Posting and IP Addresses

[Duron]

I know that the usenet provider keeps logs of uploads but is there a way for a casual downloader to figure out who uploaded the file or from what ip?

i.e. what information is actually available to downloaders if they go looking (in headers etc.)?

[mjmacky]

If that information was really available to a casual user, no one would be doing it. That's considering the posting was done with a premium newsgroup service provider. Doing it with your ISP might reveal your IP address. Since very few (if any?) ISPs allow reading/posting to binary newsgroups nowadays, this isn't an issue. There are bigger experts than I about this, maybe they'll chime in. What's your sudden interest in this anyways?

[jefffisher]

why would you want that info?

the only thing you can do is read the header, most probably all paid providers encode it and only say the users encoded id.

my isp's free newsgroup service will put my ip address directly in the header but i doubt anyone would use that to upload anything.

[zot]

Highwinds inserts a long encrypted text string into the "path" field of every post's info header, and this encrypted text string was rumored to contain the poster's user-ID and possibly IP address. Since this text string was the same for every post made on a particular account, it was one way of tracking a nym-shifting Highwinds poster.

Since Highwinds encrypted-string information is in the "path" field, there is no way for a newsreader --or a (sp)forgery tool like NewsMaestro-- to strip it out.

It seems that recently Highwinds changed this slightly, and now appears to use a much shorter text string. I don't know of any other pay-providers that also do this.

i.e. what information is actually available to downloaders if they go looking (in headers etc.)?

That wwould be whatever information the posting client *and* the ISP/NSP choose to include. (You do know how to look this up, don't you?)

Some providers will even let you personalize the message ID of your posts with a text string of your own choosing, making forgery of your identity more difficult. (probably not a good idea if you post a lot of binaries)

And it seems most internet service providers (those that still offer free NNTP access) will insert your IP address in all usenet posts, but I don't know of any pay-providers that do this.

[cola]

Highwinds inserts a long encrypted text string into the "path" field of every post's info header, and this encrypted text string was rumored to contain the poster's user-ID and possibly IP address. Since this text string was the same for every post made on a particular account, it was one way of tracking a nym-shifting Highwinds poster.

Since Highwinds encrypted-string information is in the "path" field, there is no way for a newsreader --or a (sp)forgery tool like NewsMaestro-- to strip it out.

It seems that recently Highwinds changed this slightly, and now appears to use a much shorter text string. I don't know of any other pay-providers that also do this.

Most providers will place an X-Trace header into the headers:

NNTP-Posting-Date: Fri, 06 May 2011 11:32:44 -0500
Date: Fri, 06 May 2011 11:32:44 -0500
From: Salad <[email protected]>
Organization: VeggieMarg
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: soc.culture.african.american,alt.politics.obama,alt.survival,soc.support.fat-acceptance
Subject: Re: Oakland to send emergency looters to Japan.
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>
In-Reply-To: <[email protected]>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <[email protected]>
Lines: 229
X-Usenet-Provider: http://www.giganews.com
NNTP-Posting-Host: 174.20.161.229
X-Trace: sv3-6WSNEzyz9HR/GLcOeu5e8y9pjNJeknQLcnTW8qtQRapgoLkk3JRDIIkzLhEGwsrCPRoQpen2XgBxR5z!oCh6T0MCAcIBYbcaCY6f8MEQEt+hCTtR17zF1FWx08IZl4t6RGBVPrNvQQ1LHsQ1bJh9rTV+u5+F!bxlZBs5/FXYZmPum/LVlMfHkxyzoZfx1nDBPYTSSvg==
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
X-Original-Bytes: 9886

Newsgroups: alt.abortion,alt.atheism,soc.support.fat-acceptance,tx.politics
Subject: Re: Obese people less sexually satisfied
References: <[email protected]>
Reply-To: [email protected]
Organization: Sonic.net, Inc.
X-Newsreader: trn 4.0-test76 (Apr 2, 2001)
From: [email protected] (Ray Fischer)
Originator: [email protected] (Ray Fischer)
Date: 05 May 2011 05:29:38 GMT
Lines: 10
Message-ID: <[email protected]>
NNTP-Posting-Date: 05 May 2011 05:29:38 GMT
NNTP-Posting-Host: ed707dc6.news.sonic.net
X-Trace: DXC=iTeNTj6Q0X^aI3=dSMd[ZVm4K\QM1CV^P1OYf0H`?;XQfFPFn_5Yi9]F=1i9HD6TWEZYkTn1SU^bX9H=NH?Y:]
X-Complaints-To: [email protected]

From: [email protected] (N.E.R.Ds)
Sender: [email protected]
Newsgroups: alt.binaries.e-book,alt.binaries.e-book.flood
Subject: New eBooks 02 June 2011 - [033/233] - "Cooper McKenzie - [Club Esoteria 06] - His Beck and Call Girl [Siren Allure] (prc).rar" 139k yEnc (1/1)
Organization: N.E.R.Ds
Reply-To: [email protected]
Followup-To: N.E.R.Ds
X-Newsposter: YENC-POWER-POST-A&A-v11b (Modified POWER-POST www.CosmicWolf.com)
Date: 08 Jun 2011 11:21:38 GMT
Lines: 1139
Message-ID: <[email protected]>
NNTP-Posting-Host: 01752294.news.astraweb.com
X-Trace: DXC=]aGbH@\b>NVlf2[8b49d@PL?0kYOcDh@ZR_A;UjN@1eYFY`X_Y8OYWRDfFNQVaeXVS7kS=J_Y^LZZ>Y?fL5lLP]T_m<1A0bc:iR?I\J:F>Kj9]