Determining location by IP address. Checking your proxy server for anonymity, or what can be found out about you on the Internet What is a private IP address
A fairly common problem is when a service makes every effort to declare its anonymity, but there is a small note “Terms of Use”. And it already contains detailed information about the logs, including information about the service’s right to record user data for security purposes.
The best VPN services in 2018:
How to ensure the anonymity of a VPN service
To make this topic clearer, we will go through a number of questions that will allow us to objectively assess the anonymity of a particular service and the presence of corresponding logs in its operation. When communicating with technical support or managers of the selected service, be sure to ask these questions. Do not rush to ask all questions at once in one letter - this will cause unnecessary suspicion. It is better to limit yourself to one question in the letter. Otherwise, you can’t count on honest and objective answers.
Are logs kept on your VPN service?
If they directly talk about the presence of logs, we immediately refuse such options.
Another option is yes, statistics about users are collected, but only for the service itself. In this case, you need to move directly to the next question.
The third answer is that logs are not kept on the service. Then we immediately skip the next question and move on to the third.
What statistics are collected and processed by the service?
Among the most common answers are various personal data. This includes statistics on email address, browser version, operating system, connection time, etc. This data actually allows you to identify the user. There is a high probability of logging by this service; it obviously cannot be called anonymous. Now is the time to ask the next question to test this statement.
The second likely answer is that we work with Google Analytics to track site visits. In this case, there is no reason to worry. This service is really only intended to collect data about site visits.
You state that the service does not keep logs. Will my account be blocked in case of spam or attacks on sites using this VPN?
If the answer sounds something like “the account will not be blocked, but if there are an abundance of abuses, access to the site via VPN will be blocked,” In this case, the account will be saved, but you will not be able to log in through our VPN. Such a response becomes a sign of an anonymous service without logging.
The second likely answer is yes, the account will be blocked. Because with the help of our system it is possible to disable logs on the server, but prohibited activities are detected. Consequently, the system will block your account.
Where is the company office located?
We have to understand whether the company is officially registered and whether there is an office. In the case of ghost companies, they have nothing but a website.
If the company's office has state registration of any country, this option should already be alarming. Because upon request from law enforcement authorities, the company will be required to provide all relevant information. State registration establishes the need for logging, with control of user activity. Otherwise, the company will be forced to bear legal responsibility for the activities of its clients. Companies with state registration and office cannot guarantee anonymity. As a rule, on the website you can find information about the offices and the fact of company registration.
If we talk about ghost companies working only with the site, this is a more preferable option for us.
Another option is possible - registering a company in various offshore companies. Yes, such answers are common to make the company more respectable. But in reality, the same ghost company appears before us. But sometimes it’s better not to take risks - if the company is really registered in a certain country, then an official request involves the release of information in accordance with local legislation.
How does the security system work on your service?
The first possible answer is the secret of our service, which we do not disclose. Based on this answer, one can immediately assume that logs are being kept; the resource is not anonymous. Because if there was a special authoring system, it would become a real source of pride for the service that would talk about it. But one cannot count on such miracles.
Another likely option is that there is no response at all from technical support. Such a response also becomes a sign of logging; there are huge doubts about the anonymity of the service.
If all the answers allow you to say that this service can be anonymous, then we move on to practical tests.
But let us warn you right away - all further actions are carried out under your responsibility, at your own peril and risk. We don't really recommend these steps. But they are the ones that allow you to completely verify that there are no logs on the selected service.
This principle involves working with maximum security methods (including anonymous VPN + TOR + proxy). It is under this protection that we try to connect to the server and perform a number of prohibited actions. If an account is blocked, there is no need to talk about anonymity.
Denial of responsibility: This article is written for educational purposes only. The author or publisher did not publish this article for malicious purposes. If readers would like to use the information for personal gain, the author and publisher are not responsible for any harm or damage caused.Do you want to find out as much information as possible about your Internet provider and Internet network settings? Don't know how to determine your IP? Then you should visit the online anonymity verification service whoer.net. With its help, you can find out all the information that your computer transmits to the Internet.
Using this service, you can find out not only your IP address, but also the name of the provider company, system and language settings of your personal computer, information about the browser, included scripts and add-ons.
In order to find out this information, just go to the website www.whoer.net and view the automatically generated report about your system. Note that the resource has two versions - light and advanced.
In addition, you can view data not only on your computer, but also on the computer of another user by entering his IP address in a special line.
Easy version
As already mentioned, the service has two versions. When you go to the site, information collected by the light version of the program is displayed. Using it, you can find out information such as:
- IP address;
- country (region, city, zip code) where this address is registered;
- host used;
- provider and organization providing communication services;
- DNS address;
- Finding an address on blacklists;
- using a proxy;
- time settings. This includes local and system time, time zone.
- The browser currently used, its settings such as language and JavaScript
extended version
You can find out more detailed information about your device by selecting the advanced version. After this, you will have access to information such as:
- IP address;
- host used;
- provider mail server;
- name of the organization and provider company;
- presence of IP in blacklists;
- using a proxy;
- use of anonymizers.
In addition, the interactive definition column will offer you information such as:
- using Java;
- use of Flash;
- Browser DNS;
- information about the computer's OS.
The location block offers you to familiarize yourself with the following data:
- the country in which the IP is registered (this also includes clarifying information - continent, city, region and even zip code);
- wide and long;
- indication of the place of registration on the map;
- system time (local and system);
- Timezone.
In addition, information about the screen is displayed - color depth, height and width.
Additional information:
- use of plugins;
- navigation tools.
Other options
You can also check any existing address by entering it in the line. This will make available the following data:
- country (region, city, index);
- host;
- name of provider and organization;
- presence on black lists;
- Timezone.
As you can see, with the help of this program you can quickly find out basic information not only about your PC and provider, but also find out information on other IP addresses.
Previously, we described a rather smart way to leak your real IP address using the protocol. In addition to this method, there are also other methods for determining your real IP address. Today we will tell you about the basic principles of ensuring your security and anonymity on the Internet.
http://witch.valdikss.org.ru/ - allows you to determine what type of connection you are using and whether you are using a VPN.
http://2ip.ru/privacy/ - allows you to collect a lot of additional information about your browser, connection type and IP address.
https://diafygi.github.io/webrtc-ips/ - determines your IP address using the WebRTC protocol.
We have selected a kind of checklist for you that would answer whether you are “scorched” or not? At the moment, the list consists of 12 verification methods, which will be discussed below, including how not to fall for them, but first, the simplest ones in order.
HTTP proxy headers
Some proxies append their headers to the request that the user's browser initiates. Often this is the user's real IP address.
Make sure that the proxy server, if it writes anything in the headers listed below, is at least not your address:
HTTP_VIA, HTTP_X_FORWARDED_FOR, HTTP_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED, HTTP_CLIENT_IP, HTTP_FORWARDED_FOR_IP, VIA, X_FORWARDED_FOR, FORWARDED_FOR, X_FORWARDED, FORWARDED, CLIENT_IP, FORWARDED_FOR_IP, HTTP_PROXY _CONNECTION
Open HTTP proxy ports
The IP address from which the request to our page came can say a lot. For example, can you see what ports are open on that side?
The most interesting ports are 3128, 1080, 8123. If you do not use them, then you can completely avoid unfounded suspicions about using 3proxy, SOCKS 5 or Polipo.
Open web proxy ports
As with HTTP, a web proxy can be set to any port, but we wanted the test to work very quickly, so we limited ourselves to the reverse connection to ports 80 and 8080.
Is the web page being given away? Great! At the moment we can detect PHProxy, CGIProxy, Cohula and Glype.
Suspicious hostname
Having an IP address, you can try to resolve the client’s hostname. Stop words that may hint at a tunnel: vpn, hide, hidden, proxy.
You shouldn't link domain names to your personal VPN, and if you do, you should avoid "speaking" names.
Difference in time zones (browser and IP)
Based on GeoIP data, you can find out the country by the user’s IP, and therefore his time zone. Next, you can calculate the time difference between the browser and the time corresponding to the time zone of the VPN server.
There is a difference? This means the user is probably hiding.
For Russia there is no exact base of latitude and longtitude for regions, and since there are many time zones, in the end result we do not take these addresses into account. With European countries it’s the other way around; they are very good at firing.
When switching to a VPN, you need to remember to change the system time, change the time in the browser, or work with Russian proxies.
IP affiliation with the Tor network
If your IP address is a Tor node from the list check.torproject.org/cgi-bin/TorBulkExitList.py, congratulations, you're burned.
Nothing criminal, but the fact that you are hiding is not very encouraging.
Browser Turbo Mode
By collecting the IP address ranges of Google, Yandex and Opera, and comparing them with the user address, we can assume the use of traffic compression services in the browsers of the corresponding companies.
As a rule, such services also leak your real address in the headers. As a means of anonymization, you should not rely on traffic compression.
Web proxy definition (JS method)
By comparing window.location.hostname with the host of the requested page, you can determine whether a web proxy is being used.
Web proxies are not reliable in principle, so it is better to bypass such anonymization methods completely.
IP leak via Flash
Adobe Flash works very well past custom proxies. By initiating a connection to our server, you can find out the user’s IP.
By running a special daemon that logs all incoming connections with tag keys, you can learn a lot. The best way to avoid revealing your address is to not use Adobe Flash at all, or disable it in your browser settings.
Tunnel detection (two-way ping)
By running a ping to the client IP from our server, you can find out the approximate length of the route. The same can be done from the browser side, XMLHTTPRequest pulls an empty page of our nginx. The resulting loop difference of more than 30 ms can be interpreted as a tunnel.
Of course, the routes there and back may differ, or the web server may be a little slow, but overall the accuracy is quite good.
The only way to protect yourself is to deny ICMP traffic to your VPN server.
DNS leak
Finding out which DNS the user uses is not a problem; we wrote our own DNS server, which records all calls to our uniquely generated subdomains.
The next step was to collect statistics on several million users, who uses what DNS. We linked to providers, discarded public DNS and received a list of DNS/ISP pairs.
Now it’s not at all difficult to find out if a user introduces himself as a subscriber of one network, but uses DNS from a completely different one.
The problem is partially solved by using public DNS services, if this can be called a solution.
Leak via VKontakte
This is not a leak of an IP address, but we still believe that by giving away the names of authorized users to everyone left and right, VK is leaking private data that undermines the anonymity of surfing.
More details can be found in the documentation here
There are many sites where you can check your IP address and other network parameters. Such checks help to understand what a real location might reveal.
We have used Whoer and 2IP checks for many years and recommended them to our clients.
Why did we do our own anonymity and IP address check?
Our VPN and proxy service is associated with anonymity, so we ourselves often visited these sites and checked the IP address. As a result of an endless number of tests, we began to notice bugs and inaccuracies in the operation of these sites.
We wrote to them to remove the bug with incorrect determination of the DNS server.
The site determines the main IP address of the server and indicates it in the list of DNS servers. If you perform a DNS query using the main IP address of the server with the command nslookupgoogle.com, then such a request will not be executed. This means that this IP address is not a DNS server and does not need to be added to the list of DNS servers on the site.
Another bug is related to the definition of anonymity through the p0f module and the interpretation of data.
The p0f module can determine MTU values and compare it with reference MTU values for VPNs with different encryption types. If the MTU value matches one of the VPN types from the reference table, then p0f indicates that a VPN is being used. If a specific MTU value is not in the database and it is less than 1400, then p0f always indicates that a VPN is defined.
The p0f developers did not take into account that the system administrator can manually change the MTU value for connections and then ALL connections will be considered VPN connections. As a result, this error was not corrected on the IP address checking site and it always shows that a VPN is defined.
We were not heard and checks on those sites also work with errors.
Checking anonymity using facts, not speculation
It was important for us to provide a quality product that would take into account customer requests. It is important for us to show truthful tests and point out what really matters. Many anonymity checks are now empty and take the form of a guess, a probability that this is the case.
We wanted to make the anonymity check so that it was accurate. We have become experts in anonymity checks and now we want to tell you which checks are based on facts and which are based on speculation.
Creativity at the intersection of technology
We reviewed anonymity checks on more than 10 sites and selected all the most important ones. Then we combined checks from all popular IP address checking sites into a convenient table. Now you can find out everything about your anonymity on one page.
So, let's look at all the checks in detail.
Color banner
From the banner you can immediately understand - Everything is fine or there is something to think about.
The banner has 3 colors: red, yellow and green. Only the green banner guarantees complete anonymity.
Checking IP address and DNS servers
The main unit checks IP addresses and DNS servers in different ways. Checks are implemented through PHP, JavaScript, WebRTC, Flash and Java technologies. If countries differ, they will be highlighted in red.
Checking Geolocation via HTML 5 has been placed in a separate button, since it poses a high risk of detecting the real location if you use the enabled Wi-FI module on your device.
The Geolocation feature via HTML 5 takes the device's GPS coordinates from the Wi-Fi module, bypassing VPN, proxies, TOR and all other ways to remain anonymous. We recommend using a wired Ethernet connection and turning off the Wi-Fi module.
Super Anonymity Check
Blacklist
The IP address is checked for presence in the Blacklist. If an IP address is included in the Blacklist, then some services may block this IP address (for example, block mail delivery from this IP address). The presence of an IP address in the Blacklist does not affect your anonymity in any way.
There is a list of open Tor network nodes on the Internet. If the IP address is in this list, then you are using the TOR network. You are anonymous, but that means you have something to hide and some websites may block their content for such users.
Proxy HTTP Header
Proxy HTTP Header checks for proxy fingerprints in browser headers. Use anonymous proxies or socks 5 protocol to avoid detection.
Proxy fingerprint
Proxy fingerprint based on the p0f module checks browser fingerprints for proxy use.
VPN fingerprint
The main purpose of a VPN fingerprint is to detect VPN usage. The p0f module learns the MTU value of the connection and based on this makes a conclusion about the use of VPN.
As we wrote at the beginning of the article, we excluded incorrect data output in the p0f module and left only values that 100% indicate the use of a VPN. As a result, we have obtained a true assessment of your anonymity.
It should also be noted that the p0f module does not keep up with the development of VPN technologies and contains outdated stamps for identifying VPN connections.
Two-way ping
A two-way ping between the client and server helps determine the presence of a tunnel (usually a VPN or proxy tunnel). If the ping values are very different from each other, then this indicates the use of a tunnel.
Open ports
Open ports are checked on the specified IP address. If standard VPN and proxy ports are open on the IP address, then there is a high probability that you are hiding your real location. ISPs always block these ports.
For example, the standard OpenVPN port is 1194, Socks proxy is 1080, IPSec VPN 4500 and 500, and the web proxy uses port 8080.
We use an extended list of standard ports and check TCP and UDP connections. If we find an open port from the table, then this indicates that a VPN or proxy is used on this IP address. You remain anonymous, but websites may restrict content for such users.
Your time zone set locally on the device is compared with the time zone that is used for this country by IP address. If they differ, it is highlighted in red.
Shows values obtained from browser headers via JavaScript, the p0f module, and detects the operating system.
The browser headers are checked through JavaScript, the p0f module, and the browser version and the language used in the browser are determined. Configure your browser to display the languages used in the country by IP address.
Technologies included
We check whether you have technologies enabled that can tell you about your real location.
Our website only requires JavaScript and Cookies to function correctly. We are working to rid our site of these requirements.
Checking your anonymity
Our Anonymity and IP Address Check page completely replaces the use of all other sites. We reviewed more than 10 different sites to collect all the important checks on 1 page.
If you have suggestions and wishes, we will be glad to hear about them. Write to the Ask us a question section.
