We have now added Tor™ Network "change history" to complement our Tor™ Network "presence history". This history data goes back as far as May 13, 2008.
You can see at http://www.ippages.com/?node=iloveamsterdam for example, that node "iloveamsterdam" was added to the Tor™ Network on August 6, 2008.
You can see at http://www.ippages.com/?node=moldyold the various dates when node "moldyold" had it's IP address changed.
You can see at http://www.ippages.com/?node=nixnix that node "nixnix" changed it's fingerprint on October 6, 2008. (You can also see here that a duplicate "nixnix" node was running on August 6 and 7 at IP address 84.57.191.62)
You can see at http://www.ippages.com/?node=desync that node "desync" upgraded to Tor version 0.2.1.6-alpha on October 16, 2008.
Saturday, October 18, 2008
Friday, April 18, 2008
IP Address Lookups by Tor nickname and fingerprint
Interesting discovery today when adding support for IP Address Lookups on Tor node nicknames and fingerprints. Anyone can now do a lookup with node= or fingerprint= specified as a URL parameter, as in the following examples:
http://www.showmyip.com/?node=peacetime
http://www.ippages.com/?fingerprint=2f63b6febe2c1fdddef2dd850b77b88c05711cf9
Previously you could only do lookups by IP Address, Host name, or "long" IP number as in:
http://www.showmyip.com/?ip=75.125.82.140
http://www.ippages.com/?host=adobe.com
http://www.lookupip.com/?ipn=1266504332
When I ran some tests on node=peacetime I found, by way of the new Tor network presence history data, that there were quite a number of nicknames using the same IP Address 128.31.0.34 over at mit.edu: peacetime, moria500, moria1, moria2, moria1000 and maybe more. What the heck are you doing over there Nick, arma and Roger? :)
http://www.showmyip.com/?node=peacetime
http://www.ippages.com/?fingerprint=2f63b6febe2c1fdddef2dd850b77b88c05711cf9
Previously you could only do lookups by IP Address, Host name, or "long" IP number as in:
http://www.showmyip.com/?ip=75.125.82.140
http://www.ippages.com/?host=adobe.com
http://www.lookupip.com/?ipn=1266504332
When I ran some tests on node=peacetime I found, by way of the new Tor network presence history data, that there were quite a number of nicknames using the same IP Address 128.31.0.34 over at mit.edu: peacetime, moria500, moria1, moria2, moria1000 and maybe more. What the heck are you doing over there Nick, arma and Roger? :)
Tor network presence history now available
showmyip.com has now added Tor network presence history data to show when an IP Address has been part of the Tor network over the previous 7 days. This presence history data shows date and time, actual bandwidth, Tor software version, uptime, Exit Policy and more. As well, subscribers to our IP Address Lookup service get 2 additional features: 31 days of presence history rather than 7 days, and the ability to specify any date to check.
German police, or anyone else, can now go to pickaproxy.com, select their country of choice, and from the list of Tor network nodes in that country, perform a Lookup on that IP Address to learn when in the previous 7 or 31 days that IP Address was active in the Tor network.
By adding a &date=20080131 parameter to this lookup, for example, a subscriber could get this presence history data to show from January 1-31, 2008.
Presence history data is also checked for all IP Addresses that are not currently a Tor network node. Previously if an IP Address was not currently a Tor network node, it would simply be indicated as such. Now it will be identified if it was part of the Tor network in the previous 7 or 31 days.
These new features are currently implemented in the HTML and XML interfaces on showmyip.com, ippages.com and lookupip.com, and will be added to our RSS, SOAP and simple text interfaces in the short term.
German police, or anyone else, can now go to pickaproxy.com, select their country of choice, and from the list of Tor network nodes in that country, perform a Lookup on that IP Address to learn when in the previous 7 or 31 days that IP Address was active in the Tor network.
By adding a &date=20080131 parameter to this lookup, for example, a subscriber could get this presence history data to show from January 1-31, 2008.
Presence history data is also checked for all IP Addresses that are not currently a Tor network node. Previously if an IP Address was not currently a Tor network node, it would simply be indicated as such. Now it will be identified if it was part of the Tor network in the previous 7 or 31 days.
These new features are currently implemented in the HTML and XML interfaces on showmyip.com, ippages.com and lookupip.com, and will be added to our RSS, SOAP and simple text interfaces in the short term.
Tuesday, April 01, 2008
pickaproxy.com lookups
pickaproxy.com was updated a few months ago to provide more detailed lookup data on Tor network nodes by using our showmyip.com lookup service. (see https://www.torproject.org/ for more details on the Tor network)
We still have quite a bit of work in progress on this, but what we discovered recently was that we could identify "bridge relay" users, which surprised us. Bridge relay users of the Tor network do not have any information about them published publicly, so we presumed they would be undetectable. However, they are quite easily detectable, and we are now identifying them separately from the other "relay" and "exit" nodes that make up the Tor network. A quick glance shows that about 40% of the current Tor network users are bridge relays, and I would expect this percentage to climb over time.
We also discovered that we could identify previous Tor network users who are no longer users, and so have added this information to our lookup data. One of our subscribers was using an (outdated) list of Tor network IP Addresses, and asked why we were not identifying 1 of these IP Addresses as a Tor node. We found that it was last seen back in December, and thought that this would be useful information to be made public.
We still have quite a bit of work in progress on this, but what we discovered recently was that we could identify "bridge relay" users, which surprised us. Bridge relay users of the Tor network do not have any information about them published publicly, so we presumed they would be undetectable. However, they are quite easily detectable, and we are now identifying them separately from the other "relay" and "exit" nodes that make up the Tor network. A quick glance shows that about 40% of the current Tor network users are bridge relays, and I would expect this percentage to climb over time.
We also discovered that we could identify previous Tor network users who are no longer users, and so have added this information to our lookup data. One of our subscribers was using an (outdated) list of Tor network IP Addresses, and asked why we were not identifying 1 of these IP Addresses as a Tor node. We found that it was last seen back in December, and thought that this would be useful information to be made public.
SOAP interface updates
Previous showmyip.wsdl at http://www.showmyip.com/soap/server.php has now been replaced by callshowmyip.wsdl at http://www.showmyip.com/soap2008/server.php. This SOAP service can be used to detect your public IP Address, and to determine what properties any web site you visit presumes about you.
Previous SOAP showmyip_lookup.wsdl at http://www.showmyip.com/soap/lookupserver.php has been replaced by callshowmyip_lookup.wsdl at http://www.showmyip.com/soap2008/lookupserver.php. This SOAP service can be used to learn the properties of any IP Address or host/domain name. As a web site operator, for example, you can first get the IP Address of a visitor to your web site, then pass that IP Address over our SOAP interface to us to learn their host/domain name, their Country, Nationality, Currency, Latitude and Longitude, Tor network status, RBL/DNSBL status, and more. If you are a subscriber to our service (starting at $20 USD for 20,000 lookups) you can learn the State, City, ISP and Owning Organization of your visitor.
Subscribers would use ippages.com instead of showmyip.com of course, since this domain is available for them to get more consistent, faster responses.
TOR_DETECTION and RBL_DNSBL_STATUS are 2 new properties returned by each of these services. Tor Detection provides real-time and near real-time detection data on whether an IP Address is part of the Tor network. (see https://www.torproject.org/ for more details).
RBL/DNSBL status provides real-time and near real-time data on whether an IP Address is listed on the spamhaus.org, sorbs.net, uceprotect.net and/or other blacklists or blocklists.
Previous SOAP showmyip_lookup.wsdl at http://www.showmyip.com/soap/lookupserver.php has been replaced by callshowmyip_lookup.wsdl at http://www.showmyip.com/soap2008/lookupserver.php. This SOAP service can be used to learn the properties of any IP Address or host/domain name. As a web site operator, for example, you can first get the IP Address of a visitor to your web site, then pass that IP Address over our SOAP interface to us to learn their host/domain name, their Country, Nationality, Currency, Latitude and Longitude, Tor network status, RBL/DNSBL status, and more. If you are a subscriber to our service (starting at $20 USD for 20,000 lookups) you can learn the State, City, ISP and Owning Organization of your visitor.
Subscribers would use ippages.com instead of showmyip.com of course, since this domain is available for them to get more consistent, faster responses.
TOR_DETECTION and RBL_DNSBL_STATUS are 2 new properties returned by each of these services. Tor Detection provides real-time and near real-time detection data on whether an IP Address is part of the Tor network. (see https://www.torproject.org/ for more details).
RBL/DNSBL status provides real-time and near real-time data on whether an IP Address is listed on the spamhaus.org, sorbs.net, uceprotect.net and/or other blacklists or blocklists.
Monday, February 05, 2007
www.showmyip.com/torstatus
Yesterday we put up a new web page http://www.showmyip.com/torstatus/ to service Tor network users who want a quick way to determine if they are connected to the Tor network or not. It's a first draft and we will be adding more content to help new Tor users better understand what they have gotten themselves into.
You can also get here by way of http://tor.showmyip.com and http://torstatus.showmyip.com and of course ippages.com has the equivalent pages for subscribers to our IP Address Lookup service - at this point subscribers get more reliable data about their supposed geographical location.
You can also get here by way of http://tor.showmyip.com and http://torstatus.showmyip.com and of course ippages.com has the equivalent pages for subscribers to our IP Address Lookup service - at this point subscribers get more reliable data about their supposed geographical location.
Saturday, October 07, 2006
Daily Maximum Increased for IP Address Lookups
We have now increased by 100 times the number of IP Address lookups that non-subscribers can perform each day. On showmyip.com this daily limit is now 10,000 rather than 100. On ippages.com (which is primarily reserved for our subscribers) this daily limit is now 1,000 rather than 10.
We are also looking at ways we can provide IP Address lookups to subscribers who need more than 10,000 lookups per day. If you have any ideas or needs in this regard, let us know at mailto:support@privacy-ecosystem.com and we will try to accommodate you or include your ideas.
We are also looking at ways we can provide IP Address lookups to subscribers who need more than 10,000 lookups per day. If you have any ideas or needs in this regard, let us know at mailto:support@privacy-ecosystem.com and we will try to accommodate you or include your ideas.
Tuesday, August 29, 2006
Tor Detection and NXDOMAIN
Interesting problem with our Real-Time Tor Detection service we have discovered while testing our Cloak On! privacy service: some Tor exit nodes are not listed in the Tor cached-routers file, resulting in our service not correctly identifying the IP Address as a Tor node. We suspect it is related to the IP Address being listed in the Domain Name System as status NXDOMAIN, but have not yet confirmed this. It may even be an anomaly in the Tor system itself, but we will gather more evidence before we contact the Tor developers with our findings.
Our Cloak On! privacy service has an option to use the Tor network for http, https, and ftp access to any internet servers. We found ourselves yesterday coming from IP Address 149.9.0.27 which is apparently not a Tor node, but given that we were using the Tor network we knew that it must be a Tor node. We could see this was an IP Address owned by PSI (Performance Systems International) and apparently located in Washington, DC in the USA. But the DNS system advises this domain does not exist (status NXDOMAIN) and has no corresponding domain name. Traceroute fails to find 149.9.0.27 as though it is hidden behind some servers in some way we do not yet understand. Traceroute gets as far as Rethem.demarc.congentco.com (also owned and operated by Performance Systems International located in Washington, DC but registered to Cogent Communications) but no further.
Update! Just found a discussion thread about this issue on http://archives.seul.org/or/talk/Aug-2006/threads.html which seems to indicate this is something the Tor developers are aware of and working to resolve. It appears that both 149.9.xxx.xxx and 154.35.xxx.xxx are part of this anomaly. Good news. Will followup when we have more details...
Update Oct 7: Still no further developments on this issue. We believe there is a flaw in the Tor system that allows this, but do not yet understand enough to develop a way to counter it, and do not yet understand the comments about this issue posted by the Tor developers - which seem to indicate they do not consider this a significant issue!
Our Cloak On! privacy service has an option to use the Tor network for http, https, and ftp access to any internet servers. We found ourselves yesterday coming from IP Address 149.9.0.27 which is apparently not a Tor node, but given that we were using the Tor network we knew that it must be a Tor node. We could see this was an IP Address owned by PSI (Performance Systems International) and apparently located in Washington, DC in the USA. But the DNS system advises this domain does not exist (status NXDOMAIN) and has no corresponding domain name. Traceroute fails to find 149.9.0.27 as though it is hidden behind some servers in some way we do not yet understand. Traceroute gets as far as Rethem.demarc.congentco.com (also owned and operated by Performance Systems International located in Washington, DC but registered to Cogent Communications) but no further.
Update! Just found a discussion thread about this issue on http://archives.seul.org/or/talk/Aug-2006/threads.html which seems to indicate this is something the Tor developers are aware of and working to resolve. It appears that both 149.9.xxx.xxx and 154.35.xxx.xxx are part of this anomaly. Good news. Will followup when we have more details...
Update Oct 7: Still no further developments on this issue. We believe there is a flaw in the Tor system that allows this, but do not yet understand enough to develop a way to counter it, and do not yet understand the comments about this issue posted by the Tor developers - which seem to indicate they do not consider this a significant issue!
Sunday, August 06, 2006
Tor Detection added to showmyip.com
Change of plans: we have now added Real-Time Tor Detection to showmyip.com in order to gain more exposure, and since we now have greater confidence in it's accuracy and speed. Until now we were going to finish the upgrade of our SOAP and simple interfaces on ippages.com before moving to showmyip.com but we are excited about this new capability and want to get the word out. Can you really blame us?!
And yes, now we will go back and get the SOAP interface on ippages.com for our IP Address Lookup subscribers upgraded. Thank you for your patience, Mr. Sweden, who has been politely reminding me that this needs to be done asap.
And yes, now we will go back and get the SOAP interface on ippages.com for our IP Address Lookup subscribers upgraded. Thank you for your patience, Mr. Sweden, who has been politely reminding me that this needs to be done asap.
Saturday, August 05, 2006
Tor Detection failures resolved
We have now tracked down and resolved the issue of Tor Detection not working in some instances. Tor Detection should now be working all the time. The issue was isolated to lookups on our HTML interface, and was failing when multiple lookups to the same IP Address or Domain name were done. The first lookup worked fine - subsequent lookups could not be counted on to be accurate.
Our XML lookup interface was not subject to this issue.
We also identified and fixed a few minor issues along the way, and were pleasantly surprised to find a way to speed up the Real-Time Tor Detection algorithm by 5 times - what previously required 4-5 seconds on average now takes about 1 second to accomplish the same thing.
Our XML lookup interface was not subject to this issue.
We also identified and fixed a few minor issues along the way, and were pleasantly surprised to find a way to speed up the Real-Time Tor Detection algorithm by 5 times - what previously required 4-5 seconds on average now takes about 1 second to accomplish the same thing.
Subscribe to:
Posts (Atom)