Testing whether devices are NordVPN proxies
It seems that NordVPN is routing traffic to Disney+ through many residential IPv4 in the US.[0,1] As much as I love VPN services, it would suck if people's devices are unwittingly serving as NordVPN exits. Even if it's just for something as innocuous as Disney+. And it's easy to test that yourself, if you have a NordVPN account. If you're hitting a site using the Akamai CDN via one of NordVPN's US servers, you can see the server's exit IP address: $ curl -LIX GET https://foo.bar -H 'Pragma: akamai-x-get-client-ip' Generally, the "X-Akamai-Pragma-Client-IP" is the same as the server's nominal exit IP address: $ w3m -dump https://ipchicken.com But when hitting https://www.disneyplus.com it's not. But rather, it's some IPv4 from a residential ASN. Which you can check using https://ipinfo.io or whatever. I've seen no definitive information about the nature of these residential proxies. They might be NordVPN customers in the US, although that seems too footgun. Or they might have installed some third-party app with a bundled proxy server. Or it could even be outright malware. But in any case, it'd be cool if people could determine whether their devices are being used as NordVPN exits. I've run about 300 tests so far, on a few NordVPN's US servers, and found about 270 distinct proxy addresses. And so I've hacked a simple Linux test script, using hashed "X-Akamai-Pragma-Client-IP" values.[2] Just save the code block at the top as "test.sh" or whatever. Then do "chmod u+x", and execute in the terminal. It'll prompt "IPv4 to search for?". Type an IPv4, and hit "Enter". This is howling in the void, I know. But so it goes. 0) https://www.wilderssecurity.com/thr...it-might-be-through-your-own-computer.... 1) https://news.ycombinator.com/item?id=21664692 2) https://pastebin.com/YYc9Kuax
On 04/12/2019 11:47, Mirimir wrote: It seems that NordVPN is routing traffic to Disney+ through many residential IPv4 in the US. This is an interesting approach, if it is true. I wonder if it's in their Ts&Cs. 0) https://www.wilderssecurity.com/thr...it-might-be-through-your-own-computer.... Mangled URL there. Should be: https://www.wilderssecurity.com/threads/how-is-nordvpn-unblocking-disney-it-...
On 12/04/2019 04:58 AM, Comet Dweller wrote:
On 04/12/2019 11:47, Mirimir wrote:
It seems that NordVPN is routing traffic to Disney+ through many residential IPv4 in the US.
This is an interesting approach, if it is true. I wonder if it's in their Ts&Cs.
0) https://www.wilderssecurity.com/thr...it-might-be-through-your-own-computer....
Mangled URL there. Should be: https://www.wilderssecurity.com/threads/how-is-nordvpn-unblocking-disney-it-...
Thanks :) I neglected to cite Derek Johnson's post on the issue.[0] He cites Luminati's complaint against Tesonet,[1] which claims that OxyLabs is infringing its patents: | 19. Upon information and belief, the OxyLabs residential proxy | network is based upon numerous user devices, each of which is | a client device identifiable over the Internet by an IP address. | Upon information and belief, these user devices become part of | the network through the execution of Tesonet code embedded in | applications downloaded by that devices user. Upon information | and belief, these devices send their identifier to a server | (“First Server”), such as Oxylab’s dedicated proxy servers, | which store these identifiers. | | 20. Upon information and belief, Tesonet has developed or is | developing OxyLabs embedded software for different platforms | including Google Android and Windows. Upon information and | belief, while frequently renamed, the above OxyLabs embedded | software that enables the residential proxy network includes | embedded code named “genericexitnode,” “winnerbot,” | “CoffeeService,” “instantcoffee,” and “ENService.” | 21. Upon information and belief, the above OxyLabs embedded | code has been integrated in at least the following software | applications that may be downloaded by any user located | anywhere having Internet access: AppAspect Technologies’ “EMI | Calculator” and “Automatic Call Recorder”; Birrastorming | Ideas, S.L’s “IPTV Manager for VL;” CC Soft’s “Followers | Tool for Instagram;” Glidesoft Technologies’ “Route Finder;” | ImaTechInnovations’ “3D Wallpaper Parallax 2018;” and | Softmate a/k/a Toolbarstudio Inc.’s “AppGeyser” and | “Toolbarstudio.” Maybe Oxylabs is connected with NordVPN, and maybe not. But NordVPN could be leasing residential proxies from them. Or from other firms who do similar things. 0) https://medium.com/@derek./how-is-nordvpn-unblocking-disney-6c51045dbc30 1) https://cdn-resprivacy.pressidium.com/wp-content/uploads/2018/08/Luminati-Ne...
On December 4, 2019 12:59:11 PM UTC, Mirimir <mirimir@riseup.net> wrote:
On 04/12/2019 11:47, Mirimir wrote:
It seems that NordVPN is routing traffic to Disney+ through many residential IPv4 in the US.
This is an interesting approach, if it is true. I wonder if it's in
On 12/04/2019 04:58 AM, Comet Dweller wrote: their Ts&Cs.
0)
https://www.wilderssecurity.com/thr...it-might-be-through-your-own-computer....
Mangled URL there. Should be: https://www.wilderssecurity.com/threads/how-is-nordvpn-unblocking-disney-it-...
Thanks :)
I neglected to cite Derek Johnson's post on the issue.[0] He cites Luminati's complaint against Tesonet,[1] which claims that OxyLabs is infringing its patents:
| 19. Upon information and belief, the OxyLabs residential proxy | network is based upon numerous user devices, each of which is | a client device identifiable over the Internet by an IP address. | Upon information and belief, these user devices become part of | the network through the execution of Tesonet code embedded in | applications downloaded by that devices user. Upon information | and belief, these devices send their identifier to a server | (“First Server”), such as Oxylab’s dedicated proxy servers, | which store these identifiers. | | 20. Upon information and belief, Tesonet has developed or is | developing OxyLabs embedded software for different platforms | including Google Android and Windows. Upon information and | belief, while frequently renamed, the above OxyLabs embedded | software that enables the residential proxy network includes | embedded code named “genericexitnode,” “winnerbot,” | “CoffeeService,” “instantcoffee,” and “ENService.”
| 21. Upon information and belief, the above OxyLabs embedded | code has been integrated in at least the following software | applications that may be downloaded by any user located | anywhere having Internet access: AppAspect Technologies’ “EMI | Calculator” and “Automatic Call Recorder”; Birrastorming | Ideas, S.L’s “IPTV Manager for VL;” CC Soft’s “Followers | Tool for Instagram;” Glidesoft Technologies’ “Route Finder;” | ImaTechInnovations’ “3D Wallpaper Parallax 2018;” and | Softmate a/k/a Toolbarstudio Inc.’s “AppGeyser” and | “Toolbarstudio.”
Maybe Oxylabs is connected with NordVPN, and maybe not. But NordVPN could be leasing residential proxies from them. Or from other firms who do similar things.
0) https://medium.com/@derek./how-is-nordvpn-unblocking-disney-6c51045dbc30 1) https://cdn-resprivacy.pressidium.com/wp-content/uploads/2018/08/Luminati-Ne...
Wow, this seems super scummy/criminal. Does any of this software mentioned, which seems to turn the users machine into a proxy, TELL the user that they their computer is being leveraged as a proxy?
On 12/04/2019 09:07 AM, John Newman wrote:
On December 4, 2019 12:59:11 PM UTC, Mirimir <mirimir@riseup.net> wrote:
On 04/12/2019 11:47, Mirimir wrote:
It seems that NordVPN is routing traffic to Disney+ through many residential IPv4 in the US.
This is an interesting approach, if it is true. I wonder if it's in
On 12/04/2019 04:58 AM, Comet Dweller wrote: their Ts&Cs.
0)
https://www.wilderssecurity.com/thr...it-might-be-through-your-own-computer....
Mangled URL there. Should be: https://www.wilderssecurity.com/threads/how-is-nordvpn-unblocking-disney-it-...
Thanks :)
I neglected to cite Derek Johnson's post on the issue.[0] He cites Luminati's complaint against Tesonet,[1] which claims that OxyLabs is infringing its patents:
| 19. Upon information and belief, the OxyLabs residential proxy | network is based upon numerous user devices, each of which is | a client device identifiable over the Internet by an IP address. | Upon information and belief, these user devices become part of | the network through the execution of Tesonet code embedded in | applications downloaded by that devices user. Upon information | and belief, these devices send their identifier to a server | (“First Server”), such as Oxylab’s dedicated proxy servers, | which store these identifiers. | | 20. Upon information and belief, Tesonet has developed or is | developing OxyLabs embedded software for different platforms | including Google Android and Windows. Upon information and | belief, while frequently renamed, the above OxyLabs embedded | software that enables the residential proxy network includes | embedded code named “genericexitnode,” “winnerbot,” | “CoffeeService,” “instantcoffee,” and “ENService.”
| 21. Upon information and belief, the above OxyLabs embedded | code has been integrated in at least the following software | applications that may be downloaded by any user located | anywhere having Internet access: AppAspect Technologies’ “EMI | Calculator” and “Automatic Call Recorder”; Birrastorming | Ideas, S.L’s “IPTV Manager for VL;” CC Soft’s “Followers | Tool for Instagram;” Glidesoft Technologies’ “Route Finder;” | ImaTechInnovations’ “3D Wallpaper Parallax 2018;” and | Softmate a/k/a Toolbarstudio Inc.’s “AppGeyser” and | “Toolbarstudio.”
Maybe Oxylabs is connected with NordVPN, and maybe not. But NordVPN could be leasing residential proxies from them. Or from other firms who do similar things.
0) https://medium.com/@derek./how-is-nordvpn-unblocking-disney-6c51045dbc30 1) https://cdn-resprivacy.pressidium.com/wp-content/uploads/2018/08/Luminati-Ne...
Wow, this seems super scummy/criminal. Does any of this software mentioned, which seems to turn the users machine into a proxy, TELL the user that they their computer is being leveraged as a proxy?
It may be buried somewhere in the user agreement / contract. For Luminati, given that they're offering a "free" VPN service, it's likely mentioned somewhere. But Oxylabs, they're getting their proxy-server SDK integrated by a bunch of third-party software developers. So it's probably up to each developer to disclose the proxy server. And I'm pretty sure that most people running those apps have no clue that they're proxying NordVPN traffic to Disney+. Or whatever traffic other Oxylabs' customers are routing through their devices.
participants (3)
-
Comet Dweller -
John Newman -
Mirimir