
Ask HN: How do I anonymize a user's IP Address? - thisismyhnuser
For instance, take the IP address of &quot;215.54.387.9&quot;...if I simply use &quot;215.54.387&quot; and leave out the last &quot;9&quot; is that enough so that the IP address cannot be traced back to the user? My understanding is that a government entity, etc needs to match the HTTP referer in combination w&#x2F; the full IP address to track down the user&#x27;s information, or am I wrong? Also, how would I deal with IPV6 addresses?
======
greenyoda
_" I simply use '215.54.387' and leave out the last '9' is that enough so that
the IP address cannot be traced back to the user?"_

A single company could easily own all 256 IP addresses in 215.54.87.*. (Larger
companies can own even larger blocks of IP addresses.) So just dropping the
last number doesn't offer much anonymity. For example, once somebody traced
the address down to XYZ Company, that company might be able to give them a log
of all outgoing traffic tied to specific employees' machines. Even an ISP
might be able to link a partial IP address to a specific user if they can
search their logs for a specific date/time/destination.

(Note: '387' could never be a component of an IPv4 address, since each
component is 8 bits, or 0-255.)

------
Raed667
Do you NEED this information in your DB? Can you live without it? If so, just
don't store the IP addresses.

~~~
thisismyhnuser
I'm really trying to solve my other question:
[https://news.ycombinator.com/item?id=11511793](https://news.ycombinator.com/item?id=11511793)

I thought I'd break it up since it really is 2 questions.

------
detaro
a) please do not delete & repost, it's against HNs rules

b) You can't maintain a 1:1 mapping and anonymity, if I know your algorithm
it's trivial to try all IP addresses and get a mapping to do a reverse look
up. You need to throw away data to make it ambiguous, e.g. in probabilistic
data structures like bloom filters.

I don't know what a snooper would want with the HTTP referrer information.

~~~
thisismyhnuser
didn't delete. I edited my other question (which has a different focus) and
then posted this.

~~~
detaro
Ok, sorry, I just remembered seeing the question shortly before and couldn't
find it again ;)

------
sajid
You can use HMAC:

[https://en.wikipedia.org/wiki/Hash-
based_message_authenticat...](https://en.wikipedia.org/wiki/Hash-
based_message_authentication_code)

