Saturday, October 18, 2008

Tor Network Change History now available

We have now added Tor™ Network "change history" to complement our Tor™ Network "presence history". This history data goes back as far as May 13, 2008.

You can see at
http://www.ippages.com/?node=iloveamsterdam for example, that node "iloveamsterdam" was added to the Tor™ Network on August 6, 2008.

You can see at
http://www.ippages.com/?node=moldyold the various dates when node "moldyold" had it's IP address changed.

You can see at
http://www.ippages.com/?node=nixnix that node "nixnix" changed it's fingerprint on October 6, 2008. (You can also see here that a duplicate "nixnix" node was running on August 6 and 7 at IP address 84.57.191.62)

You can see at
http://www.ippages.com/?node=desync that node "desync" upgraded to Tor version 0.2.1.6-alpha on October 16, 2008.

Friday, April 18, 2008

IP Address Lookups by Tor nickname and fingerprint

Interesting discovery today when adding support for IP Address Lookups on Tor node nicknames and fingerprints. Anyone can now do a lookup with node= or fingerprint= specified as a URL parameter, as in the following examples:

http://www.showmyip.com/?node=peacetime
http://www.ippages.com/?fingerprint=2f63b6febe2c1fdddef2dd850b77b88c05711cf9

Previously you could only do lookups by IP Address, Host name, or "long" IP number as in:

http://www.showmyip.com/?ip=75.125.82.140
http://www.ippages.com/?host=adobe.com
http://www.lookupip.com/?ipn=1266504332

When I ran some tests on node=peacetime I found, by way of the new Tor network presence history data, that there were quite a number of nicknames using the same IP Address 128.31.0.34 over at mit.edu: peacetime, moria500, moria1, moria2, moria1000 and maybe more. What the heck are you doing over there Nick, arma and Roger? :)

Tor network presence history now available

showmyip.com has now added Tor network presence history data to show when an IP Address has been part of the Tor network over the previous 7 days. This presence history data shows date and time, actual bandwidth, Tor software version, uptime, Exit Policy and more. As well, subscribers to our IP Address Lookup service get 2 additional features: 31 days of presence history rather than 7 days, and the ability to specify any date to check.

German police, or anyone else, can now go to pickaproxy.com, select their country of choice, and from the list of Tor network nodes in that country, perform a Lookup on that IP Address to learn when in the previous 7 or 31 days that IP Address was active in the Tor network.

By adding a &date=20080131 parameter to this lookup, for example, a subscriber could get this presence history data to show from January 1-31, 2008.

Presence history data is also checked for all IP Addresses that are not currently a Tor network node. Previously if an IP Address was not currently a Tor network node, it would simply be indicated as such. Now it will be identified if it was part of the Tor network in the previous 7 or 31 days.

These new features are currently implemented in the HTML and XML interfaces on showmyip.com, ippages.com and lookupip.com, and will be added to our RSS, SOAP and simple text interfaces in the short term.

Tuesday, April 01, 2008

pickaproxy.com lookups

pickaproxy.com was updated a few months ago to provide more detailed lookup data on Tor network nodes by using our showmyip.com lookup service. (see https://www.torproject.org/ for more details on the Tor network)

We still have quite a bit of work in progress on this, but what we discovered recently was that we could identify "bridge relay" users, which surprised us. Bridge relay users of the Tor network do not have any information about them published publicly, so we presumed they would be undetectable. However, they are quite easily detectable, and we are now identifying them separately from the other "relay" and "exit" nodes that make up the Tor network. A quick glance shows that about 40% of the current Tor network users are bridge relays, and I would expect this percentage to climb over time.

We also discovered that we could identify previous Tor network users who are no longer users, and so have added this information to our lookup data. One of our subscribers was using an (outdated) list of Tor network IP Addresses, and asked why we were not identifying 1 of these IP Addresses as a Tor node. We found that it was last seen back in December, and thought that this would be useful information to be made public.

SOAP interface updates

Previous showmyip.wsdl at http://www.showmyip.com/soap/server.php has now been replaced by callshowmyip.wsdl at http://www.showmyip.com/soap2008/server.php. This SOAP service can be used to detect your public IP Address, and to determine what properties any web site you visit presumes about you.

Previous SOAP showmyip_lookup.wsdl at http://www.showmyip.com/soap/lookupserver.php has been replaced by callshowmyip_lookup.wsdl at http://www.showmyip.com/soap2008/lookupserver.php. This SOAP service can be used to learn the properties of any IP Address or host/domain name. As a web site operator, for example, you can first get the IP Address of a visitor to your web site, then pass that IP Address over our SOAP interface to us to learn their host/domain name, their Country, Nationality, Currency, Latitude and Longitude, Tor network status, RBL/DNSBL status, and more. If you are a subscriber to our service (starting at $20 USD for 20,000 lookups) you can learn the State, City, ISP and Owning Organization of your visitor.

Subscribers would use ippages.com instead of showmyip.com of course, since this domain is available for them to get more consistent, faster responses.

TOR_DETECTION and RBL_DNSBL_STATUS are 2 new properties returned by each of these services. Tor Detection provides real-time and near real-time detection data on whether an IP Address is part of the Tor network. (see https://www.torproject.org/ for more details).

RBL/DNSBL status provides real-time and near real-time data on whether an IP Address is listed on the spamhaus.org, sorbs.net, uceprotect.net and/or other blacklists or blocklists.