Friday, April 11, 2008

One in A Million (Almost)

Buckets, of Buckets of Grewal, has completed his analysis of the IP address 66.185.84.204, now famous due to the ongoing Speechy Conflict. This post is merely my attempt to popularize his results, with a picture of a scantily clad woman at the end as a kind of gift for anyone who is willing to read a couple of hundred words about such things as IP addresses. So let's get to it, shall we? Bucket's writes:

It has been alleged, both in CHRC Tribunal hearings and later through innumerable internet and print publications, that this someone must have been Canadian Rights activist Richard Warman, based on the fact that a posting from several weeks later, that he has admitted to have written, also bore this IP address.

What Buckets has discovered (with a little help from people like RB and Nbob and, I would like to think, yours truly) is that this IP is assigned to a Rogers Communications regional proxy.

Back in the early days of cable Internet, one of the big concerns was with the amount of Net traffic that high-speed users would generate. This was roughly around the time of Napster's debut, and the rise of other band-width hogging P2P programs (I began subscribing to Rogers high-speed in 2000 so as to better download material from Napster). One solution to this problem was the idea of a "proxy server". Lets say you wanted to access CNN. Pre-proxy, you would type in an IP, and the message would be sent to your ISP and then, by a series of hops and skips from machine to machine, down to the machine (lets say it was in Atlanta) on which CNN was hosted, and then back in another series of jumps. But Rogers (and others) discovered that it was far more efficient traffic-wise to route all of these requests to a regional proxy, a machine that would then send a request on behalf of your home computer down to Atlanta or wherever, and once the request had been fulfilled, send the results back to your home computer.
This method had a further advantage in that content from popular websites could be stored on the regional proxy. Instead of news fans (with the Rogers service) bombarding CNN computers down in Atlanta, their requests would be terminate in the proxy. Every once in awhile, the proxy itself would query CNN and bring back new content, which it stored in a cache. Thus any number of hops and skips (traffic) were eliminated, and everything sped along nicely. The important point: if someone had examined the CNN logs down in Atlanta, they would see the IP address of the regional proxy, not the IP of the PC which sent the original request to the proxy.

To say it again: 66.185.84.204 is the IP of one of these intermediate machines, not of someone's home PC.

So, how many people would have been served by one of these regional proxies? In other words, what are the odds that Warman wrote the Anne Cools post? After all, he did send requests to Freedomsite though this proxy on several occasions. Bucket's writes:

So, how many potential Rogers customers might have made that racist Cools post?

Probably all of them.

As we have seen (here), the proxies are not geographically limited, but serve all areas of the province.

Now, according to this, Rogers had 800,000 Internet subscribers in March 2004. The same link states that 90% of cable subscribers are in Ontario, which implies a pool of about 700,000.

The Cools poster could be almost any one of them.

Now, a couple of things in conclusion. Some of my older posts on this topic may have been a little obscure. Originally, it seemed that, since Rogers assigns personal IP addresses dynamically--they write somewhere that these can "change at any time"--the object of the investigation was to discover how often they change and among how many people they can get shuffled. As Buckets came to favor the regional proxy theory, my understanding did not always accurately track what he was on about. If you re-read some of my older posts on the topic, keep this in mind.

Also, though currently attached to an IT department, I am at best an "honorary nerd" and, in regards to on-line investigating, a mere hobbyist. Furthermore, I know very little about Buckets real-life background, but I would certainly pit his knowledge against that of a couple of Nazis, which is what the competition amounts to in this case.

And now here is your girl. She too is a nerd, or at least says she is. Furthermore, I would have also thrown in a few fart jokes to liven up the above, but its early and I couldn't think of any. Feel free to add some of these in the comments.

10 comments:

Somena Woman said...

What's really sad is that JUST like with the Grewal tapes, I doubt that ANYTHING ANYBODY says which contradicts the caterwauling going on in Right-Wingnuttville is never going to get attention paid to it.

There are probably STILL people in Blogging Tory land who really think that the Grewal recordings were never doctored.

Also, with respect to all that screeching going on over the Warman case, it reminds me of something...

Hmmm...

If I could just put my finger on why this seems like familiar territory.

Oh yeah...

Now I remember

http://tinyurl.com/6pja8s

Ti-Guy said...

You notice how firmly the users "lucy" and "90sAREover" have been associated with one IP based on the information Lemire released. If a representative sampling of different users from his side were conducted and similar information released, I wonder what that would look like?

There has never been any proper evidence on this issue...maybe at some point, when it's demanded, we will see it, but I doubt it.

Anyway, Buckets post provided a reminder about googling your own IP; I just googled mine and nothing turned up.

bigcitylib said...

Well, Grewall never ran again.

Nice to hear from you Meaghan. I didn't even realize you were still writing. You must have dropped off the progblog role, no?

James Curran said...

That girl in the picture sure is nerdy.

Somena Woman said...

Hey BCL..

Yep I dropped prog-blogs. It's just that as much as I enjoy my time in prog-blog land, I am not really a left-leaning progressive. I'm more of an anarcho-libertarian and I just found that I had very little agreement over time with the vast majority of prog-blog posts.

I'm still on the non-partisans roll though.

Anyhoo - thanks again for the Buckets link! Maybe some people will see it!

Mark Richard Francis said...

Sexy chick in picture...droolllll...

Oh, I'm back.

Given that I was a Rogers customer back in 2003-2004, that I was residing in Ontario, and posting on FD back then, there seems to be a good chance that I had a post or 10 go up under that IP.

Ok, I confess. I wrote the Cools post.

Just kidding.

bigcitylib said...

Mark, have you thought about trying again with your "tip jar". The time may be ripe.

lance said...

BCL.

You were right. I was wrong. Mea Culpa, as my new post says.

Excellent work by Buckets.

Cheers,
lance

Unknown said...

A few comments on Bouquets of Gray's April 10th. blog:

To quote:

"For your own curiosity, take your own IP (you can get it easily here) and google it. Do you see any traces of your own surfing? I can't find any of mine."

Googled my IP adress, 5 hits, but none related to IP adresses. So far so good.

"Why does 66.185.84.204 leave hundreds?"

Uh, not "hundreds" of hits, 98, but close enough. But things, I think, are slipping.

Because it's a proxy . . .

I don't think so.

A simple glance at the results indicates that the majority of Google hits for the IP adress relates to other blogs discussing the ongoing HRC bunfight.

Nearly all of the rest of the hits are simply random, and irrelevant.

Am I missing something or is the analysis just poor?

lance said...

Paul, you're missing something.

The analysis isn't a complete read without going through the research that backs up Bucket's claims.

What you did is akin to trusting a climate model without understanding the data or the code.

Start at the bottom on Buckets page and read up.

The evidence in short:

- S/he found numerous entries going all over the place from the IP and similar. This alone isn't enough and is the reason for my questioning BCL and Buckets previously.

- Buckets then found further logs that created the picture of the 42 web caches (wc) including the IP in question.

- Buckets then showed logs _and_ an old FAQ that proved that not only are the wc's regional caches, but are claimed to be fail-over/to (load limited/ load balanced) regional caches.

As far as I am concerned Buckets explanation is more than sufficient; it is adequately described, rigorously researched and the conclusions are well within reason.

Having said that, there are still many questions.

- I may have missed a line, but I didn't see anything that linked the 204 IP directly as being load-limited or that it accepted requests from other wc's. As far as I could see it was established only that it was a proxy.

- Time of Day of the proven mapped load limits. This would give us an idea of what the load limits were and when they are triggered. This is important because it would help us understand when a query from a client would be likely to have been shifted to another wc or passed straight through.

- More 2003 data. I brought this up before, and my issue then still stands.

Now having added those, I still have to say that Buckets, BCL, Mark, etc. went to an amazing amount of work collecting and analysing that data.

All of this is circumstantial because it isn't built from what is there but from what _isn't_ there. (Which is why it was so much work).

As I stated in my now deprecated posts the definitive answers are in the server logs.