iDNet and security

[Tacitus]

Has anyone done a Shields Up test of their router recently?

Amongst other things, this performs a port scan of your router, but it also shows a unique machine identifier in the form of: cust123-dsl231-45-678.idnet.net.   It does in fact include your IP address.  The technically minded amongst you will be able to do a reverse DNS lookup which will probably give you the address of your router, even if it's not a standard 192.168 etc

The point is that this is a unique identifier which is visble to any website and cannot be blocked except at the isp.  Ad-blockers and the like will not kill it and it makes a mockery of any privacy you may think you have.  Anonymous proxy servers would probably do it but they're a bit of a minefield with no guarantees as to their security.

Safari on a Mac uses some form of obfuscation - possibly an Apple owned proxy server - so this doesn't happen.  On FireFox and Vivaldi it does and is visible.

It may be that this identifier changes each time you log on or maybe on a random basis by iDNet on their servers.  If it doesn't then it should, or at least be obscured in such a way that web sites cannot get hold of it.  I beleive it can be done by the ISP but have not seen anything definitive.

[Simon]

Blimey, that's a blast from the past!  I appear to be in Stealth mode, except for receiving pings, which, unless I'm mistaken, you have to be able to do to use the Internet...(?) 

[nowster]

Amongst other things, this performs a port scan of your router, but it also shows a unique machine identifier in the form of: cust123-dsl231-45-678.idnet.net.

That is the reverse DNS of your EXTERNAL IP address.

For the fake example above, the IP address is 231.45.678.123 (678 > 255 meaning it's impossible).

It is best practice for an ISP to have a reverse and forward DNS for their external IPs, as some things won't work properly without it.

Your IP address is static with iDNet, and tends to be stay the same with other ISPs too unless you reboot your modem.

You need an IP address for the internet to work at all.

I'm afraid this is a case of too much information and not enough knowledge. But you don't need to listen to me. I only ran the technical side of an ISP from 1994-2009.

PS. Wait until you find a scanner that supports IPv6. That'll blow your mind.

[Tacitus]

I thought I'd just replied with the thought that I was possibly making something out of nothing, but that reply seems to have vanished into the ether.

Nowster's post explains things which is really what I was looking for.  Obviously you need an IP address for the thing to work at all.

Whilst the form of the iDNet identifier is correct, the numbers are entirely fake so it would be impossible.  Perhaps I should have used a genuine IP (not mine) which would make it:

cust147-dsl104-28-40.idnet.net

I'm aware a little knowledge is dangerous, but even I know enough that IPv6 is likely to make privacy more or less non-existent.

[Tacitus]

Test post as I appear to have been banned for life....

[Tacitus]

Tried deleting Safari prefs to see if that removes the ban....

[Tacitus]

That's weird.  If I login with Safari I get the message that I have been banned and the ban is not set to expire.  So after 17 years on here I've now become a non-person  Just tried deleting Safari prefs and that seems to have worked.

However I'm now using FireFox to see if that is OK.

Back to the thread.

Whilst I don't doubt what Nowster says, I find it intriguing that Apple feel it is sufficient of a security/ privacy risk that they obfuscate your IP.  Other browsers either disagree or feel it too much trouble to bother.

[Simon]

That's weird.  If I login with Safari I get the message that I have been banned and the ban is not set to expire.  So after 17 years on here I've now become a non-person  Just tried deleting Safari prefs and that seems to have worked.

However I'm now using FireFox to see if that is OK.

I've had a look through our ban triggers log, and it appears that you used VPN at some point, and it happened to be a banned one. 

[nowster]

Whilst I don't doubt what Nowster says, I find it intriguing that Apple feel it is sufficient of a security/ privacy risk that they obfuscate your IP.  Other browsers either disagree or feel it too much trouble to bother.

No browser can obscure your IP address. It's an essential part of the Internet Protocol (in this case version 4 of it).

VPNs obscure it by making it appear you're somewhere else. However, the VPN operator can watch your traffic just as easily as any ISP could.

But VPNs don't stop tracking cookies (and other underhand stuff).

[Tacitus]

I've had a look through our ban triggers log, and it appears that you used VPN at some point, and it happened to be a banned one. 

Thanks for the heads up Simon. 

I tried a "free" Adblocker from the App Store but that came with a built in VPN.  By the time I realised the VPN was operating and I was expected to pay a monthly sub, it was too late.  I've uninstalled it now but it may be a while before this completely works its way through. 

I mainly use FireFox since it is more flexible than Safari.  I do like Safari's obfuscation of my IP which doesn't seem to cause any problems.  No idea whether it uses an Apple owned proxy server or it's something in the code.  Either way it works  Or at least it appears to work

[Tacitus]

No browser can obscure your IP address. It's an essential part of the Internet Protocol (in this case version 4 of it).

Don't doubt you're right.  I can only go by what the Gibson Shields Up site reports which "sees' my IP as something very different to the actual one.  Or at least it says it does.....

But VPNs don't stop tracking cookies (and other underhand stuff).

I use other means to deal with tracking cookies alhtough with device fingerprinting and the other underhand stuff, it's probably futile. 

Agree with your comments on VPNs and security. I've heard good things about the NordVPN, but I doubt the users would realise whether or not their stuff was being watched.  It's one of the reasons I'm not keen on anonymous proxies.  Whilst they may present a spoofed IP to the end web site, the fact that your info passes through someone else's server is a risk in itself.

[nowster]

I've heard good things about the NordVPN...

Which is one VPN I wouldn't touch with a bargepole. There has to be a reason why they heavily advertise and sponsor.

I'd suggest Mullvad as possibly the best of a bad bunch.

[Tacitus]

Removed adblocker, or at least I thought I had, and Safari seemed to work OK in the admin account.  I downloaded from the App Store so it should have been free of malware.

I've now tried logging in as user and I still get the message that I'm blocked.  I suppose it serves me right for trying what appeared to be an adblocker which unknown to me, also contained a VPN, something you don't find out until the app is installed.

Firefox seems to be OK which is what I'm using currently.

Anybody any ideas?

EDIT:  I've just set the Developer menu in Safari and used that to clear the caches.  So far it's working so we'll see how it goes.

[Tacitus]

I've used the Developer menu in Safari to clear the caches.  This worked once but after I logged out of Netters and back in again, the message that I'm permanently banned reappeared.

Is there any way of working round this at the server end?  When I installed the app from the App Store there were no red flags, but I'm beginning to wonder if this is persistent malware.

[zappaDPJ]

@Tacitus it appears you may have an iCloud+ subscription from Apple with iCloud Private Relay enabled? If so that is the likely trigger for the ban. It would be useful to confirm this before we look at what options are available to us. Thanks

[nowster]

...you may have an iCloud+ subscription from Apple with iCloud Private Relay enabled?

And that would explain why Safari was not showing your iDNet IP address. iCloud is providing a VPN (or possibly Web proxy) service to Safari.

[Tacitus]

@Tacitus it appears you may have an iCloud+ subscription from Apple with iCloud Private Relay enabled? If so that is the likely trigger for the ban. It would be useful to confirm this before we look at what options are available to us. Thanks

@ZappaDPJ:
Thanks to you and @nowster for replying. 

Yes I have an iCloud+ sub, mainly for the 50Gb cloud storage, but it also gives me private relay.  AFAICT it's an Apple owned proxy, but I agree it could be a full VPN.  I removed the rogue "free" adblocker which came with a VPN I was expected to pay for.  For all Apple's talk about security etc, the App Store comes with its own selection of scams and underhand dealing.

I turned off private relay overnight.  When I restarted the machine it was giving me a different IP.  This one is from a different range so it looks as though Apple rotate them.  Whether they do this automatically or only when you do a restart I don't know.  I obviously hit one in a range that the VPN also used. 

There could be several other "Apple" Ips on the block list but I've no way of knowing.  Might be worth talking to Apple.

I'm logged on with Safari at present so we'll see how it goes.

[nowster]

Yes I have an iCloud+ sub, mainly for the 50Gb cloud storage, but it also gives me private relay.  AFAICT it's an Apple owned proxy, but I agree it could be a full VPN.

Apple Private Relay is a proxy, but with multiple layers like Tor. https://support.apple.com/en-gb/102602

And it's very likely that any VPN-like address will be on someone's blocklist regardless of who operates it.

[Tacitus]

Apple Private Relay is a proxy, but with multiple layers like Tor. https://support.apple.com/en-gb/102602

And it's very likely that any VPN-like address will be on someone's blocklist regardless of who operates it.

Thank you for the link, which is very informative. 

I see Malwarebytes the anti-virus app, is also incorporating a VPN for 'privacy browsing'.