Check Your IP Reputation Score
ipdata.coHumph. My home IP address which is shared by thousands of random people behind two layers of NAT, in Brazil, gets a score of "63, low risk". My mail server, on Linode in the US, which has had the same IP# for about 20 years and sends mail to GMail and Microsoft without problems (and only from a small group of people who never send spam) gets a score of "0, high risk". This is useless garbage, and dangerous to boot. The last thing we need is more arbitrary and unaccountable "reputation scores" being propagated by self-appointed and unqualified reputation judges.
It’s correctly distinguished between your home internet and a server. That’s the intention here, to discriminate against VPN users and bots.
What's your problem with VPN users?
Are you some kind of voyeur that likes to snoop in other people's private business?
Where I go in the internet is my business alone, just like were I go outside my house. And having an online version of China's social credit tracking me online to see if I behave is not a good thing.
You are providing a service that is actively diminishing (already brittle) internet privacy and I have 0 love for people doing that.
IMO VPN services that don't defeat geolocation like Apple's Private Relay, the Google One VPN service and Cloudflare Warp are a good compromise for privacy.
This is because they allow businesses to provide their services without breaking the law eg. gambling is legal in some states and illegal in others, betting services need to distinguish/target users accordingly.
Insurance providers might only be licensed in certain states and not in others and also therefore need to correctly distinguish/target users correctly.
US companies are also restricted from doing business with certain embargoed and sanctioned countries and they are expected to use technological tools like IP geolocation to be compliant.
"OFAC makes clear its expectation that companies consider Internet Protocol ("IP") address geolocation data when assessing whether online customers are located in sanctioned jurisdictions." [0]
These and other legitimate usecases are defeated by VPNs.
[0] https://www.mondaq.com/unitedstates/export-controls-trade-in...
> VPN services that don't defeat geolocation like Apple's Private Relay, the Google One VPN service
TL;DR these VPN offerings don't provide privacy since we are merely exchanging who is doing the surveillance.
Long version: The problem with these are that instead of now denying a service to privacy-conscious users, these users are being profiled big tech companies that can afford to do more sophisticated things like track you across the internet using trackers and browser fingerprinting and thus don't need to rely on IP addresses. By profiling you they are themselves able to guarantee geolocation or to kick you permanently out of their VPN if you violate their arbitrary ToS.
And that they are profiling you is totally making sense too: Otherwise how would they be able to keep any malicious activity at bay.
> legitimate reasons
Yes, these are legitimate reasons. But does the need of a number of profit-based tech companies outweigh the need of society for privacy?
I doubt it! Since it doesn't seem fair that everyone must suffer for the benefit of a few.
The entire problems is made more complicated by:
1) lawmakers that don't understand that you simply cannot perfectly replicate.
It particular the need for geoblocking shows how arbitrary laws even are, if the same thing is lawful in one state but not the next.
Thus it seems contrived to do surveillance on everyone just so that a few companies who insist on having an internet presence can emulate physical geopresence.
There should be a law that states that if it takes too much of a toll on privacy to emulate physical behavior, you should be forbidden to seek to emulate it.
2) the fact that you can put an exact number of how much money you save as a business by using such scores, but you cannot put an exact number on how detrimental privacy loss is, since thst evolves on a very slow timescale. The latter only becomes visible really late, like a silent but terminal disease that barely in the very last stages begins to show itself: For example, when you reach China-style surveillance. Only then most people ask themselves: How did we get there?
To conclude: I don't particularly blaim your service for that since you are simply acting within a web of incentives and probably your livelihood depends on it - and if that is the case you can't possibly be expected to make an obiective decision (sorry if I was a bit harsh in this entire back-and-forth). Though if I were running such a company at least I'd make sure to donate some funds to non-profits that promote privacy and the use of VPNs/Tor for everyone - somewhat similar to CO2 reduction certificates that CO2 emitters buy.
Maybe they shouldn't use a technology that is fundamentally ambiguous about identity - you know go back to paper and US mail.
They don't necessarily have a problem with VPN users, they're just describing the purpose.
This is actually proof that it works as intended. Our scores are made to be consumed by web applications.
In that context it makes sense that a cloud IP that's used to send mail would be treated with suspicion if it's seen trying to make a purchase on an e-commerce site.
Please stop making the world a worse place. Every online purchase I make comes from a datacenter IP with resistFingerprinting = true. I've got a good ISP that probably isn't selling surveillance about me, but websites themselves certainly abuse IP addresses (as you're doing here), and I see no reason to browse like some naive jamoke - datacenter IPs are easy to rotate, and fine-grained wireguard is already integrated into my setup.
When web sites increase the amount of hassling (and make no mistake about it, garbage like this, CAPTCHAs, nonconsensual "SMS 2FA" etc are all just hassles to customers), I file support tickets about their broken website. If a website continues down the path of snake oil to the point of becoming unusable, I generally end up no longer being a customer.
Fraudulent activity by bots is a problem that everyone who's managed a large enough website is familiar with.
Most bots originate from cloud IPs or hide behind proxies and VPN services. Our scores ensure that the majority of legitimate users i.e. those coming from residential IPs are left alone, with captchas and other verification mechanisms shown to "high risk" users, that is, users visiting from a cloud provider's networks or a known proxy/vpn provider. This can be verified by the number of comments on this thread by users whose home internet IPs showed a high "Trust Score".
So if anything our scores help reduce the hassle or friction that legitimate users are subjected to by the fraud-fighting tactics employed by different websites.
"Fraudulent activity by bots" is a contradiction in terms that sounds like you've just mashed distinct issues together to create an emotionally manipulative phrase. Bots are bots, fraud is fraud. "Bots" are an overstated problem - websites should want to publish their information for every type of consumption. If serving some types of consumers causes too high of a load, then the inefficient code is what needs to be fixed. And fraud is not going to be prevented by a CAPTCHA.
> our scores help reduce the hassle or friction that legitimate users are subjected to
I'm telling you right here, I am a legitimate user and when businesses fall for the garbage story you're pushing, it makes me less likely to remain their customer. Hassling customers with repeated rounds of "click on all the cars" "no you're wrong" is terrible UX. It could be understandable if it popped up after a few failed logins in a row, but putting the nagwall front and center is appalling design.
I look forward to Apple's VPN increasingly demonstrating just how wrong your marginalizing surveillance mindset is.
Bots here refers to automated traffic, and I don't think anyone on HN would be surprised by the assertion that most online fraud is automated.
I would reject that assertion, because it seems to tie a bunch of disparate issues in order to summarily "other" them. It probably makes for reassuring business metrics that are ultimately detached from reality. I'm sure my own browsing patterns are often miscatergorized into a bin of "look at how many bad guys we stopped", ultimately misleading businesses.
Please describe one specific trend/activity you're referencing, where an automated user agent specifically facilitates fraud, beyond merely facilitating users that just so happen to have fraudulent intent. Situations where augmented user agents are claimed to be prohibited via bullshit terms of service do not count.
What is the difference between the setup you describe being used for what I assume is privacy, and the same setup being used for nefarious reasons exiting from your presumably consumer level VPS?
The difference is as you just said - one is being used for privacy, and the other for "nefarious reasons".
It seems like you're trying to imply an association, while avoiding having to make the "if you have nothing to hide" argument explicitly.
Not at all.
I'm wondering why you expect the websites you're attempting to utilize to understand your intentions are "pure" when I would argue that setup is vastly more commonly used for nefarious purposes.
They do blocking for a reason. I'm sure if you contacted them they would explain they lose $$$$$$ a year due to fraud/abuse/hack/nefarious attempts coming from setups similar to yours, which dwarfs however much you might buy from them. I understand their position.
There are commercial VPN and security solutions etc that would achieve some of the goals - undoubtedly at a higher cost than what you're running. You would essentially paying for a boost in reputation that websites would recognize as being more on the "good" side than "bad".
It's quite unfortunate for you I agree but I don't blame them at all.
A suggestion - get a more premiere data center host and get a /29 network allocated to you (can be using a LLC for privacy). Essentially become a commercial entity and pass the sniff test for a lot of websites.
Or subscribe to a service that does that for you, and your frustrations will melt away.
I expect websites to use IP addresses for their purpose of routing packets back to me, and perhaps some slightly-above-L2 concerns like rate limiting.
And yes, I understand these businesses have fallen for snake oil salesmen telling them things like VPSs are indicators of "nefarious purposes". But the actual reality is why would someone with "nefarious purposes" need or want to use a VPS? Rather someone looking to do credit card fraud is going to be using a proxy service that runs through residential connections via cracked machines.
Commercial VPNs, which I also use for some types of traffic, get hassled just as much by websites. So no, that is not a solution.
Getting my own /29 would defeat the entire purpose of browsing from a rotating data center IP, which is to defeat IP-based tracking.
The only way to solve this dynamic is for enough people to start browsing from VPNs, CGNAT, etc, that the snake oil salesmen have to move on to something else.
>these businesses have fallen for snake oil salesmen telling them things like VPSs are indicators of "nefarious purposes"
They are indicators. 95% of the abuse on my VPS came from China, services like Contabo, DigitalOcean, Linode, Azure, Oracle, GCP, M247, and Tor. Some of these are no longer allowed to even reach L7 for my website. One other statistic I noticed is that some of those providers have 0% legitimate traffic.
The audacity you people are having of shoving unconsented scores down our throats!
I hope you choke on your own scores when a future-AWS-using-your-scores will deny your servers acces, because you accidentally sent an email from that server that was actually supposed to be doing something else.
This company is providing a horrible anti-service!
Random company website you are visiting: "We're sorry, we can't offer you access to our service today, as you IP score was below our required threshold. Please try again later and have a nice day."
This is the sort of thing the likes of cloudflare and google use to decide whether it shows you a captcha or not. I agree discrimimating on things like IP and User Agent and cookies as well as other things is undesireable, but I'm glad this site is at least transparent about it.
No, if your reputation is really bad you'll probably just be shown a captcha.
No, Cloudfare often just blocks you.
And if it doesn't, do you think that is a better solution, solving a captcha every 5 minutes? Just try using Google from behind a serious VPN provider, see how that works for you.
Also, what is your opinion on geoblock, do you think that is a good thing?
It seems you are one of the company's representatives that has never in his life consistently used a VPN or Tor, so you don't even know to what kind of restricted internet your company's products are leading to.
Although I am not a fan of cloudflare, cloudflare doesn't just block you. It's up to the administrator to choose what action he applies to what type of user.
https://developers.cloudflare.com/firewall/cf-firewall-rules...
To clarify, showing captchas is what a number of our customers do and I doubt they do it as aggressively as google.
Geoblocks are unfortunately often necessary to comply with the law or contractual obligations eg. media streaming.
> I doubt they do it as aggressively as google.
While I would like to believe you the problems is that until there is a law on how much you can pester people with captchas (and you basically can pester them into oblivion) , privacy-conscious people are simply at the mercy of the sysadmin deciding for them how usable the company service is made. Which is a decidedly bad state of affairs, since he could simply wake up at any day, whip up Google-style captcha-ing and as a VPN user you simply would have no option for recourse :(
Not even close. PayPal, Twitter, Facebook, Discord, etc. all insta-ban or lock your account if you come from a low reputation IP.
These services make it impossible to participate online without giving big tech your identity. IMO they’re worse than everyone else combined because they play a critical role in helping all tech companies discriminate against people that want privacy.
Pretty much this.
Actually they ban your account and want you to upload ypur ID.
The weirdest thing was that Facebook a while ago had an onion adress too (presumably so that people from repressive regimes could access it). But if you'd use Tor to access them using the regular web: insta-ban.
And then you complete the captcha, the page reloads, and you have to solve another captcha. Never actually getting to the site
Got a trust score of 100 for an IP address that's assigned to me through Latvijas Mobilais Telefons (LMT).
I guess that's perhaps one of the "benefits" of sitting behind CGNAT (from what I can tell), where nobody can host their own stuff and thus various sites (good or bad) hosted on residential connections and other interesting use cases aren't a thing.
It still doesn't feel too good to need cloud VPSes that act as proxies just so I can expose some sites from my homelab (e.g. a Nextcloud instance of D&D session recordings and other game details), even though for whatever reason it's still cheaper than asking the ISP for static IP addresses (e.g. a ~5 euro/month VPS).
That said, all of my VPS IP addresses (which I've had assigned to my servers for a few years) routinely scored 15-25 and landed in the "High risk" trust scores, even though they have 0 threats showing up. Guess running my own VPN to tunnel my connection through them might not be the best idea, if I wanted to do that in the future?
This is what I get for a public IP used for some of my websites:
Threats: 0
Trust score: 0 - High risk
"Threats" is based on static blocklists. "Trust Score" is generated by a model.
So what this means is, "even though this IP hasn't been reported anywhere we still think it's high risk".
What this means is: If a company website uses these scores, you will be blocked, even though you did nothing wrong.
> "Trust Score" is generated by a model.
Does a consumer have any insight into what the model does/doesn't like about an IP, or is it a black box?
I'm wondering how they could contextualize a score for their use case, or how I as the IP owner know what to fix to raise the score.
In all likelyhood it will be an (neural net?) AI, and then it's hard to get insight into why decisions were made.
And even if they could explain it you, it might be spurious correlations that were picked up.
There is a huge field of interpretable/fair AI and these types of questions arise in much more serious instances (e.g. where people in prison aren't given parole due an AI "assisted" decision). The state of the art seems to be that there are no easy answers as soon as you start questioning a decision by a modern AI system (or want introspection). You can only hope to not be part of the 5% of the cases where the decision is bad.
You're rating massive swaths of Verizon FIOS home internet fiber with static IP addresses as zero threat, high risk.
Oh boy this is ripe for abuse. Good luck lol
Is this ipinfo [0] repackaging their product?
no.
Source: I work for IPinfo. We don't do "IP Reputation Score". We provide the attributes/insights related to an IP address, the user makes the decision of how to use that information.
I thought IPinfo was just sourced from Maxmind, am I wrong? Is there any way to know who are the original sources of info in this space and who are reselling?
All of our datasets at IPinfo, including geolocation, are proprietary and created in house - we're not reselling any 3rd party data.
Seems a slightly better business model than the one from the OP.
But it still comes somewhat close to a China-social-credit system for the internet.
If this could somehow be tied to credit score, it would really discourage piracy.
It would. It would also discourage free speech and a number of other good things.
you've rediscovered the secret sauce to peer to peer credit models
https://www.turnkey-lender.com/blog/data-enrichment-is-the-s...
Turnkey: “45 million Americans have no credit history.”
Almost entirely children.
There were 73 million children in the U.S. in 2019—22 percent of our nation's population.
Is there a way to whitelist our corp vpns that happen to be cloud hosted? Happy to provide contact info and transparency if abuse were to occur.
Yes! Send me an email at my first name at ipdata.co.
I did some testing on 35.214.66.222, it says this could be an attacker because it's on the wikimedia blocklist. But it's on the wikimedia blocklist because it's an IP block owned by google, and wikimedia doesn't want google creating accounts.
That doesn't make a website server from this IP an attacker!
So OVH is 0 and Hetzner is 1, I suppose some ASN are worse than OVH/Hetzner, will they get negative scoe?
Why are "tor", "vpn", "iCloud relay", and "datacenter" considered threats?
I've just been running through my own website logs for the week, and the majority of hacking attacks (mostly attempts at stealing AWS & Git credentials, but also outright hacking, vulnerability scans, exploit attempts & brute forcing attempts) have all been via VPN, Tor exit nodes, and relays. Legit website users just never use VPN or Tor for anything.
Datacenter is not necessarily a "threat", but if a datacenter is trying to post to your website comment form, it's certainly posting some kind of spam or SQL injection attempt, and it's not a message from a legitimate customer. (Datacenter is actually a highly effective flag for detecting spam.)
> Legit website users just never use VPN or Tor for anything.
You are wrong. I use that and a minority of legit people also do.
The problem with your type of thinking is that you are only thinking in terms of what the population majority is doing and how they are behaving - lumping the minority of privacy conscious user in with all kinds if malicious actors. Basically the type of thinking that leads to all kinds of discrimination, unfortunately.
No, it is based on my web logs across my websites. I have never had a single purchase come through a VPN or Tor node. I have never had a legitimate customer or personal enquiry come through a VPN or Tor node.
100% of VPN and Tor access to my websites have all been hacking and spam attempts.
I have spent the last few months fighting spam & hacking attempts in detail - primarily from a Russian & Chinese exploit botnet that seems to have spun up around Feb 2021. This is why I am so confident in my statement, because I have been logging and collecting data on the spam & hacking attacks, and analyzing my data daily.
I've detected attacks via AVAST's VPN, Nord VPN, Fiber Grid, Tor exit nodes on Frantech, GleSys AB, Hidehost, Performive VPN, HideMyAss, PureVPN, and I just spent this afternoon tracing a particularly dumb bot that tried sending thousands of requests through StrongVPN, just alternating between 2 IP addresses. And that's just a subset of what I've been fighting against. For what it's worth, I only see the Tor exit nodes occasionally, VPNs are much more common.
I used to think VPNs and Tor were a good thing (about a decade ago). My mind has been changed by looking at the quantitative data I have collected.
> I used to think VPNs and Tor were a good thing (about a decade ago). My mind has been changed by looking at the quantitative data I have collected.
They are a good thing! Your mind has changed because your work has changed and you now are solely confronted with the negative aspects of using VPNs and Tor.
I'm pretty sure if you would have worked at an NGO on free speech you'd still be convinced of VPNs and Tor.
From you are staying the solution îs probably to increase the number of legitimate and responsable VPN/Tor users so that sysadmins don't automatically associate VPN/Tor with criminal usage patterns.
If you wanted to send spam, or run an attack, you’d want to run your traffico via tor or a vpn to hide your home or office IP.
Not sure why iCloud relay would be a problem.
isn't icloud relay just a vpn?
It's an Apple VPN, which makes it special since you usually don't want to piss off Apple/iOS users with "anti-bot" crap.
Tied to a unique and expensive Apple hardware serial number. It's a reputation-certification VPN.
It’s an HTTP proxy. Two layers of proxy.
I was just assuming that paying iCloud users might be less likely to launch bot attacks. But on reflection I guess that is just bias.
The point about proxy detection explains it as abuse in the form of ban circumvention.
They are threats to those who think that geoblocking is a good thing.
I don’t understand what this is or what the reputation really is. The site talks about threat intelligence and other marketing phrases. I hope I didn’t just give my IP to the site to just add to their database to show to their investors or worse data mine me somehow.
For context, a few months ago we launched our Blocklists [0] feature which allows users to query 100+ blocklists and find all the ones where an IP address has been listed.
Blocklists based threat detection is however limited since they cannot contain every possible bad IP which leads to a lot of false negatives.
To fix this we created an IP Reputation scoring model [1] and currently provide 4 scores.
- Trust Score - VPN Score - Proxy Score - Threat Score
The Trust Score simply aggregates the other 3 scores and is a value from 0 - 100, with 100 being a very high reputation IP address.
[0] https://docs.ipdata.co/docs/ip-reputation-scores [1] https://docs.ipdata.co/docs/ip-reputation-scores
What he is basically saying is that they are the gatekeepers of the internet now and will decide for you if you are trustworthy.
For me it says “error, not connected to internet”. Or just doesn’t run.
Same. It must have been HN hugged.
Could you try now and let me know if this persists?
Get the same error whenever I try a plus server on proton VPN.
It works (and i get a score of 0, from 80 previously) if I use a standard proton VPN server.
Scary.
Same error on page load and when I put my IP in nothing happens. iOS.
It matters because it changes the difficult of some hype drops for sneakers and stuff. That’s about it, also maybe how long the ip will last before it gets flagged as a bot
LOL, doesn't work on Firefox: "You are not connected to the internet".
> Threats: iCloud Relay
Seriously?