Whoever wrote this is a complete idiot and doesn't know the first thing about computer forensics.<p>Check out this gem:<p>"I use spammers and pedophiles as test subjects when I’m working on something. This is mostly because it’s unlikely that they would go to the authorities and point the finger at me, knowing that I could easily turn around and say something to the effect of, “Well, yes I did pwn his box.. but you should have seen all the child porn I found on it.” owned x 2."<p>Well, owned x 3 because the first thing that this would do is backfire, after all if you admitted to hacking someone's box they could make a fair claim to you having put that data there.<p>The last thing you do when you go after a pedophile is to hack their computer, any evidence found there is tainted, and you are now a suspect with a confession on record.<p>There are several other laws this guy broke in his vigilante action against this spammer, he's set himself up quite nicely for a lawsuit, after all he's handed the prosecution all the documentation they could possibly wish for.
This guy is clearly a complete moron, but the thing that annoyed me the most was not the fact that he seems to think he's a genius for being able to use Google, it's his total misuse of the phrase "work cut out for".<p><i>Also, consider what you’re sending in this email. What if this guy had sent me an email trying to extort me, threaten me, whatever? I could turn this over to the authorities and they’d have their work cut out for them.</i>
This is Dumb catching Dumber. Only the bottom of the barrel spammers in the year 2010 would use their real non-proxied IP address and a non-private WHOIS record. I would also point out that GeoIP does not point out the address of the person using an IP address, just their ISP (or whoever owns the ARIN block).
I stopped reading when I read:<p><i>Just put the IP address in the box and hit “search”. Here’s what we find.<p><pre><code> Region: Washington
City: Spokane
Postal code: 99205
</code></pre>
So, we’re narrowing it down.. we now know that it’s Spokane, Washington.</i><p>Erm, no you don't know that he lives there, it just means that the IP address he happens to hit the internet with belongs at that address. If I geoIP myself it comes up about 300+ miles from where i live , I geoIPd some of the public wifi connections I used and it's not even the same country that I am in.<p>I blame google analytics for this, I often hear people say stuff like "hmm , all our visitors seem to come from London, let's optimise our site for people in London".
It's also possible that the spam email came from a computer infected with malware, making the target of this "attack" an innocent bystander.<p>Whether this was the case, in this instance, is insignificant, it's just one of those things that the author didn't think of, it shows the author did not think very deeply about the situation, and simply wanted to flex his technical jock.
The realities of life are that at some point you're going to have to give out your personal information. From a fragment of that it's pretty easy to reconstruct the rest.<p>The only thing the internet really changes is using a browser vs. going down to the courthouse.<p>Finding a name, address and phone number are not really a big deal. Life is far better knowing lots of people than it is knowing a few people. My time is worth far more than anything I could hope to gain from tracking down someone who sends me email I don't want. I'd much rather just click the Spam button and get on interacting with the wonderful people in my life.<p>"OMG, someone on <i>the internet</i> found my name, address, and phone number. I don't know how I could go on living my life dealing with <i>phone calls</i> and <i>mail</i>, my life has been completely destroyed!"<p>If this person could put my name, phone number and address infront of every person on the planet I'd gladly pay for that service, it would be extremely valuable having 7 billion people know how to reach me.
Whois info can and does easily get falsified. So the basis of his entire research which was built on checking whois is incorrect. In other words there is nothing preventing anyone from registering a domain name using someone elses contact info. Which is actually done quite frequently by web designers as only one example on behalf of their customers for legitimate reasons.<p>Separately, this is also incorrect:<p>"and it’s the administrative contact, which means he owns the domain"<p>The "registrant" actually owns the domain. Not the admin contact. Of course the admin contact can own the domain. And all the info can be false anyway as mentioned.<p>For example in the case of the domain "ycombinator.com" the admin contact is "Kirsty Nathoo" who, according to linkedin, is the "VP Finance and Operations at Y Combinator". The registrant is Ycombinator LLC and of course that makes sense that they are the owner.<p>Geo locating ip addresses also produces far from gold standard results.
I do this sort of stuff on a near-daily basis. All the tools he refers to are quite common.<p>The only things I'd add is that if you're a state of Washington resident, your personal details are particularly open to the Internet. They seem to have every little government database open for use. I always breathe a sigh of relief when whoever I have to track down lives or has lived in WA.<p>In numerous other cases, I've had to track down people merely with a street address, and getting a full dossier on those people is equally easy.<p>If I were to use illegal techniques, it would be orders of magnitude scarier.<p>I track down criminals or long lost loved ones normally, but how do you combat being found? Dis-information. I could go on about this, if people were interested.<p>Summary: keep your personal life off the Internet.
<i>whois ricardo.cc</i><p>ring me up :)<p>I'm not worried about my address, phone, name or email. You can get those from the doormen, co-workers, friends, google and hundreds of documents scattered around the world (bills, contracts, registers, etc).<p>The best you can and should do is protect your personal life. I recently switched my FB account to "friends only" - that should be the default for everybody.
On a somewhat related note , this talk from defcon:<p><a href="http://www.youtube.com/watch?v=fEmO7wQKCMw" rel="nofollow">http://www.youtube.com/watch?v=fEmO7wQKCMw</a><p>Is actually pretty cool, albeit a little far fetched in parts.
It seems inevitable that all public information about people will become organized, and you just won't be able to keep secrets like this any more. Better than it be available to everyone than only to sneaky governmental agencies.