Tracking IP addresses and Usenet posts?

There are some characteristics of language use that can be very hard to
deliberately alter -- particularly with the (generally low) amount of
effort someone is likely to put into writing Usenet posts. Things like
the frequency with which specific words are used over a statistically
significant text sample, for instance.

I don't know about off-the-shelf software for doing this sort of
analysis, but techniques like these have been use to help determine
whether to ascribe particular writings to particular historical authors,
e.g. the "Were all of Shakespeare's plays really written by one man?"
question.

 

FromTheRafters stated in post ifu205$vst$-september.org on
1/3/11 7:51 PM:

While there are tools to try to determine if one set of text is written by
the same author as another set, the tools are far from perfect and require a
fairly long sample. I was working with a professor who had access to (and
was improving) such tools. I used it to confirm my suspicions with Steve
Carroll and some of his socks, but *alone* I would not have considered it
enough evidence to be certain (though after I used about 100 of his posts
and about 50 of his socks, the confidence level reported by the software was
over 90%).

Steve also has tried to mimic my style with other socks of his - and the
best I found he could do was about a 60-65% level of confidence by the
software, and much lower when his exact quotes of mine were removed (around
40%). Still, the fact he was able to get above the baseline 5% or so was
telling - it indicated that he could "capture" some of my style. I suspect
others could do better.

I also assume there might be better software out there to do this task, but
I do not know of any.

 

Yes, but if they continually misspell a certain set of words, that can
be enough for a non-authority "fingerprint". Also, use of a certain
phrase can be a clue. I recall a poster using "quiet" for "quite" among
other things and some thrown in 'as it were' that convinced me it was a
person already known to me under another nym - i didn't need an IP.

 

Yes, good point. The authorities are concerned with finding the
contactable person, whereas non-authorities are concerned with 'nym-
shifting' and finding what nyms a poster is using. As to the program,
I'm pretty sure it was a custom written program and not commercially
available. Remember reading about it around 7 years ago in a major
magazine.

RL

 

[On software that can detect a person's writing style]

Really? I am cross-posting this to
humanities.lit.authors.shakespeare in the hope that they can tell us
what the name of this software is, or whether they've heard of it.

RL

 

RayLopez99 stated in post
on 1/4/11
2:01 AM:

I had access to a version of it a while back... and found it to be only
moderately useful unless you had a fairly large sample. Even then it was not
certain.

 

An Old Friend stated in post on
1/4/11 9:15 AM:

Agreed. Esp. when used with Usenet, a medium it was not designed for. At
least the tool I used was meant for longer pieces of text - mostly to see
which parts of the bible were written by the same person (though with all
the edits that was seen as unlikely to be of much use) and of some
historical works which are assumed to not be (or be) from the claimed
authors - such as the example of Shakespeare talked about before. There was
also quit a bit of focus on Dickens and Twain. But, again, these were
novels or at least short stories being looked at - not the type text
generally seen in Usenet. Still, looking at large numbers of posts with the
assumption that headers were enough to tell if they were at least from the
same person was enough to give evidence of who's sock was who's. But, no,
not strong enough where it could (or should!) be used in court.

I no longer have access to the program. Was fun to play with when I did.

 

That's not the point, I labeled no-one, but I "knew" that posters with
different nyms were the same because of an inability to change ingrained
habits. Your 'if things were different, they wouldn't be the same'
approach doesn't give me much faith in your competence either. I said
"among other things" so can't be offended by your lame attempt at an ad
hom remark.

 

I would guess it would be absolutely useless - in fact, prejudicial.

It seems to me that even so, it can be a good investigative tool.

 

That was a lame attempt at an ad hom remark. Who am I? You?

 

Don't mix websites with email with Usnet. They are different protocols
with different characteristics.

Every modern NNTP server, or Usenet server if you wish, supports the
use of the "NNTP-Posting-Host" header, described in RFC 2980 and other
RFC's. This was finally implemented widely because of the history of
forged cancellation messages by the cult of scientology. (No, I'm not
kidding, loolk up the history of alt.religion.scientology and forged
cancel messages and Usenet spew by cult members trying to bury a
newsgroup.)

This is *NOT* the IP address of the sender. It is the IP address of
the NNTP posting hosting host, which may be connected by any client by
any means that server accepts and may display no record whatsoever of
the connecting client. But it is the host that first submitted it to
Usenet, accoriding to the handling by all other NNTP servers. But it
is enough to do a lot of backtracking to the site that is hosting the
abusing spammer or canceller or troll, and it's been helpful

You can't backtrack material, even with voodoo tools, if the
intervening hosts didn't record the data in the message or in their
own system logs where you can access it. Few sites bother to keep such
logs, or react kindly to requests for such information, especially
without a warrant. Of course, if you're the NSA, you can just place
illegal but federally forgiven taps on the nation's fiber-optic
backbones. (Look up the AT&T fiber-optic tapping case: it was nasty.)

Bulletin boards are not NNTP. Like Wiki's, they typically have logs of
the incoming connections and their IP addresses which can be read, or
if necessaary their traffic can be sniffed. Once a Usenet message
message gets to you, though, those connections have been broken and
may be very awkard to track.

NNTP does suffer from header forgery, but the NNTP-Posting-Host has
been very helpful in reducing abuse: it allows tracking back to the
host that accepted the message, or at which the header was forged,
pretty effectively.

Getting such a subpoena is pretty awkard: I've tried, and was told not
to wast the time of the otherwise friendly law enforcement if I was
not the person suffering demonstrable monetary loss over a pretty
generous limit. (It was $30,000 over 10 years ago, I'm sure it's
increased since then.) They wouldn't be able to justify the manpower
and the subpoena.