The story of one project. Rating and Anonymizer
As we have already clarified in the first part of the article , what the user needs? All the same, only bigger and better. So we decided to improve the presentation of information, its visual component and add new services that may be useful to our audience.
One of the first, we began to work on what was later called the "Anonymity Rating."
')
This is a sign, with all the parameters that our site can receive, evaluate and show as a traffic light - the corresponding signal. The idea is simple and beautiful, the capabilities of the site (any) to identify System Anonymity are extremely limited. Why do people visit whoer.net ? To check vpn / tor / proxy / socks / web proxy and so on. Accordingly, the logic of the rating is built in such a way that he checked this case. The very idea of ​​the rating is that you - must use anonymization tools, and we must - check that you are not a woman in red, but successfully disguised :). We never had a task to do a test for people who do not use anonymization tools. We did this - as a visual aid, for people interested in their safety.
It’s not for nothing that I’m strongly focusing on this, periodically, there are mentions on the Internet from people who don’t understand the logic of the work, they show screenshots of the form: as on a direct connection, with a standard browser, disabling the flash - got 100% of the rating. Of course, the person is using a VPN and should look like you are on a direct connection, with a standard browser and so on. Is there something strange about this? Our task is to help you merge with the crowd and even help the crowd to find out that you need to use anonymity tools a priori. Surfing the net with your real IP, is tantamount to walking on the street with an open passport on your head. Why do you need this?
We developed and accepted as a dogma that the rating should not go into a minus, so when you have multiple failures, the percentage is not as low as with one or a pair, it is our opinion, not the fact that it is correct, it may not even quite correct, just had the desire to visually pay attention, your attention, to your problems, using four colors - red / yellow / orange and green. Why traffic lights? Because many motorists, yellow rolling in red, jokingly called - orange.
The coefficient, this is the simplest formula, works in the framework of from 0.75 to 1.5, that is, for the same thing we will remove from 20 to 45 points. And the rating itself, fully unfolded, looks like this:
Many questions about logic come about DoNotTrack and WebRTC. Why not included DNT is considered a “failure” of anonymity, and disabled WebRTC is not. And that such a person is very suspicious. Yes it's true. Answering the first question, I recommend that you use the Ghostery plugin, which “nails” all the bugs and does not allow you to track you through them, namely: various statistics, analytics, marketing, comment systems and other things. It is not a secret that the hands of beaver corporations extend further, far beyond their own sites and projects. In fact, any third-party site that uses statistics, conveys information that you visit it, what you do on it, read, look, buy and so on. Initially, the DNT parameter was intended to prohibit it. But, like any good idea, it works more on paper; saving drowning people is their business. We recognize the error and controversial logic with the DNT header, so the rating for it will not be removed anymore, and it will be given solely for informational purposes, that there is one and that use a special browser plugin. Actually in this article about DNT , the link to which is in the rating and it is recommended to use it. Therefore, the task of showing this item is precisely to provide information.
If only then what happened ... "why did you show me about the DNT here, if you do not remove the rating?" * Sad sigh *
As for WebRTC , everything is somewhat simpler and more complicated at the same time. Since there is still no solution that allows you to replace the IP addresses transmitted through it, and using a VPN and a virtual machine directly, without NAT, explicitly gives your real IP address, and through a router it usually gives a class A network, that is, 10.xxx So far away, we are not the only ones who understand that this is with high probability a “disguised” character :) and even worse, if the user has revealed himself with his head, his real IP address, the user. Moreover, it has been repeatedly verified that many large sites do not relate badly to disconnected webrtc, I will assume that there is still no versioning of browsers for out-of-the-box support for browsers, but to similar “leaks” through it. Therefore, in this case, our opinion is iron - it is better to disconnect and the more people disconnect it, until the appearance of some normal solution, the better.
Anonymizer
Quite a popular, as it turned out, thing. At the moment, you are provided with 9 proxy web proxy services, the average daily traffic is about 150 GB per server, the most popular is in Russia and Holland, 400 GB per day passes there. To understand ordinary mathematics, from 3 to 5 TB of traffic is usually allocated to the server, each subsequent TB costs money, from $ 5 to $ 20 per TB. This is a strong and completely unprofitable service designed to increase traffic on a project. The saddest thing about the other is that the growth of traffic on it is not even geometric, if on Saturday we add a new server in Russia to “dilute” Moscow with 400 GB / day, then by Tuesday, we have the same 400 on the “old” server and on the new 200. The growth of traffic by about 20-30% every three days, I do not know how long it will still be, we are even interested in ourselves. But while it inspires. Rather, how, technically, we can expand on 100 and per 1000 servers, the mechanism has been worked out, but practically, there is no point in that, because yes, guys, this is worth the money. Moreover, we are even written by other anonymizers, Russian and English, with offers to pick up their traffic and with the right for us to show advertising to their customers, for free. This is how it is. No, the anonymizer in one form or another will definitely remain free, another question is that I wanted to sponsor this service for as long as possible, but I also really do not want to write articles how to unblock whoer.net. Therefore, when the limit and a reasonable threshold is reached, all of the north that we have, except for a few, will begin to work upon the fact of a subscription. We do not like this option, but even more not like the prospect of getting banned in the ru segment.
The most “funny” in the other, many “free” anonymizers who do not sell any other services, “get their hands on” your accounts to different sites and then sell, all of our logs are originally sent to / dev / null. We are ready to provide root-access to any of our servers, to any adequate person, so that he himself will look at their settings and understand the truth of this statement. We don’t need to take a word, we really - everything is fair. Well, like hma or pia or many more, the guys write what they write - a log and here's an example of how real services really work, well-known services. Well, I digress.
Our anonymizer is built on the basis of the Cohula engine and finalized along with its author, for our purposes. Initially, its author uses 3 modes of compatibility with other sites, and we had the same way, literally a week later, Googlebot somehow used it and went to paypal.com, but from our subdomain through it, our hoster immediately flew abuza that we supposedly phishing site. The hoster did not speak for a long time, but he cut off from the matrix; all attempts to explain something remained in its history. In general, an anonymizer that does not encrypt url addresses is evil. We have altered the modes of operation, but another problem has emerged that some sites cannot be logged in when using the url encryption mode. At the moment, together with the developer, we are trying to solve the problem, and if it does not work out, then set up exceptions.
One of the first, we began to work on what was later called the "Anonymity Rating."
')
This is a sign, with all the parameters that our site can receive, evaluate and show as a traffic light - the corresponding signal. The idea is simple and beautiful, the capabilities of the site (any) to identify System Anonymity are extremely limited. Why do people visit whoer.net ? To check vpn / tor / proxy / socks / web proxy and so on. Accordingly, the logic of the rating is built in such a way that he checked this case. The very idea of ​​the rating is that you - must use anonymization tools, and we must - check that you are not a woman in red, but successfully disguised :). We never had a task to do a test for people who do not use anonymization tools. We did this - as a visual aid, for people interested in their safety.
It’s not for nothing that I’m strongly focusing on this, periodically, there are mentions on the Internet from people who don’t understand the logic of the work, they show screenshots of the form: as on a direct connection, with a standard browser, disabling the flash - got 100% of the rating. Of course, the person is using a VPN and should look like you are on a direct connection, with a standard browser and so on. Is there something strange about this? Our task is to help you merge with the crowd and even help the crowd to find out that you need to use anonymity tools a priori. Surfing the net with your real IP, is tantamount to walking on the street with an open passport on your head. Why do you need this?
We developed and accepted as a dogma that the rating should not go into a minus, so when you have multiple failures, the percentage is not as low as with one or a pair, it is our opinion, not the fact that it is correct, it may not even quite correct, just had the desire to visually pay attention, your attention, to your problems, using four colors - red / yellow / orange and green. Why traffic lights? Because many motorists, yellow rolling in red, jokingly called - orange.
The coefficient, this is the simplest formula, works in the framework of from 0.75 to 1.5, that is, for the same thing we will remove from 20 to 45 points. And the rating itself, fully unfolded, looks like this:
Many questions about logic come about DoNotTrack and WebRTC. Why not included DNT is considered a “failure” of anonymity, and disabled WebRTC is not. And that such a person is very suspicious. Yes it's true. Answering the first question, I recommend that you use the Ghostery plugin, which “nails” all the bugs and does not allow you to track you through them, namely: various statistics, analytics, marketing, comment systems and other things. It is not a secret that the hands of beaver corporations extend further, far beyond their own sites and projects. In fact, any third-party site that uses statistics, conveys information that you visit it, what you do on it, read, look, buy and so on. Initially, the DNT parameter was intended to prohibit it. But, like any good idea, it works more on paper; saving drowning people is their business. We recognize the error and controversial logic with the DNT header, so the rating for it will not be removed anymore, and it will be given solely for informational purposes, that there is one and that use a special browser plugin. Actually in this article about DNT , the link to which is in the rating and it is recommended to use it. Therefore, the task of showing this item is precisely to provide information.
If only then what happened ... "why did you show me about the DNT here, if you do not remove the rating?" * Sad sigh *
As for WebRTC , everything is somewhat simpler and more complicated at the same time. Since there is still no solution that allows you to replace the IP addresses transmitted through it, and using a VPN and a virtual machine directly, without NAT, explicitly gives your real IP address, and through a router it usually gives a class A network, that is, 10.xxx So far away, we are not the only ones who understand that this is with high probability a “disguised” character :) and even worse, if the user has revealed himself with his head, his real IP address, the user. Moreover, it has been repeatedly verified that many large sites do not relate badly to disconnected webrtc, I will assume that there is still no versioning of browsers for out-of-the-box support for browsers, but to similar “leaks” through it. Therefore, in this case, our opinion is iron - it is better to disconnect and the more people disconnect it, until the appearance of some normal solution, the better.
Anonymizer
Quite a popular, as it turned out, thing. At the moment, you are provided with 9 proxy web proxy services, the average daily traffic is about 150 GB per server, the most popular is in Russia and Holland, 400 GB per day passes there. To understand ordinary mathematics, from 3 to 5 TB of traffic is usually allocated to the server, each subsequent TB costs money, from $ 5 to $ 20 per TB. This is a strong and completely unprofitable service designed to increase traffic on a project. The saddest thing about the other is that the growth of traffic on it is not even geometric, if on Saturday we add a new server in Russia to “dilute” Moscow with 400 GB / day, then by Tuesday, we have the same 400 on the “old” server and on the new 200. The growth of traffic by about 20-30% every three days, I do not know how long it will still be, we are even interested in ourselves. But while it inspires. Rather, how, technically, we can expand on 100 and per 1000 servers, the mechanism has been worked out, but practically, there is no point in that, because yes, guys, this is worth the money. Moreover, we are even written by other anonymizers, Russian and English, with offers to pick up their traffic and with the right for us to show advertising to their customers, for free. This is how it is. No, the anonymizer in one form or another will definitely remain free, another question is that I wanted to sponsor this service for as long as possible, but I also really do not want to write articles how to unblock whoer.net. Therefore, when the limit and a reasonable threshold is reached, all of the north that we have, except for a few, will begin to work upon the fact of a subscription. We do not like this option, but even more not like the prospect of getting banned in the ru segment.
The most “funny” in the other, many “free” anonymizers who do not sell any other services, “get their hands on” your accounts to different sites and then sell, all of our logs are originally sent to / dev / null. We are ready to provide root-access to any of our servers, to any adequate person, so that he himself will look at their settings and understand the truth of this statement. We don’t need to take a word, we really - everything is fair. Well, like hma or pia or many more, the guys write what they write - a log and here's an example of how real services really work, well-known services. Well, I digress.
Our anonymizer is built on the basis of the Cohula engine and finalized along with its author, for our purposes. Initially, its author uses 3 modes of compatibility with other sites, and we had the same way, literally a week later, Googlebot somehow used it and went to paypal.com, but from our subdomain through it, our hoster immediately flew abuza that we supposedly phishing site. The hoster did not speak for a long time, but he cut off from the matrix; all attempts to explain something remained in its history. In general, an anonymizer that does not encrypt url addresses is evil. We have altered the modes of operation, but another problem has emerged that some sites cannot be logged in when using the url encryption mode. At the moment, together with the developer, we are trying to solve the problem, and if it does not work out, then set up exceptions.
Source: https://habr.com/ru/post/371959/
All Articles