Tryout proxy server IP addresses now listed

Our 15 different "tryout" proxy services at pickaproxy.com now show which IP addresses they are made up of, along with their geographic location ("geolocation") and the name of the organization that owns it. For the "Tor speak" version of our web site page, we now also show the Tor node nickname of each.

Many of you will likely wonder why we have so many IP addresses included in each of these - the US, Germany, non-China, non-US and non-Germany ones have 32 different IP addresses. The reason is because each of our proxy services randomly assigns 1 of these IP addresses to you each time you go to a web site, and also changes it every x minutes to 1 of the other IP addresses. The actual value of "x minutes" is not precise, and depends on a number of factors that we cannot predict in advance at this point. This random assignment of IP addresses allows more users to use the same proxy service at the same time.

Our "random" tryout proxy service does not have a specific set of IP addresses - it randomly picks from the complete set of Tor Network proxy servers, which is averaging about 617 so far this month.

Next up is to show the real-time status of each of these proxy services, so you can know in advance which ones are currently working and which ones are currently not. The US proxy in particular is often running at capacity and also crashes and goes offline regularly, which is something we are working on getting resolved. The crashes are automatically resolved every 1-2 hours when we take down and restart each proxy service, but it is still vexing that we have not been able to stop the crashes so far.

We have also changed the way we determine "Excluded" proxy servers, and now show the list of globally excluded proxy servers underneath the list of "Current tryout Proxy Servers". Previously we were excluding specific proxy server "nicknames" but we now also support excluding by ISP, Owning Organization, domain name, IP address and IP address range, Country, Continent, City, Tor software version number running on the proxy server, and the operating system "platform" running on the proxy server.

German data retention law effective 1/1/2009

We have now setup a Hamachi VPN connection for those wanting to use non-German proxies. First, use your LogMeIn Hamachi software to connect to our "nonDEvpn.pickaproxy.com" network, with password 8qJWqcv8. Then set your proxy to point to "hamachi.pickaproxy.com" with port 18233. That's all you have to do. All communications between your software and our proxy server is encrypted and private over the Hamachi VPN, and your IP address will appear to be in 1 of 32 random non-German countries, which we change every 1-2 hours.

For the Tor crowd, what "non-German" means for us is not only exit nodes that are outside Germany, but also entry nodes (1 of 18 random entry nodes changed every 1-2 hours) that are outside Germany. Relay nodes (middleman nodes) may or may not be in Germany. We currently only restrict relay nodes by way of our global "Currently Excluded Nodes" list, shown on http://www.pickaproxy.com?speak=tor. Eventually we will let our subscribers choose their own "Excluded Nodes" if they want them, either individually, or by excluded or included Country or Continent, or by excluded or included ISP's and Owning Organizations.

Tor Network "Code Green" criteria

We have updated our criteria for showing the Tor™ Network as "Code Green", which is how we define it as operating "normally". Our criteria was bound to change, since the Tor Network itself is in many ways a work in progress. And I doubt this will be the last change we make to it. In order to make it more clear what our criteria is going forward, we have now included a new listbox called Tor Network Status "Code Green" Levels, which can be seen at pickaproxy.com?speak=tor.

I should clarify that our criteria is not endorsed by the Tor Project, but rather something we embarked on ourselves to identify and communicate to our users when something does not seem to be right with the Tor Network in aggregate. This is one of the added values of using our service. What we changed yesterday was the minimum number of "Guard" nodes, which was reduced from 300 to 200, and a minimum number of "Hidden Service" Directory Servers was established at 15.

"Guard" nodes are an important part of the Tor Network design, but pretty much irrelevant for our users at this time. We handle that part for you as part of the connection we give our users into the Tor Network. If you are interested in the details about guard nodes, I suggest you start with reading http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-9927a2f6d044e4c5b1fc610d92175b7c8d4f49d9.

The reason we changed our criteria yesterday from 300 to 200 Guard nodes is because there have been a significant number of times recently when the total number of Guard nodes has been less than 300. In fact about 30% of the time in September so far this has been true, compared with about 5% in August, and only about 2% of the time for July. We figure the normal state of the Tor Network must have changed, and 200 Guard nodes is still a reasonably high number.

"Hidden Services" are another important part of the Tor Network, but also irrelevant for the majority of our users at this time. Hidden Services are web servers (and web services) running on the Tor Network that do not expose their IP Address to their users. If you are interested in the details about Hidden Services, I suggest you start with reading https://www.torproject.org/docs/tor-hidden-service.html. The number of Hidden Service Directories is important because the more there are, the greater the protection they offer to Hidden Service users.

Let us know if you have any questions or concerns about these changes.

Change your proxy settings (how to...)

Lots of questions lately on how to change your proxy settings...

If using Microsoft Internet Explorer, go to Tools | Internet Options | Connections | LAN Settings and select the "Use automatic configuration script" option, with http://www.pickaproxy.com/nonCN.proxy.pac as one example of the PAC files we currently support for tryouts.

As an alternative, you could select the "Use a proxy server for your LAN" option, along with the "Bypass proxy server for local addresses" option, de-select the "Automatically detect settings" option, click the Advanced button, enter "tryout.pickaproxy.com" in the "Proxy address to use" fields for HTTP, Secure and Socks, and enter 8123 in the "Ports" fields.

If using Firefox, go to Tools | Options | Advanced | Network | Connection Settings and select the "Automatic proxy configuration URL" option, with http://www.pickaproxy.com/tryout.proxy.pac as one example of the PAC files we currently support for tryouts.

After this, use your browser to go to https://check.torproject.org or http://www.whatismyipaddress.com or https://www.showmyip.com to confirm that your new proxy settings are geospoofing you!

Other browsers and other programs will have similar ways to change their proxy settings. If you come across something that is giving you grief, let us know and we will find out what you need to do.

Too many open files

If you are trying out our proxies and get an error indicating there are "Too many open files" we apologize, but this is an indication that our server is running at maximum capacity.  Best to retry or come back later when things will be less busy.  Our web accelerator cache is also hitting capacity at times, and we are currently working on a better design to address this.  Eventually we expect to have much greater capacity - perhaps even unlimited capacity - as we move to a "cloud computing" infrastructure.

Proxy Auto Configuration now skips 127.0.0.1

If you are using our PAC files, and Google Desktop Search, you will notice you no longer get an error message, because we no longer try to proxy anything where "127.0.0.1" or "localhost" are the domain name. Our PAC file now looks like this (for the us.proxy.pac file), which is just a bit of Javascript:

function FindProxyForURL(url, host) {
if ((host == '127.0.0.1') || (host == 'localhost')) 
  return "DIRECT";
else 
  return "PROXY us.pickaproxy.com:8125";
}

"DIRECT" in this context means do not use the proxy, but rather make a direct connection.

On another note, we also are now showing a list of all Tor proxy servers ("exit nodes") that we never use, for reasons of security and/or reliability.  You will have to be looking at the "Tor speak" version of our site (at http://www.pickaproxy.com/?speak=tor) to see this list, but it is shown below the "Top 10 Fastest (Running)" list.  And you will notice that we have added "AoF" to this list because of reliability problems we have noticed in the last few days.  Any changes to our "ExcludeList" will now be shown automatically in this way, so we will not be announcing each and every change on this blog or in our RSS feed.

Proxy Auto Configuration "PAC" files now available

You can now use our pre-set "PAC" files to specify your proxy settings, which simplifies things a bit. Instead of setting your proxy to tryout.pickaproxy.com and port 8123, you can now specify the "Use automatic configuration script" option (if using Internet Explorer) or the "Automatic proxy configuration URL" option (if using Firefox) or the "Use automatic proxy configuration" option (if using Opera) and use https://www.pickaproxy.com/tryout.proxy.pac as the Address and name and location of the script file. 

• us.proxy.pac is equivalent to us.pickaproxy.com and port 8125
• uk.proxy.pac is equivalent to uk.pickaproxy.com and port 8126
• fr.proxy.pac is equivalent to fr.pickaproxy.com and port 8129
• ru.proxy.pac is equivalent to ru.pickaproxy.com and port 8130
• cn.proxy.pac is equivalent to cn.pickaproxy.com and port 8131
• ca.proxy.pac is equivalent to ca.pickaproxy.com and port 8132
• de.proxy.pac is equivalent to de.pickaproxy.com and port 8133
• nonCN.proxy.pac is equivalent to nonCN.pickaproxy.com and port 18231
• nonDE.proxy.pac is equivalent to nonDE.pickaproxy.com and port 18233
• nonUS.proxy.pac is equivalent to nonUS.pickaproxy.com and port 18225

We will add more functionality and flexibility to our PAC file support at a later time. The plan is for subscribers to be able to define multiple proxy options within a single PAC file for their own use, and to allow PAC files to be updated from our https://www.pickaproxy.com web site so that you do not have to muck about with proxy settings on your computer, other than to do the initial, one-time change to use your PAC file.

Desync ok

So I sent an email to the contact Ben Wilber for the Tor network proxy named "desync", getting the IP Address wrong in the process: "I wonder if you would mind giving me some information about your intentions with the Desync Tor exit node you ostensibly operate at 63.230.230.230? I run the pickaproxy.com site and noticed that you are the 2nd fastest node in the Tor network http://www.pickaproxy.com/?speak=tor and the only one owned by Reliable Web Services and using ISP Neucom. I am generally suspicious of fast nodes, so please do not take offence if your intentions are worthy :)"

And I got a reply: "Our node is intended to support the Tor project's efforts to preserve anonymity on the Internet.  No transmitted information or logs concerning circuit construction are monitored or recorded within our scope of control, both for clients' privacy and our own legal protection. The node is physically located in Tampa, FL and is operated by desync.com out of Desync's network, AS30217."

I replied: "Thanks, Ben. I would be glad to remove this node from our pickaproxy.com ExcludeNodes list based on this information. Would you mind if we posted your email reply on our pickaproxy.com blog?"

And he said: "Sure, go ahead."

So desync is in, and as of today it is the fastest of all computers in the Tor network with a throughput measured to be consistently around 6 GB per second for at least the last week. Considering that the average proxy server ("exit node") in the Tor network has a throughput of about 243 KB per second, and the mean throughput is only about 50 KB per second, Ben is to be thanked for adding so much horsepower for all to use!

Webdvdr and desync now excluded

We have now excluded 2 more proxies from our service: Webdvdr and desync.

Webdvdr is currently the fastest computer in the entire Tor network by a considerable margin, and the operator of this computer continues to regularly change their "exit policy", indicating some sort of experimentation and possibly analysis of traffic flowing through it. Located geographically in Paris, France at dedibox.fr, the operator has also not identified themself with a Tor Contact name, the IP address 88.191.79.196 does not have a DNS host name, is listed on spamhaus.org's XBL composite block list, and is listed on uceprotect.net Level 1 spam list. We think all this warrants protecting our users from this proxy, and so are adding it to our "ExcludeNodes" list effective immediately until further notice.  The operator of this proxy is certainly welcome to contact us at any time.

Desync is currently the second fastest in the Tor network, geographically located in Placentia, California, USA, with Contact name Ben Wilber, and the only computer in the Tor network using ISP Neucom and owned by Reliable Web Services.  It's IP address 66.230.230.230 likewise does not have a DNS host name, and although it is not an obvious candidate for our ExcludeNodes list, we are being cautious in doing this, and in addition we will be attempting email contact with the operator to learn more about him and his intentions with this proxy.

Further to our May 22 blog posting, Paranoia part 1, the names of the 5 proxy servers owned and operated by PSI in Washington, DC, USA are bettyboop, croeso, jalopy, myrnaloy, and nixnix.

Tor network status now available

Further to our last post on May 22, we have now made available an initial step to identify and advise people about the status of the overall Tor network.  This information is now displayed at the top of our pickaproxy.com web site, showing the "current Tor network status" as either Ok, Use With Caution, or Not Considered Safe.  These 3 conditions are initially defined as follows:

"Ok" means there are at least 525 exit nodes ("proxy servers" for the non-Tor-speaking set), 500 relays, 300 guards, 6 version 3 directories, 500 version 2 directories, 32 KB/s mean and average exit bandwidth, and 40 KB/s mean and average relay bandwidth. Any nodes hibernating, marked as "bad", not "valid", or not "running" are excluded from these numbers.

"Use With Caution" means there are less than 1 or more of these thresholds, but at least 375 exit nodes ("proxy servers"), 350 relays, 150 guards, 5 version 3 directories, 250 version 2 directories, 22 KB/s mean and average exit bandwidth, and 30 KB/s mean and average relay bandwidth.

Anything less than any of these Use With Caution thresholds will result in a "Not Considered Safe" status.

Our next step will be to allow people to subscribe to this information, and to define these thresholds for themselves. Our checks to update this status are currently done every 1-2 hours.