to hide, you have nothing to fear.

This in NO means was intended to offend any poster/comrade in the business.

Why did that posters IP address need to be looked up? Give me one legitimate reason as to why research into that poster was called for.

If there is a legitimate reason to look up an IP addey by all means do it, but arbitrarily looking up an IP and broadcasting that the person is at a university is uncalled for. What is to stop someone from contacting that university (where the IP will be tracked back to the workstation that person uses) and directing them to the post where the campus security is criticized?

To the posters who have nothing to hide, post your real name, where you work and what city/town you live in.

I think it is in our and our clients best interests not to post exactly where we live or who we work for in some cases. It is a matter of what the poster is comfortable with.

Exactly, so why should someone else be allowed to research and potentially reveal our identity when we want to remain anonymous? The OP did nothing to warrant an investigation.

I had to read over the thread so it took some time. But it sounds like the OP was seriously concerned for their and there faculty & students safety, Bravo to her for that she stood up and made some good points.

But back to this thread, I don't think the moderator, with all due respect, should have mentioned what he did in regards to looking her up. Sometimes things are better off left unsaid.

Phoenix was someone who came here for assitance, which we should be willing to give if that makes people safer, yet we have had some on here with other motives weather it be to start Sh*t and play us up which recently turned into great fun with one in particular I.E. "N (rhymes with T-wheazy)"... Or others just sniffing for info.

Here's the chain of events of what actually happened:

I happened to be on the site when Pheonix posted. It did not sound to me like Phoenix was part of the security community. (supposedly a requirement for participation on this site). I clicked on the ISP address to see what showed.

In fact, her college ISP address showed and I immediately recognized the university. I then went to the university web site to see if Pheonix's concerns were real or perceived. Turns out she may have some cause for concern and responded to her - and made the statement that I would not reveal the university or location. For me to do so would of been unethical.

I, at times, click on ISPs as I'm interested in what part of the world people are from. It's as simple as that.

That's it - no conspiracy, not even a little one and viewing an ISP is not an investigation, as one member has suggested.

I respect the concerns of those who posted regarding the desire for privacy. Many people here don't want just anyone knowing where they work or live.
Personally I don't share those concerns. While I appreciate discretion and try not to come here and outright bash my empolyeer or coworkers I also don't attempt to be anonymous. In fact, I have posted my website URL and have shared my resume with several members here to polish it for upcoming job searches. One poster even remarked, "You're certainly not in the witness proection program". True.
I treat the internet sort of the way I treat my radio hobby, as Ham radio as opposed to CB. That is to say, with CB radio you can be anyone or nobody. You can create a "handle" and speak for years with no indication of where you live or who you really are. With Ham radio you take an exam, are licensed by the government and are issued a Call Sign. You use your call during every conversation on the ham radio bands. Anyone hearing you can access various databases and obtain your full name, mailing address and other information which you had to provide when applying for your license.
I assume that every site I visit is moderated by someone who can view my IP address. I assume that, as much as we may desire to hide our personal information, there will always be a way to learn these things.

Steve

I would be thanking our mods for their assistance as most forums have been attacked by spammers, bots, trojan heads and just plain bloody idiots. You do need to protect your employment and may say "I work at a hospital in Texas" - ummmmm Texas has more than 1 hospital. But at the same time, cookies and other things are recording your information on where you go and view during your internet usage so you have things tossed at you in pop-ups.

When I was working for a government agency, the amount of **** traffic sent from senior management to 1st line staff around the place including women, was incredible. Personally this should just be a sackable offence (no appeals, no 2nd chances) as these are supposed to be the key masters and set the examples so using anything in work time is not a right but a luxury and I would not be displaying everything I have for others to read at work.