Privacy Thread

[Triple Zero]

Thaaaaat is really weird.

You should try with several other "what is my IP" sites. Just google for them, there's many. I just picked this one because it returns the IP clean without any HTML around it. Google also will tell you your IP if  you search that, or just query "ip", but it blocks the user-agents of wget and curl with a 403, and I didnt want to deal with that.

Any idea if your browser goes through a proxy or is on a different network device or something? Because otherwise I have no idea to explain that behaviour. And now I'm very curious

Querying that other IP leaves some very strange results:

http://networktools.nl/whois/46.22.211.117
https://www.google.com/search?q=46.22.211.117

Where are you located anyway? The one in your posts says Uruguay/Paraguay, but the 46.22.211.117 one says Estonia ... what the fuuuuuck. (via http://www.ipaddresslocation.org/ip-address-locator.php )

You, sir, are on some weird motherfucking network.

[Lord Cataplanga]

Any idea if your browser goes through a proxy or is on a different network device or something? Because otherwise I have no idea to explain that behaviour. And now I'm very curious

My browser is not the problem, because it gives the correct answer when I actually visit http://whatismyip.org/
It's only when I use curl on the command line that I get weird results, like this:

Code (on the command line) Select Expand

curl http://whatismyip.org/ > IP.txt

Output:

Code (Contents of IP.txt) Select Expand

199.48.147.46
Which is not only different from the one I got earlier, but it's apparently the address of a Tor exit router located in San Francisco. 

Not giving up easily, I tried using a different website, like you suggested:

Code Select Expand

curl http://ip.interchile.com/ > IP.html
and after opening IP.html with Firefox, I got the correct IP address (the one from Paraguay, not Estonia).

So in conclusion, the problem was whatismyip.org, which is too bad, because I liked that site's (lack of) format.

[Telarus]

http://www.muckrock.com/news/archives/2011/dec/12/fbi-carrier-iq-files-used-law-enforcement-purposes/

FBI says: Carrier IQ files used for "law enforcement purposes"

[Lord Cataplanga]

http://www.muckrock.com/news/archives/2011/dec/12/fbi-carrier-iq-files-used-law-enforcement-purposes/

FBI says: Carrier IQ files used for "law enforcement purposes"

A recent FOIA request to the Federal Bureau of Investigation for "manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ" was met with a telling denial. In it, the FBI stated it did have responsive documents - but they were exempt under a provision that covers materials that, if disclosed, might reasonably interfere with an ongoing investigation.

It's a little too late for that, I think. Any criminal that reads that article is going to be super paranoid around smartphones, even if they don't know what specifically they should feel paranoid about.

[Triple Zero]

Any idea if your browser goes through a proxy or is on a different network device or something? Because otherwise I have no idea to explain that behaviour. And now I'm very curious

My browser is not the problem, because it gives the correct answer when I actually visit http://whatismyip.org/
It's only when I use curl on the command line that I get weird results, like this:

Code (on the command line) Select Expand

curl http://whatismyip.org/ > IP.txt

Output:

Code (Contents of IP.txt) Select Expand

199.48.147.46
Which is not only different from the one I got earlier, but it's apparently the address of a Tor exit router located in San Francisco. 

Not giving up easily, I tried using a different website, like you suggested:

Code Select Expand

curl http://ip.interchile.com/ > IP.html
and after opening IP.html with Firefox, I got the correct IP address (the one from Paraguay, not Estonia).

So in conclusion, the problem was whatismyip.org, which is too bad, because I liked that site's (lack of) format.

That is still fucking weird.

Try another couple of IP-telling sites with curl, would you? There's also whatismyip.com which is a different site. But indeed the lack of format was very useful.

btw I updated the script a bit:

Code Select Expand

#!/bin/bash
IPLOG='/home/triplezero/ips.txt'
cat $IPLOG | awk '
END {
    "curl -s http://whatismyip.org/" | getline CUR_IP;
    "ddate +\"%{%d%b(%a)%}%Y\"" | getline DATE;
    DATE=substr(DATE,length(DATE)-12)
    if (CUR_IP && CUR_IP != $4)
        printf("%s %s %s\n", strftime("%F %R"), DATE, CUR_IP);
}' >> ips.txt

if [[ $1 == '-v' ]]; then
    tail -n1 $IPLOG
fi

Is nice because you can give it -v and it'll tell you your current IP plus the time when it was first found.

But for you I should fix it so it can curl any website and then regex out the IP part. I'll get back to that.

[Triple Zero]

Hey, Lord Cataplanga, I just found that www.whatismyip.com (which is a different site than .org) has a special "automation" page, which also returns just the IP and no HTML, try this URL:

http://automation.whatismyip.com/n09230945.asp

does it tell you the right IP?

This is the new script then: (it also fixes another dumb mistake in line 10 btw)

Code Select Expand

!/bin/bash
IPLOG='/home/triplezero/ips.txt'
cat $IPLOG | awk '
END {
    "curl -s http://automation.whatismyip.com/n09230945.asp" | getline CUR_IP;
    "ddate +\"%{%d%b(%a)%}%Y\"" | getline DATE;
    DATE=substr(DATE,length(DATE)-12)
    if (CUR_IP && CUR_IP != $4)
        printf("%s %s %s\n", strftime("%F %R"), DATE, CUR_IP);
}' >> $IPLOG

if [[ $1 == '-v' ]]; then
    tail -n1 $IPLOG
fi

And I'm still intrigued why whatismyip.org gives you a different IP from curl than from your webbrowser, and especially why it does that for you but not for me. Can you try a couple of things?

curl --trace-ascii - http://whatismyip.org shows a complete trace of all connections, request and response data
curl -iA 'Mozilla/5.0 (Ubuntu; X11; Linux i686; rv:8.0) Gecko/20100101 Firefox/8.0' --trace-ascii - http://whatismyip.org same thing except it sends your Firefox User-Agent instead of curl's default one.
wget http://whatismyip.org to see if wget gives you a different IP as well (find out whether it's curl's user agent causing the behaviour or the fact that you're making a connection from the terminal instead of browser)
links http://whatismyip.org or lynx or elinks, whichever textbased browser you have installed. for same reason as wget.

except trying some of these curl variations, sometimes whatismyip.org closed the connection right away, depending on whether I specified -i (include header in output) or not. suggesting some subtle timing issue or weirdness, so yeah it's probably the whatismyip.org server, I just wonder why you get it and I don't.



BTW, I just saw that Paraguay has the top-level domain .py That's pretty cool if you want to register a Python related website

[Lord Cataplanga]

Your script worked perfectly on my netbook (after I installed gawk, because my netbook had mawk instead). But in my desktop pc, every website gives a weird address from the command line, except this one, for some reason Not anymore!?
But it returns an html file, with the ip address like this:

Code (curl http://ip.interchile.com/) Select Expand


<html>
...yada yada yada...
<font size=7>MY (SOMETIMES) CORRECT IP ADDRESS</font>
...yada yada yada...
</html>

If you could make a regex that matches only the text between <font> tags, that would solve the problem.
ETA: Actually, it wouldn't, because now it says my address is 93.114.44.37  

Here's the output of the command curl -iA 'Mozilla/5.0 (Ubuntu; X11; Linux i686; rv:8.0) Gecko/20100101 Firefox/8.0' --trace-ascii trace.txt http://whatismyip.org

Code (trace.txt) Select Expand


== Info: About to connect() to proxy 127.0.0.1 port 8118 (#0)
== Info:   Trying 127.0.0.1... == Info: connected
== Info: Connected to 127.0.0.1 (127.0.0.1) port 8118 (#0)
=> Send header, 205 bytes (0xcd)
0000: GET http://whatismyip.org HTTP/1.1
0024: User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 Ope
0064: nSSL/0.9.8k zlib/1.2.3.3 libidn/1.15
008a: Host: whatismyip.org
00a0: Accept: */*
00ad: Proxy-Connection: Keep-Alive
00cb:
<= Recv header, 17 bytes (0x11)
0000: HTTP/1.1 200 OK
<= Recv header, 20 bytes (0x14)
0000: Content-Length: 14
<= Recv header, 37 bytes (0x25)
0000: Date: Sat, 17 Dec 2011 22:47:20 GMT
<= Recv header, 26 bytes (0x1a)
0000: Content-Type: text/plain
<= Recv header, 10 bytes (0xa)
0000: Age: 153
<= Recv header, 24 bytes (0x18)
0000: Connection: keep-alive
<= Recv header, 2 bytes (0x2)
0000:
<= Recv data, 14 bytes (0xe)
0000: 146.185.23.179
== Info: Connection #0 to host 127.0.0.1 left intact
== Info: Closing connection #0

Does this tell anything to you?

I've tried with wget and elinks, and they also give the wrong answer: now it's 146.185.23.179  in both .org and .com. Also, I got myself banned from .com because I hit their site too many times (once for every program (wget, curl, and elinks) on my two computers).

[Triple Zero]

I'll have to ponder this some more because I've had some beers. But if every website (except interchile for some reason) gives the wrong address from the commandline on your desktop PC, but not on your netbook, while they are using the same network connection, then it seems like there's something strange going on with the desktop PC?

Since you said one of the IPs you got was marked as a Tor exit node, could it perhaps be that you have set up your desktop PC to route traffic via a (Tor) proxy or something, at one point?

Because I think on Linux, browsers and terminal programs use separate proxy settings. Afaik, the terminal programs use some "system wide" proxy settings, while a browser uses its own (in your case, none). But I'm not too familiar with exactly how this works, and it also depends on what flavour Linux you're running.

Can you try using elinks to log on to PD and make a post here? Because I would bet it would get logged under the "wrong" IP as well. If that is the case you should really try to get to the bottom of this, because that would mean that all your internet-accessing terminal programs (and who knows what else) get routed through a proxy, and that is not a good thing because whoever is at the end of that proxy gets to read your traffic (even if it is "just" a Tor exit node--Tor makes you anonymous but at the exit node the traffic is unencrypted).

I could still be wrong after all, but when you first mentioned the "wrong" IP, that was my suspicion right away, and is the reason why I kind of pushed the matter, because if you're routing (part of) your traffic through a proxy, it is important to know that this happens and what/who this proxy exactly is.

[Lord Cataplanga]

Posting from lynx...

[Lord Cataplanga]

SUCCESS!

I changed the http_proxy environment variable to "" and reinstalled elinks, tor and polipo, and now it works!
Everything except elinks (my last post was made with lynx, and this one with firefox), but whatever, who needs another text browser anyway?

Now I'll put the file ips.txt on my Ubuntu One folder, and if everything goes as planned your script will allow me lo login to my desktop from my netbook from anywhere without having to bother with setting up a static IP 

[Triple Zero]

It's 2012 and your kids have an iPhone - Do you know where they are? I do.

[Mesozoic Mister Nigel]

It's 2012 and your kids have an iPhone - Do you know where they are? I do.

That was good to know. My kids don't have iPhones yet, but they probably will eventually.

[Triple Zero]

It's 2012 and your kids have an iPhone - Do you know where they are? I do.

That was good to know. My kids don't have iPhones yet, but they probably will eventually.

Yes. Some people in the related HN discussion were all like "Whaaa this is way overprotective helicopter parenting!"--but others actually got the point. And they had a really good take on it, which I'm sure you'd appreciate. The importance of this "family protocol" (or however you address it) on location sharing, is not so much about exerting control over them, rather about making them aware of the ways their personal information is shared. Because often they simply don't know. And by the age they start playing a lot with these gadgets and social connections become more important (say, 12 or so), they'll be smart enough to understand the consequences and if you explain it right, they won't like it one bit.

I talked to the Dad earlier this evening and the kid had NO IDEA that this info was leaking out. This issue isn't about being a helicopter parent or about being paranoid. It's simply about being aware. You tell a teen to put their wallet in their front pocket and you should tell them to click off on location services. This is just one of a thousand life lessons.

I'm the Dad from the story and I'm really grateful to Scott for pointing this out to me. It's less about being alarmist and more about having a chance to educate young people about the realities of modern technology. (and re-educate myself from a parent's perspective) I don't read my kid's emails or check cell phone logs and don't plan on starting. I believe giving kids freedom, and the opportunity to wield it, is what turns them into responsible adults. However, it's easy to take things like location services for granted. Conversation had. Lesson learned.

Related, a kid at The Young Researchers last week (11 years, really bright, builds his own speakers and amps, wants to be a DJ) told me about a classmate of his that continuously tweeted about, um, some rather personal activities of his. The kid's opinion wasn't so much amusement or annoyance, but mostly about how stupid he thought it was, given that the classmate's Twitter feed is public and even had a photo of his in the profile, and (!!) how that might come back to haunt him years later. I told him his friend might want to think about deleting that account and starting a new one. Since the classmate doesn't attend The Young Researchers (as far as I'm aware) it's not really my place, I'm just glad this one kid does understand the ramifications of Internet privacy (a lot of them at TYR seem to do, in fact).

OTOH I guess that shows that actually not all kids are smart enough to understand these consequences, though it's quite an oversight on behalf of the kid's classmate's parents as well, IMO.

[Triple Zero]

http://www.whitehouse.gov/the-press-office/2012/02/23/we-can-t-wait-obama-administration-unveils-blueprint-privacy-bill-rights

uhhhh I'm skeptical

anybody that knows more about this, tell me:

- is this a plan? is this going to happen? or is this a re-election promise with the same odds of Obama closing up Guantanamo?

- it only seems to mention protection of consumers' privacy from companies, which would be a step forward, but it's pretty half-assed if there's nothing in it to protect citizens' privacy from the government.

[Doktor Howl]

http://www.whitehouse.gov/the-press-office/2012/02/23/we-can-t-wait-obama-administration-unveils-blueprint-privacy-bill-rights

uhhhh I'm skeptical

anybody that knows more about this, tell me:

- is this a plan? is this going to happen? or is this a re-election promise with the same odds of Obama closing up Guantanamo?

- it only seems to mention protection of consumers' privacy from companies, which would be a step forward, but it's pretty half-assed if there's nothing in it to protect citizens' privacy from the government.

We already have that.  It's called "Amendment IV", on some scrap of hemp in the Smithsonian.  Hardly anyone knows it's there, and the people who DO know are offended by it.