As they say in the real estate business, some things in life are all about "location! location! location!", and when browsing the web, yours is represented by an IP address - a number that is one of the fundamental building blocks of the internet.
What is an IP Address, and why should I care?
An Internet Protocol Address, or IP Address for short, is a unique identifier that is usually assigned to your device(s) by your Internet Service Provider. Just about anything and everything that’s connected to the internet has an IP address. This article aims to provide you with a better understanding of what it is, where it came from, where it’s going, and why you should care.
In an Age long past, the Internet was born
The origin of TCP/IP as we know it dates back to the Internet Program Protocol Specification document put forth by DARPA in 1981. In it, the basic structure of the internet is described as such:
“a name indicates what we seek, an address indicates where it is, and a route indicates how to get there”
In the context of the modern internet, the name refers to domain names (.com, .net, .org, etc), the address refers to the IP addresses that the domain names point to, and the route describes the underlying physical and virtual networks that tie the millions of devices on the internet together.
Cracking the Code: What an IPv4 Address looks like
Traditionally speaking, an IP address is a 32-bit number that points to a unique machine on a network. It is formatted as four 8-bit fields separated by periods, with each field representing a byte of the IP address. The first two fields represent the unique number assigned to your network and the type of network it happens to be. The last two fields represent information unique to the host, which points to the particular device the address is assigned to. So to illustrate, depending on what sort of function it serves, your typical IPv4 address will read something like:
192.168.0.1
or
64.233.191.255
This type of 32-bit addressing is a part of the IPv4 standard, which is fast running out of available addresses due to the limited number a 32-bit number scheme can provide - but more on that later.
The Many Flavors of IP Addresses
IP addresses are further categorized into four types:
Public IP addresses are accessed over the open web, and direct users to websites, email servers, file servers, etc. By default, these addresses belong to the IPv4 standard, but due to the increasing number of devices and limited supply of addresses, IPv6 is now used alongside it in most large scale networks.
Private IP addresses are limited to localized networks, small and large. Your router at home, for example, will interact with the internet via a single Public IP address that your ISP provides, while creating a local network full of private addresses allocated to all of your devices. This flexibility is achieved via a technology known as Network Address Translation (NAT).
Dynamic IP addresses are assigned to devices for a specific amount of time, be that a few days, weeks, or even months. Most IP addresses handed out by ISPs usually fall into this category. Given the limited number of IPv4 addresses available for usage, Dynamic IPs are more practical when it comes to managing large amounts of clients/devices who are all clamoring to get online. Dynamic IPs are assigned and managed via the Dynamic Host Configuration Protocol (DHCP).
Static IP addresses are simply IP addresses that are assigned to a device or a user on a relatively permanent basis. These addresses do not change hands unless the user or the network initiates it manually. Most ISPs do not assign these to users by default, or at all, due to the costs involved.
The Dwindling Supply of IPv4, and the Rise of IPv6
The default assumption when anyone is speaking of IP addresses is that what is being discussed is an IPv4 address, the 32-bit addressing system I elaborated on earlier. Due to the rapidly increasing number of devices on the internet, IPv4 has come to the end of its line; the 4.3 billion unique addresses that it can generate have all already been assigned or are being recycled, and due to the limitations presented by the 32-bit addressing, no new addresses can be generated.
To address this situation, in 1998 the Internet Engineering Task Force (Marvel, are you listening?) released a new addressing system better suited for a growing internet, known as IPv6.
Unlike its predecessor, IPv6 uses a 128-bit addressing system, which results in a massive 340 undecillion possible addresses. While that number may sound borderline fictional (it's not), contained within is the very real future of the internet as we know it.
Unlike IPv4’s purely numerical addressing method, IPv6 uses a hexadecimal system (encompassing numbers 0-9 and letters A-F) with an address represented by eight groups of four characters separated by colons. As a result a typical IPv6 address will look like this:
2001:0db8:85a3:0000:0000:8a2e:0370:7334
There are various methods by which certain IPv6 addresses can be further simplified, but this remains the standard format.
IPv6 adoption on the web is a gradual and ongoing process. In most cases, the two protocols co-exist in a symbiotic fashion, though the migration to IPv6 has been accelerating in the past decade or so. As per Google’s IPv6 Stats, when it comes to adoption rates across the world, France leads the pack with a whopping 66.73%, with India (63.12%), and Germany (61.21%) rounding out the rest of the podium. In North America, the US currently finds itself at 46.19%, with Mexico (42.31%), and Canada (33.79%) trailing behind.
Your IP Address is a Master Key to Your Life
Having explored the past, present, and future, let's consider why you should be concerned about the IP address you're using right now. As with phone numbers, quite a bit of information is directly linked to the IP you're assigned by your network provider. If that provider happens to be a Residential ISP or a Cellular Service, then personal information also comes into play.
Obtaining your IP address is, generally speaking, not that difficult. Bad actors can do this by setting up malicious hotspots that capture IP addresses and network traffic, examining records of public or private wireless hotspots, hacking into your router, examining email headers, or even posing as someone in need and asking to borrow your device.
Once your IP address is obtained, openly available networking apps and online resources can be used to dig further. A look through the WHOIS database will usually return info such as the assignee’s name, phone number, and even civic address. In the same vein, a Reverse Lookup can provide a computer name, domain name, and subnet information that can help someone figure out your actual location and the types of devices you may be using.
That, of course, is just the tip of the proverbial iceberg. Using the aforementioned info, someone can then begin to build a personal profile of you based on online services that you’ve subscribed to, websites you visit and interact with, and your organizational affiliations (workplace, school, etc).
But wait, there’s more! If the attacker actually manages to compromise a device and gain access to it, it can then be used to monitor your activity to harvest sensitive information (banking info, usernames, passwords), leading to hijacked accounts and electronic theft. Suffice it to say, compromising information in the hands of unscrupulous strangers is never a good thing.
Keeping it Secret, Keeping it Safe
A common misconception that a great majority of users unfortunately fall victim to is the belief that their apps and devices are inherently secure. To the contrary, in the age of commodified usage data and relentless tracking, user privacy is the last thing on the mind of most app developers and device manufacturers. Even the smart bulb in your kitchen is likely sending data harvested from your Wi-Fi network to a random server somewhere in the middle of China.
So what's a user to do in the face of overwhelming intrusion? Well, I'm glad you asked!
Changing your router's default password and ensuring that it is running the latest firmware and has a functioning firewall is a great and easy first step. Tweaking the privacy settings of all the third party apps you use is essential, since quite a few of these apps are quietly harvesting data their users are entirely unaware of. Using 2 Factor Authentication for every account that supports it is recommended, and so is locking down your phone's operating system privacy settings (I'm looking at you Google!).
When it comes to defending your IP address, your best bet is using a VPN. By encrypting your traffic and replacing your assigned IP with an entirely different one, a VPN protects your neck, and lets the world know that you are not to be messed with.
Most VPNs will allow you to join their network via an app on your device for 24/7 protection, and most good ones will also allow you to connect via a compatible router, so that all the devices that access your WiFi hotspot are protected.
Now, since we're a VPN, and you're reading this on our spectacular blog, you might be inclined to believe that we'd rather you use Windscribe. Well, you'd be right!
But whether you go with us or someone else, the fact remains that being unprotected online is a bit like skydiving without a parachute, or surfing without a surfboard, or, well, you get the picture. My colleague Rebecca has written at length about choosing the right VPN for your needs, so give it a go, and make sure you never get caught with your pants down (again).
