In the last month an EU court ruled that German government websites can log visitors’ IP addresses.
The Court of Justice of the European Union (CJEU) has ruled that the German government can collect and keep IP addresses of visitors to websites operated by German Federal institutions.
The main reason being to be able to protect those sites against cyberattacks, for example DDoS attacks.
There are clear privacy concerns and the worry that this ruling could set a legal precedent for more invasive online monitoring. Mark James, ESET IT Security Specialist, explains that all data has an inherent value, no matter how small it may seem.
“Any information or data, no matter how small it may seem, has a value, and that value of course is dependent on who has it and what they are going to do with it.
“The IP address itself may not seem altogether useful, but if you can gain further information from the ISP relating to that user, then both together could lead to potential security risks if hacked and stolen.
“Obtaining the information to mitigate DDoS attacks seems a strange reason as there are many better ways to achieve the same goal, and if someone is going to the trouble of DoS or DDoS attacks then knowing their IP address may not help you anyway.
“The use for the information very much depends on what information is made available, but technically any info could lead to targeted phishing attacks or spam campaigns, and if the data has a good degree of actual true information then the success rate of targeted attacks is increased massively.
How concerned are you with websites storing your IP address? How about other personal information? Let us know on Twitter @ESETUK
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.