How are users traced via their IP when ISPs use NAT?
Since my ISP uses NAT, I will share the same public facing IP address with other customers.
If I go to a website and perform an action (posting a message, uploading an image, etc.) then my IP address will be logged, but it will be a shared IP.
But this could be a popular website, like Facebook. There will probably be a lot of users from my ISP using the site.
If they needed to find out who performed a certain action, how does the ISP know who it was? Do exact timestamps have to match?
So if, for example, the action was performed at exactly 2025-02-22 21:54:13.000 then I assume the ISP will see, in their log files, which user made an outgoing request at that time? But even then, on a popular site it's still possible that two users made an action at a time close enough that it would be hard to differentiate.
Or do ISPs have much more detailed information? Can they see that a request was made, and it was a POST/GET request, and it contained a file or was a certain size?
Or do they have different ways to identify the original user?
And a second question, from the view of a website owner, should more information be captured than just an IP?
For example, a website that allows anonymous (as in not logged in, and/or not verifying accounts) image hosting or file uploads. Should things like browser data be stored as well as the IP address? How much of the onus is on the webmaster? Is it acceptable to just log the IP and nothing else?
