People around the world use commercial proxies to hide their true location or identity. This can be done for a variety of purposes, including accessing blocked information or ensuring privacy.
But how correct are the providers of such proxies when they claim that their servers are located in a certain country? This is a fundamentally important question, the answer to which depends on whether it is generally possible to use a certain service for those customers who are concerned with protecting their personal information.
A group of American scientists from the universities of Massachusetts, Carnegie Mellon and Stony Brook published a study in which they checked the real server locations of seven popular proxy providers. We have prepared a short summary of the main results.
Introduction
Proxy operators often do not provide any information to support the accuracy of their server location statements. IP-to-location databases usually confirm the advertising theses of such companies, however, there is a large amount of evidence of errors in these databases.In the course of the study, American scientists estimated the location of 2,269 proxy servers managed by seven proxy companies and located in a total of 222 countries and territories. The analysis showed that at least a third of all servers are not located in the countries that companies claim in their marketing materials. Instead, they are located in countries with cheap and reliable hosting: the Czech Republic, Germany, the Netherlands, the United Kingdom and the United States.
Server location analysis
Commercial VPN providers and proxies can affect the accuracy of IP-to-location databases - companies have the ability to manipulate, for example, location codes in router names. As a result, marketing materials can declare a large number of locations available to users, while in reality, in order to save and increase the reliability of work, the servers are physically located in a small number of countries, although the IP-to-location bases say the opposite.To check the real location of the servers, the researchers used an active geolocation algorithm. It was used to evaluate the roundtrip of a packet sent to the server side and to other well-known hosts on the Internet.
At the same time, only less than 10% of tested proxies respond to ping, and scientists could not run any software for measurements on the server itself, for obvious reason. They only had the ability to send packets through a proxy, so that a roundtrip to any point in space is the sum of the time it takes for a packet to travel from the test host to the proxy and from the proxy to the destination.
During the study, specialized software was developed based on four active geolocation algorithms: CBG, Octant, Spotter and hybrid Octant / Spotter. The solution code is available on GitHub.
Since it was impossible to rely on the IP-to-location of the database, for the experiments the researchers used the list of RIPE Atlas anchor hosts - the information in this database is available online, is constantly updated, and the documented locations are correct, moreover, the hosts from the list are constantly sending each other ping signals and update the roundtrip data in the public database.
Developed by scientists, it is a web application that establishes secure (HTTPS) TCP connections on the insecure HTTP port 80. If the server is not listening on this port, then after one request, it will fail, but if the server is listening on this port, the browser will receive SYN- ACK response with TLS ClientHello packet. This will trigger a protocol error and the browser will display the error, but only after the second roundtrip.
Thus, the web application can time one or two roundtrip. A similar service was implemented as a command line program.
None of the tested providers give the exact location of their proxy servers. At best, cities are mentioned, but more often than not there is information only about the country. Even when the city is mentioned, incidents can occur - for example, the researchers examined the configuration file of one of the servers called usa.new-york-city.cfg, which contained instructions for connecting to the server called chicago.vpn-provider.example. So, more or less accurately, you can only confirm the belonging of the server to a specific country.
Results
According to the results of tests using the active geolocation algorithm, the researchers were able to confirm the location of 989 out of 2269 IP addresses. In the case of 642, this could not be done, and 638 are definitely not in the country where they should be, according to the assurances of the proxy services. More than 400 of these false addresses are in reality on the same continent as the declared country. The correct addresses are located in the countries that are most often used for hosting servers (by clicking the picture will open in full size). Suspicious hosts were found for each of the seven tested providers. The researchers solicited comments from the companies, but they all refused to communicate.
