IP Address and Privacy

What an IP discloses

The "IP shows your exact location" framing common in scary articles is mostly wrong. IP geolocation databases are built from a mix of registry data and ISP reporting; they're accurate at the city level and imprecise below it. Mobile IPs and CGNAT can be off by hundreds of miles.

How IP geolocation works

Geolocation providers build databases by:

• Regional Internet Registry data (ARIN, RIPE, APNIC) — the official allocation records tying IP blocks to organizations.
• ISP-reported locations — many ISPs publish or sell location data for their address space.
• Reverse DNS hints — hostnames like la-103-cgn.example-isp.net hint at "Los Angeles."
• User-reported corrections — when sites notice a mismatch, they often submit corrections.
• Sample traffic correlation — joining IP with declared addresses from forms, shipping, etc.

This produces a city-level estimate that is wrong often enough that no one should treat IP location as ground truth. For VPN endpoints, the IP is in the VPN provider's data center, often far from the user.

What an IP does not disclose

• Your name, your physical address, your real-world identity. Requires the ISP to disclose, which generally requires legal process.
• Any data inside encrypted connections. The IP is only the source/destination label.
• Which device behind the IP you are. Many devices typically share one home IP via NAT.
• Anything specific about you as an individual person.

NAT, CGNAT, and shared IPs

Most home networks share one public IP across many devices via NAT — the router translates internal addresses to one external address. To the internet, every device in your house looks like the same IP. CGNAT extends this to the ISP level: many households share one public IP. Mobile carriers and some fixed-wireless ISPs use CGNAT extensively.

Practical effects:

• Tracking by IP becomes coarser — actions from "the same IP" may be different households.
• Incoming connections (gaming, self-hosting, port forwarding) often don't work behind CGNAT.
• Geolocation can be wrong by hundreds of miles when CGNAT routes through distant POPs.

IPv4 vs IPv6 privacy

IPv6 changes the picture. With unique addresses per device (no NAT needed), the IP can identify a specific device, not just a household. IPv6 addresses also often embed the device's MAC address in older interface-ID configurations, leaking a stable hardware identifier. Modern operating systems use IPv6 Privacy Extensions (RFC 4941) that randomize interface IDs and rotate them periodically, mitigating the long-term tracking concern.

For more on the v4/v6 difference, see IPv4 vs IPv6.

How to control what destinations see

None of these change what the chosen intermediary sees — they only change what the destination site sees. The privacy benefit depends on whether you trust the intermediary more than your default situation.

The correlation problem

The real privacy issue with IP is not any single observation, but correlation across observations. Examples:

• A site sees your real IP today, then sees your VPN IP next week, and you log into the same account both times. The site can correlate your IP history with your identity.
• Two services that share data observe your IP and a cookie. Even with the cookie cleared next visit, the IP plus browser fingerprint links you to the prior session.
• A site observes that the same IP visits at a specific time each day — a behavioral fingerprint of one user, even if multiple users actually share that IP via NAT.

Defense in depth — IP rotation + fingerprint resistance + cookie clearing — works because each layer breaks one correlation channel. Removing only one layer leaves the others intact.

Frequently Asked Questions

What can someone learn from my IP address?

From a public IP alone: your ISP, your approximate city or region (often within 5-50 km accuracy), and sometimes the type of connection (residential vs commercial vs hosting). Not your exact street address, not your identity, not the contents of your traffic. The ISP could tie the IP to a specific account on their network, but that link is not public.

How accurate is IP geolocation?

For consumer IP addresses: city-level accuracy is typical, often within 25 km. Country-level is nearly always correct. Street-level is generally fabrication — geolocation databases do not have street-level resolution for residential IPs, and any service claiming to provide it for a typical home IP is approximating from the city centroid. Mobile and CGNAT addresses can be far less accurate.

Does a VPN change my IP address?

Yes. Sites you visit see the VPN endpoint's IP instead of yours. Geolocation lookups will report the VPN's location, which may be in another country. Your real IP is still visible to the VPN provider; the tradeoff is whether you trust the VPN more than your ISP.

What is CGNAT and how does it affect my IP privacy?

Carrier-grade NAT is a technique many ISPs (especially mobile carriers) use to share one public IP across many customers. Multiple subscribers behind a single CGNAT IP appear to the internet as the same address. This complicates IP-based tracking — the IP no longer identifies a single household — but it also makes things like incoming connections, gaming, and self-hosting hard.

Should I worry about my IP being public?

For most users, no — your IP is observed by every server you connect to, and there is no realistic way to hide it from those servers without using a VPN or Tor. The privacy concern is not that any single site sees the IP, but that multiple sites can correlate the same IP back to you over time and combine that with other data (cookies, fingerprints, login state). The protections that matter are usually higher-layer ones, not IP concealment.