Behodar:

 

raytaylor: If the website provider says "we had a hacker or someone sharing music that came in from 100.101.102.103:14291" we can instantly say well thats customer ip address 100.101.102.103 - john doe from york street.

 

As an ISP you can do that, but I was using the perspective of a site owner. If I understand correctly, the only information I can get out of a CG-NAT IP address is the ISP that it's allocated to. Without actually contacting the ISP (which would presumably involve its own privacy policy etc) I can't get any end-user details out of a CG-NAT IP address. Please do correct me if I'm wrong!

 

Many businesses and other organisations have fixed IP addresses. Doing  reverse ip lookups, dns lookups and traceroutes returns a lot of information about who is at the other end. end users leave traces too which can be tracked. We got one guy who was attacking a business with DOS type spam attacks via his ip address as we then linked it to a post made in an online chat / BBS which had enough information to tie two data sets together. We contacted his isp - who told us he wasn't with them as they had banned him, then had to retract and recorrect as he was back online with them.

On its own an ip address doesn't tell much but if you add enough information from other sources it starts to add up - sometimes. Jo average home user not so much - unless they have kids playing online games and then the wealth of possible material increases.  Clients daughter getting some pretty nasty bullying anonymously online. We could trace an ip address but no idea who it was - until we sent an email to a likely source, with return receipt attached, and when it came back to us was could link the two - and deal with the parents and principle to get things stopped.

Generally dealing with a problem from a person you have to talk to the isp who owns the block and trust they will do their job. They wont however confirm if there is a person or what they do - seems to be a breach of privacy.