We have now increased by 100 times the number of IP Address lookups that non-subscribers can perform each day. On showmyip.com this daily limit is now 10,000 rather than 100. On ippages.com (which is primarily reserved for our subscribers) this daily limit is now 1,000 rather than 10.
We are also looking at ways we can provide IP Address lookups to subscribers who need more than 10,000 lookups per day. If you have any ideas or needs in this regard, let us know at mailto:support@privacy-ecosystem.com and we will try to accommodate you or include your ideas.
Saturday, October 07, 2006
Tuesday, August 29, 2006
Tor Detection and NXDOMAIN
Interesting problem with our Real-Time Tor Detection service we have discovered while testing our Cloak On! privacy service: some Tor exit nodes are not listed in the Tor cached-routers file, resulting in our service not correctly identifying the IP Address as a Tor node. We suspect it is related to the IP Address being listed in the Domain Name System as status NXDOMAIN, but have not yet confirmed this. It may even be an anomaly in the Tor system itself, but we will gather more evidence before we contact the Tor developers with our findings.
Our Cloak On! privacy service has an option to use the Tor network for http, https, and ftp access to any internet servers. We found ourselves yesterday coming from IP Address 149.9.0.27 which is apparently not a Tor node, but given that we were using the Tor network we knew that it must be a Tor node. We could see this was an IP Address owned by PSI (Performance Systems International) and apparently located in Washington, DC in the USA. But the DNS system advises this domain does not exist (status NXDOMAIN) and has no corresponding domain name. Traceroute fails to find 149.9.0.27 as though it is hidden behind some servers in some way we do not yet understand. Traceroute gets as far as Rethem.demarc.congentco.com (also owned and operated by Performance Systems International located in Washington, DC but registered to Cogent Communications) but no further.
Update! Just found a discussion thread about this issue on http://archives.seul.org/or/talk/Aug-2006/threads.html which seems to indicate this is something the Tor developers are aware of and working to resolve. It appears that both 149.9.xxx.xxx and 154.35.xxx.xxx are part of this anomaly. Good news. Will followup when we have more details...
Update Oct 7: Still no further developments on this issue. We believe there is a flaw in the Tor system that allows this, but do not yet understand enough to develop a way to counter it, and do not yet understand the comments about this issue posted by the Tor developers - which seem to indicate they do not consider this a significant issue!
Our Cloak On! privacy service has an option to use the Tor network for http, https, and ftp access to any internet servers. We found ourselves yesterday coming from IP Address 149.9.0.27 which is apparently not a Tor node, but given that we were using the Tor network we knew that it must be a Tor node. We could see this was an IP Address owned by PSI (Performance Systems International) and apparently located in Washington, DC in the USA. But the DNS system advises this domain does not exist (status NXDOMAIN) and has no corresponding domain name. Traceroute fails to find 149.9.0.27 as though it is hidden behind some servers in some way we do not yet understand. Traceroute gets as far as Rethem.demarc.congentco.com (also owned and operated by Performance Systems International located in Washington, DC but registered to Cogent Communications) but no further.
Update! Just found a discussion thread about this issue on http://archives.seul.org/or/talk/Aug-2006/threads.html which seems to indicate this is something the Tor developers are aware of and working to resolve. It appears that both 149.9.xxx.xxx and 154.35.xxx.xxx are part of this anomaly. Good news. Will followup when we have more details...
Update Oct 7: Still no further developments on this issue. We believe there is a flaw in the Tor system that allows this, but do not yet understand enough to develop a way to counter it, and do not yet understand the comments about this issue posted by the Tor developers - which seem to indicate they do not consider this a significant issue!
Sunday, August 06, 2006
Tor Detection added to showmyip.com
Change of plans: we have now added Real-Time Tor Detection to showmyip.com in order to gain more exposure, and since we now have greater confidence in it's accuracy and speed. Until now we were going to finish the upgrade of our SOAP and simple interfaces on ippages.com before moving to showmyip.com but we are excited about this new capability and want to get the word out. Can you really blame us?!
And yes, now we will go back and get the SOAP interface on ippages.com for our IP Address Lookup subscribers upgraded. Thank you for your patience, Mr. Sweden, who has been politely reminding me that this needs to be done asap.
And yes, now we will go back and get the SOAP interface on ippages.com for our IP Address Lookup subscribers upgraded. Thank you for your patience, Mr. Sweden, who has been politely reminding me that this needs to be done asap.
Saturday, August 05, 2006
Tor Detection failures resolved
We have now tracked down and resolved the issue of Tor Detection not working in some instances. Tor Detection should now be working all the time. The issue was isolated to lookups on our HTML interface, and was failing when multiple lookups to the same IP Address or Domain name were done. The first lookup worked fine - subsequent lookups could not be counted on to be accurate.
Our XML lookup interface was not subject to this issue.
We also identified and fixed a few minor issues along the way, and were pleasantly surprised to find a way to speed up the Real-Time Tor Detection algorithm by 5 times - what previously required 4-5 seconds on average now takes about 1 second to accomplish the same thing.
Our XML lookup interface was not subject to this issue.
We also identified and fixed a few minor issues along the way, and were pleasantly surprised to find a way to speed up the Real-Time Tor Detection algorithm by 5 times - what previously required 4-5 seconds on average now takes about 1 second to accomplish the same thing.
Wednesday, August 02, 2006
Zone Transfers
We have now added Zone Transfer data to our ippages.com lookup service, but only to our HTML interface at this point. "Zones" are also known as "Subdomains", and typically represent the prefix names that are defined in front of a host name, as for example the "xml" in xml.ippages.com would be a "zone" if it pointed to it's own IP Address. In DNS terms, this is an "A" record.
What we recently discovered is that some host names have zone transfer data available to anyone who asks for it, so in these cases we are now showing it as part of the IP Address Lookup data. Try http://www.ippages.com/?domain=emachines.com to see an example (although if emachines.com becomes aware of this they will likely re-configure their name servers, and you will no longer be able to see their zone data).
showmyip.com will get this capability sometime later this month, and eventually our other IP Address lookup interfaces will as well.
What we recently discovered is that some host names have zone transfer data available to anyone who asks for it, so in these cases we are now showing it as part of the IP Address Lookup data. Try http://www.ippages.com/?domain=emachines.com to see an example (although if emachines.com becomes aware of this they will likely re-configure their name servers, and you will no longer be able to see their zone data).
showmyip.com will get this capability sometime later this month, and eventually our other IP Address lookup interfaces will as well.
Tor Detection failures
We have found that in some cases our Tor Detection service is not identifying Tor network nodes when it should be. Resolution of this anomaly has become our top priority for the short term. As best we can tell from our internal testing, network nodes are correctly identified most of the time, but we do not yet know what "most" precisely means, nor do we know what is causing the failure to detect.
This only affects users of ippages.com and only the XML and HTML interfaces. Our SOAP interface update has not yet been released, and showmyip.com has not yet been upgraded to do Tor Detection.
This only affects users of ippages.com and only the XML and HTML interfaces. Our SOAP interface update has not yet been released, and showmyip.com has not yet been upgraded to do Tor Detection.
Friday, July 28, 2006
Real-Time Tor Detection on ippages.com
Yesterday we rolled out Real-Time Tor Network detection to our HTML pages on ippages.com so that anyone using the Tor Network can go to http://www.ippages.com/ and see something like the following at the top of the page:
84.19.182.23 is a Tor Network exit node (nickname wormhole)
at Host Name wormhole.vnfonatic.de (running Tor 0.1.1.22 on Linux i686)
so you appear to be in DE-Germany (verified) (Thuringen)
through Internet Service Provider (ISP) Keyweb AG (or possibly Keyweb Ag Ip Network)
Further down the page there will also be a "Tor Network node:" section where further details are displayed, and your Country will be shown as "A3-Anonymous Tor Network Proxy (in DE-Germany)".
Why have we done this? Because one of the purposes of our showmyip.com and ippages.com web sites is to show users what web site operators know about you, or believe to be true about you. And when you are using the Tor Network, they can now know all this information about you. Note that they cannot tell what country you are actually in, or what ISP, etc. you are actually using.
If you are a web site operator, and wonder how you can get this same information about your visitors, you can subscribe to our IP Address Lookup service and get all this. Details are available at https://www.ippages.com/lookups/.
One last note about the way the Country is displayed above as "DE-Germany (verified)" and the ISP is displayed as "Keyweb AG (or possibly Keyweb Ag Ip Network)". The word "verified" indicates that both the IP/Geo-location databases we subscribe to give the same result, so it is most likely accurate. The phrase "or possibly ..." indicates that the databases give different results, so one or the other is likely accurate.
We are still working on adding Real-Time Tor Detection to our SOAP interfaces, which will come next. After that our simple text interface will be done, then the CVS format and bulk upload interface. And after that we will start adding all this to showmyip.com!
84.19.182.23 is a Tor Network exit node (nickname wormhole)
at Host Name wormhole.vnfonatic.de (running Tor 0.1.1.22 on Linux i686)
so you appear to be in DE-Germany (verified) (Thuringen)
through Internet Service Provider (ISP) Keyweb AG (or possibly Keyweb Ag Ip Network)
Further down the page there will also be a "Tor Network node:" section where further details are displayed, and your Country will be shown as "A3-Anonymous Tor Network Proxy (in DE-Germany)".
Why have we done this? Because one of the purposes of our showmyip.com and ippages.com web sites is to show users what web site operators know about you, or believe to be true about you. And when you are using the Tor Network, they can now know all this information about you. Note that they cannot tell what country you are actually in, or what ISP, etc. you are actually using.
If you are a web site operator, and wonder how you can get this same information about your visitors, you can subscribe to our IP Address Lookup service and get all this. Details are available at https://www.ippages.com/lookups/.
One last note about the way the Country is displayed above as "DE-Germany (verified)" and the ISP is displayed as "Keyweb AG (or possibly Keyweb Ag Ip Network)". The word "verified" indicates that both the IP/Geo-location databases we subscribe to give the same result, so it is most likely accurate. The phrase "or possibly ..." indicates that the databases give different results, so one or the other is likely accurate.
We are still working on adding Real-Time Tor Detection to our SOAP interfaces, which will come next. After that our simple text interface will be done, then the CVS format and bulk upload interface. And after that we will start adding all this to showmyip.com!
showmyip.com online again
We are glad to advise that showmyip.com is now back online. Late Wednesday afternoon the problem was fixed by either eNom or Verisign (we've not been able to find out exactly which of them), and from that point the fix gradually was populated to all DNS servers globally. We found things working again late yesterday afternoon, PDT. No one seems to know how it got started, but somehow the DNS root servers started advising showmyip.com as a status NXDOMAIN, meaning there were no records for this domain. This was not correct, and our name servers were fine, and had not been changed in the last few months. Anyone using our IP Address as in http://67.15.225.36/ would have found that everything was working fine. But http://www.showmyip.com/ was definitely not working. It was a nasty feeling of helplessness we suffered from Tuesday morning, until Wednesday afternoon as we attempted to get in touch with someone who could get this fixed, because nothing we had control over would resolve this.
How can this be prevented from ever happening again? I wish we knew. We have setup lookupip.com to point to the same IP Address 67.15.225.36 so that if showmyip.com ever goes off line again like this, users could get the same results from using http://www.lookupip.com/ instead of http://www.showmyip.com/ but we wonder if anyone is going to remember to do that. Likely not. We would have liked to have changed our showmyip.com DNS records to point to our ippages.com server, which we have occasionally done in the past, but we were not able to do this because of the NXDOMAIN status that was stopping everything we tried. Gads. Is there comfort in knowing that this could have happened to anyone's domain name?
How can this be prevented from ever happening again? I wish we knew. We have setup lookupip.com to point to the same IP Address 67.15.225.36 so that if showmyip.com ever goes off line again like this, users could get the same results from using http://www.lookupip.com/ instead of http://www.showmyip.com/ but we wonder if anyone is going to remember to do that. Likely not. We would have liked to have changed our showmyip.com DNS records to point to our ippages.com server, which we have occasionally done in the past, but we were not able to do this because of the NXDOMAIN status that was stopping everything we tried. Gads. Is there comfort in knowing that this could have happened to anyone's domain name?
Tuesday, July 18, 2006
RSS/Atom feed now available
We created an RSS/Atom feed yesterday for these blog entries: http://privacy-ecosystem.blogspot.com/atom.xml
Sunday, July 16, 2006
Real-Time Tor Detection Service for XML
We added Real-Time Tor Detection to our XML interface on ippages.com yesterday. Users of our IP Address Lookup service on ippages.com can now get XML data elements returned about the Tor network properties of the IP Address, if it is a router/node on the Tor network. Full details are listed on http://whatsnew.ippages.com/.
We believe that we now offer the only publicly available geo-lookup service with this feature, meaning that we can give the greatest degree of accurate results about the country that an IP Address is located in. Specifically, if the IP Address of a user is 134.60.103.42 for example, the Maxmind, Ip2location and Geobytes databases and lookup web services would all tell you this user is in Germany, whereas we correctly identify this user as an "Anonymous Tor Network Proxy (in DE-Germany)" to which we assign country code "A3" rather than "DE".
There are a growing number of Tor servers/nodes currently in use (see http://serifos.eecs.harvard.edu/cgi-bin/exit.pl for a list of all Tor network servers) and hundreds of thousands of users of the Tor network, so this capability we now provide is of great value to web site owners and operators.
We will roll out this service to our free showmyip.com site soon, and add it to our SOAP, simple text, HTML, and CSV interfaces.
Note to users: we are not just enabling web site owners and operators. We are close to launching our Cloak On! privacy service which will allow anyone to get a secure SSL connection to one of our servers and then out to the Tor network, so you can maintain your privacy while browsing and doing ftp file transfers! Check out http://www.privacy-ecosystem.com/ for more details, or check back here on this blog.
We believe that we now offer the only publicly available geo-lookup service with this feature, meaning that we can give the greatest degree of accurate results about the country that an IP Address is located in. Specifically, if the IP Address of a user is 134.60.103.42 for example, the Maxmind, Ip2location and Geobytes databases and lookup web services would all tell you this user is in Germany, whereas we correctly identify this user as an "Anonymous Tor Network Proxy (in DE-Germany)" to which we assign country code "A3" rather than "DE".
There are a growing number of Tor servers/nodes currently in use (see http://serifos.eecs.harvard.edu/cgi-bin/exit.pl for a list of all Tor network servers) and hundreds of thousands of users of the Tor network, so this capability we now provide is of great value to web site owners and operators.
We will roll out this service to our free showmyip.com site soon, and add it to our SOAP, simple text, HTML, and CSV interfaces.
Note to users: we are not just enabling web site owners and operators. We are close to launching our Cloak On! privacy service which will allow anyone to get a secure SSL connection to one of our servers and then out to the Tor network, so you can maintain your privacy while browsing and doing ftp file transfers! Check out http://www.privacy-ecosystem.com/ for more details, or check back here on this blog.
Thursday, July 13, 2006
Real-Time Tor Detection Service
We will be launching our Real-Time Tor Detection Service over the next few weeks, so that users of our showmyip.com and ippages.com IP Address Lookup service will be able to determine in real-time whether a user of their web site is making use of the Tor network.
In case you are not up to speed yet on Tor, check out one of the following for details:
> http://tor.eff.org/
> http://en.wikipedia.org/wiki/Tor_(anonymity_network)
In case you are not up to speed yet on Tor, check out one of the following for details:
> http://tor.eff.org/
> http://en.wikipedia.org/wiki/Tor_(anonymity_network)
Subscribe to:
Posts (Atom)