People around the world use commercial proxies to hide their true location or identity. This can be done for various purposes, including access to blocked information or privacy.
But how correct are the providers of such proxies when they claim that their servers are located in a certain country? This is a fundamentally important question, the answer to which depends on whether it is possible to use a certain service at all for those customers who are concerned about the protection of personal information.
A group of American scientists from the Universities of Massachusetts, Carnegie Mellon and Stony Brook published , during which the real location of the servers of seven popular proxy providers was checked. We have prepared a summary of the main results.
Introduction
Proxy operators often do not provide any information that could confirm the accuracy of their server location claims. IP-to-location databases usually confirm the advertising claims of such companies, but there is a large amount of evidence of errors in these databases.
In the course of the study, American scientists evaluated the location of 2269 proxy servers operated by seven proxy companies and located in a total of 222 countries and territories. The analysis showed that at least a third of all servers are not located in the countries that companies declare in their marketing materials. Instead, they are located in countries with cheap and reliable hosting: the Czech Republic, Germany, the Netherlands, the UK and the USA.
Server location analysis
Commercial VPN and proxy providers can influence the accuracy of IP-to-location databases - companies have the ability to manipulate, for example, location codes in router names. As a result, marketing materials may claim a large number of locations available to users, while in reality, to save money and increase reliability, servers are physically located in a small number of countries, although IP-to-location databases say otherwise.
To check the real location of the servers, the researchers used the active geolocation algorithm. With its help, the roundtrip of the packet sent to the server side and to other well-known hosts on the Internet was evaluated.
At the same time, only less than 10% of the tested proxies respond to ping, and for obvious reasons, scientists could not run any measurement software on the server itself. They only had the ability to send packets through a proxy, so roundtrip to any point in space is the sum of the time it takes a packet to get from the test host to the proxy and from the proxy to the destination.
During the study, specialized software was developed based on four active geolocation algorithms: CBG, Octant, Spotter and hybrid Octant/Spotter. Solution Code on GitHub.
Since it was impossible to rely on the IP-to-location database, the researchers used the RIPE Atlas list of anchor hosts for experiments - the information in this database is available online, is constantly updated, and the documented locations are correct, moreover, the hosts from the list constantly send each other ping signals and update the roundtrip data in the public database.
Developed by scientists, it is a web application that establishes secure (HTTPS) TCP connections on an insecure HTTP port 80. If the server does not listen on this port, then after one request it will fail, but if the server listens on this port, the browser will receive a SYN- ACK response with a TLS ClientHello packet. This will trigger a protocol error and the browser will display the error, but only after the second roundtrip.
Thus, the web application can measure the time of one or two roundtrip. A similar service was implemented as a program launched from the command line.
None of the tested providers give the exact location of their proxy servers. At best, cities are mentioned, but most often there is information only about the country. Even when a city is mentioned, incidents can occur - for example, researchers studied the configuration file of one of the servers called usa.new-york-city.cfg, which contained instructions for connecting to a server called chicago.vpn-provider.example. So, more or less accurately, you can only confirm that the server belongs to a specific country.
The results
Based on the results of tests using the active geolocation algorithm, the researchers were able to confirm the location of 989 out of 2269 IP addresses. In the case of 642, this was not possible, and 638 are definitely not in the country where they should be, according to the assurances of the proxy services. More than 400 of these false addresses are actually located on the same continent as the claimed country.
The correct addresses are located in the countries that are most often used to host servers (by clicking on the image, it will open in full size)
Suspicious hosts were found on each of the seven providers tested. The researchers asked the companies for comment, but they all refused to communicate.
Source: habr.com