Dear Mr. Van Hecke,
We have received your March 14, 2005 email regarding trouble on your web site. Please forgive our delay in responding.
Marketscore operates a market research panel that offers its panelists various benefits in exchange for their participation in our market research network. The activity you cite in your email most likely represents the activity of one or more of our panelists. If you suspect a crime is being committed, you should report it to your local law enforcement authorities. Marketscore can only require its users to conform to its Membership Agreement. Law enforcement authorities can take a wider range of actions to prosecute individuals for illegal activities.
In order to help web sites identify the originating IP address (and in most cases, the individual’s Internet Service Provider) of these types of activities, we include the originating IP address as part of the header information that we forward for traffic going through the Marketscore network. We have attached an informational memorandum that describes this header information in more detail, so that you can begin to capture this information.
Please feel free to contact us again should you have any additional questions.
In the attached “informational memorandum” they explain the extra headers to trace the actual source of traffic from its origination point:
Marketscore forwards originating IP address information under header denoted as ‘x-forwarded-for’. We also forward the same originating IP address information under the header denoted as ‘client-ip’. You can easily log this header information using any current web server software.
Fair enough, but that’s only a way to better identify any future vandalism, and only in case I can convince my hoster to log these headers (or switch to a hoster that does it already). They do not assume responsibility for any of their user’s behaviour, and don’t take action to identify that user. Which (you might find it strange) I do understand:
- it’s not their responsibility to determine whether a series of log entries does represent proof of “criminal behaviour” under some legislation
- they will only take action the moment I file an actual complaint
- to identify that user of theirs when requested by Law Enforcement
- to check whether that user’s behaviour as observed by Law Enforcement is against their Membership agreement
I would have expected them to act on a complaint involving one of their users, even when not checked by an independent party (Law Enforcement). By identifying the user and suspending membership, for example, in order to protect their reputation. However, this leaves their users without recourse to unjustified complaints – and (what probably is more important) it’s a lot of hassle for them.
So that leaves it up to me to file a complaint. But it’s not worth the hassle either for me…
Being a coward, aren’t I?