How to be an Internet private eye

This content is 15 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

This post makes me slightly uneasy… most of the information is taken from a presentation I saw recently – so I would like to give credit to the original presenter, except that he specifically asked me not to.  The reason for this is that he’s not a lawyer, and he was worried that perhaps some of this advice may not be legal in certain jurisdictions.  I’m not a lawyer either, so I’ll make a statement up front: I think the activities suggested in this post are legal in the UK (where I live), but I’m not qualified to give advice on this.  Before carrying out any of the actions in this post, it may be advisable to check the legal situation in the country where you live (and/or where the websites you are checking out are hosted).  I can not be held responsible for any actions taken by others based on the advice I have published here and my sole purpose in publishing this information is to share what may be useful to others when trying to protect their personal or professional identity online… in short, I am aiming to do the right thing here…

Your identity (whether it’s personal, or a corporate brand) is precious.  Sometimes, unscrupulous individuals, or those who may have a grudge against you, may impersonate you or your brand online.  When that happens, it can be useful to know a little more about who is using your identity as you attempt to reclaim it. Hopefully some of these suggestions will be useful in tracking down who is using your identity, whether it’s to send unsolicited e-mails, to (mis-) use your brand or trademark online, or just to get some idea of your own online footprint.

It can be quite interesting to understand your Internet footprint – and automated tools such as RapLeaf can be used to see the social profile for given e-mail address(es) on a number of popular sites across the web.  Companies can find out about their customers, but individuals can check their details too – I was surprised to find when I logged in that it had already identified me on Flickr and WordPress previously (suggesting that one of RapLeaf’s customer had already run a search on me)… it’s far from complete but may provide a few more clues about who someone is (or highlight to you the information that you publish online). Even more of an eye-opener was Gist which, once supplied with my public Facebook and Twitter accounts, found a huge amount of information about me from a variety of online sources and most of it was accurate (it had linked me to my employer’s sister company – probably because that was the information it gained on me from one of my contacts).

The next tool that may be useful Open Site Explorer.  This link popularity checker and backlink analysis tool can be used to understand where links to a given URL originate from, including the URL’s page authority, domain authority, linking domains and total links. So, if you find an anonymous blog, it will show where links to that blog – which may provide a clue as to whose site it is (i.e. an anonymous blogger may also have other online personas).

If you want to find something on the ‘net, Google is your friend: by searching for snippets of text, comments, etc. it’s possible to identify the original source of an item.  And Google’s cache is a goldmine – even after a website has been taken offline, its contents may well still exist in the Google cache!

Sites like Knowem can be used to see who is using a particular name (or trademark) on a variety of sites across the Web – that can be useful if you want to protect your brand.

IP tools can provide all sorts of information for would-be Internet sleuths. Many are just standard Unix tools, exposed via a website and not everything can be relied on (for example my IP address belongs to my ISP, who are several hundred miles away, but they know who I am if I’ve been up to no good). Domain tools information can provide a detailed site profile as well as whois information including reverse IP lookups to understand who else shares my server (noting that they may or may not be affiliated in some way).  You can also find out which sites share a given IP address using a decision engine such as Bing.  Try searching for ip:ipaddress to see all of the sites at a given address.

E-mail headers can be useful to find out where an e-mail originated (or which servers it passed through).  In Microsoft Outlook, view the message headers or, in Google Mail, select Show Original.  The resulting information (IP addresses, etc.) can be fed into some of the IP tools (e.g. traceroute or whois) to find out more about the message – e.g. to track down a spammer (and block them!).

Of course, if you wanted to find out who someone was, you could send them an e-mail and try and trap them using the same techniques that the phishers use… that wouldn’t be a good idea – it’s almost certainly illegal, and I’m not condoning it – indeed, the only reason I mention it here is to say “don’t do it”.

One more clue as to who is watching you online (unfortunately not free, but potentially useful when tracking down an impersonator) is a dashboard called Trovus, which can be used to build a profile of who accesses your website and from where.

If you discover that your identity is being used inappropriately, the first thing to do is to contact the relevant service providers (perhaps a hosting company for a website or mail server, or maybe a public website) and, even though you may not see a response, they may be taking action that’s not visible to you (e.g. offline, via another medium, or using lawyers) – hopefully you’ll at least get a response to say “thanks, we’ll be in touch”.  Whilst the actions in this post may not provide all the answers on who is impersonating you, they are at least the first steps to allow you to contact the appropriate organisations for further assistance.

3 thoughts on “How to be an Internet private eye

  1. Useful stuff.

    I have a slightly opposed view on this though. I take internet identity quite seriously, I even go so far as to deny myself the pleasures of a few social networking sites in an attempt to keep my identity private.

    One thing that occurs to me about identity is that it’s hard for a would-be thief to join-the-dots. That is, if all these social networks are kept disconnected it would be hard for the thief to penetrate them. It seems tools like Gist (if I understand it correctly) actually provide the missing ‘link’ which joins everything together.

    To put it another way, if I was trying to steal identities I would probably target sites like Gist to see if they had vulnerabilities that I could exploit.

  2. @Steve – I think you’re right – I was shocked when I saw how much Gist could find about me… an Internet marketer’s dream… or an identity nightmare, depending on which side of the fence you sit on.

    @Oscar – you make an interesting point with your post. I still find it amazing that certain operating systems ship with administrative rights turned on as standard and the firewall off!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.