Online Service Provider safe harbors have been set up in a number of jurisdictions (domestically and internationally) as a compromise to allow a “marketplace of ideas” to flourish online without interference to user activity on the part of service providers. In exchange for limited liability, OSPs often are subject to a “notify and remove” regime that requires them to remove allegedly infringing material when it is brought to their notice. Specific examples of this can be seen in the DMCA in the US and Electronic Commerce Directive Articles 14 and 15 in the EU. The subjects of these regimes commonly include copyright, speech and privacy. However, there is a notable exception in the United States in section 230 of the Communications Decency Act. This section appears to provide blanket immunity without any exceptions for tort liability, often practically taking away any ability of users to pursue claims when their privacy is violated. In this research project we explore whether an increasing ability to identify the source of packets on the Internet has undercut the rationale for OSP safe harbors. We consider whether other regulatory regimes might be more useful in preserving user privacy without placing a substantial burden on service providers