Can Police Track an IP Address?
Yes - Law enforcement can trace an IP address to a real person, but the process involves legal steps, cooperation from ISPs, and depends on how long ISPs retain logs. Understanding this process clarifies what VPNs and other privacy tools do and do not protect against.
How Law Enforcement Traces an IP Address
| Step | What Happens | Who Is Involved |
|---|---|---|
| 1. IP identification | A website, platform, or server logs the IP address of an account or activity, along with a timestamp | Platform / website |
| 2. WHOIS / RDAP lookup | Police identify which ISP or hosting company owns the IP block | Police, public WHOIS |
| 3. Legal process (subpoena / court order) | Police serve the ISP with a subpoena or court order requiring them to identify the subscriber assigned that IP at that time | Police, ISP, courts |
| 4. ISP log lookup | The ISP searches its DHCP or RADIUS logs to find which subscriber was assigned the IP at the exact timestamp | ISP |
| 5. Subscriber identification | The ISP provides the subscriber's name, address, and account details to law enforcement | ISP, police |
How Long Do ISPs Keep IP Logs?
ISP data retention requirements vary by country. In the EU, the ePrivacy Directive allows but does not mandate retention; individual member states set their own rules, typically 6–12 months. In the US, ISPs are not legally required to retain logs for a specific period but many keep them for 3–18 months for operational and compliance purposes. Logs are only accessible via legal process - ISPs cannot voluntarily hand them to police without a court order in most jurisdictions.
What VPNs Do and Don't Protect Against
- A VPN replaces your IP at the destination - The website or platform logs the VPN server's IP, not yours, making Step 1 point to the VPN provider instead of your ISP.
- If law enforcement then serves the VPN provider with a legal order, a truly no-log VPN provider has nothing to hand over - But this depends on the provider's actual logging practices and jurisdiction.
- VPNs do not protect against malware, browser fingerprinting, logged-in account activity, or metadata that can identify you independently of your IP address.
- VPNs based in countries with strong privacy laws (Iceland, Panama, Switzerland) are harder to compel via US or EU legal process, though mutual legal assistance treaties (MLATs) can bridge some gaps.
- Using a VPN does not make illegal activity legal - It only adds a procedural layer that may slow or complicate investigations, not prevent them entirely.