Yesterday a friend asked in twitter if someone could find out the IP address of another twitter user without their knowledge. Turns out it’s not only possible, but it’s also really simple. Read on for a working implementation.
You only need to have access to the logs of a web server where you will host an image, and create a new account. It’s important to use a new account that has no followers: if you use your real twitter account you may find out the IP addresses of almost all your followers!!!.
The process is really simple: if somebody you follow tweets a message that includes the URL of an image (the URL ends in .jpg or .gif) most twitter clients will load a preview of the image and show it in your timeline. If you direct a tweet to only one user, and you have access to the logs of the server where the image is hosted, you will most likely be able to identify the IP address of that user.
Please note that this is only a proof of concept to make a point. IP addresses are public by definition and should not be considered a secret. Please do not use this tool with foul intentions :D.