[prawn]

Easy to trace an IP to the ISP that owns it and often an area of a country via naming schemes.

Not a huge step from there to think "Wait, x uses ISP Y and lives in Z" before burrowing through emails or checking blog comments, etc. Could be that two people were commenting from the same IP, but with different devices which suggested the son rather than the friend could be responsible.

[abalone]

Problem is he didn't do that critical second step, the "burrowing through emails or checking blog comments" for something that links the IP to a friend.

He made the mistake of responding to the criticism of his story's technical implausability by claiming his friend used a procedure of looking up the IP location on a general web database. But those only resolve to ISP-level geolocation, not user-level, as the very post he linked to was later updated to admit.

Would have been better for him to keep quiet and let us all keep imagining exotic solutions.

[prawn]

I must've missed where he claimed that he didn't do those things? Their specific methods were always suggested to be something "like x" rather than exactly like it.

Further, he didn't need a method that worked at identifying all people (as tripped up 90% of people in the linked explanation), just this particular one.

I run a forum and often try to identify/discourage PITAs. Sometimes just tracing an IP reveals nothing but the ISP and location/exchange, sure, but other times it'll give me an employer and so on. Trace an IP, get something like accessplus.weblink.telstra.net, recognise your pal's Access Plus business name and you're on your way.

Revealing the method goes some way towards informing future trolls of tricks available to them.

To me, it seemed that the mysterious method referenced was half about luring the troll away from Twitter/etc to a place where they could directly record the IP address. The rest came from there.

Picking out something like this to discredit the entire account is very rough, IMO, and I flagged this story FWIW.

[abalone]

He said it was his friend's house, not a workplace, so your theory is pretty weak.

He didn't say his IT wizard did something "like" geolocating the ISP, he said it was "almost identical" to geolocating the ISP.

Furthermore if there were some magical additional steps or wonderous circumstance that did bridge the gap between ISP-level geolocation and personal home address, he has absolutely no reason not to spell them out.

Unless he's lying.

You know, what's really fascinating about this whole thing is not why this guy would fabricate a dramatic story about him confronting a troll. That's easy to understand. It's why some people have such a powerful need to believe it. So much that they bend over backwards to find some exotic explanation around all the holes, rather than seeing them for what they are.

[prawn]

People run businesses from home. I outlined a reason someone wouldn't spell out specific details and others have written more too.

Will leave you to it, I think.