Is IPinfo safe?
-
@joshgreyz said in Is IPinfo safe?:
pfBlockerNG ASN - To utilize the ASN functionality, you must register for a free IPinfo Account
https://www.reddit.com/r/pfBlockerNG/comments/1ey2sza/update_on_asn_issues_with_bgpviewio/
-
@joshgreyz said in Is IPinfo safe?:
Is it safe to use?
That's easy to answer
How much does it cost per month ?
If zero, to be sure, stay away from it.No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
I was definitely put off by the multiple marketing emails we've received since making the transition from BGPView.
But then I also understand the rock and the hard place BGPView put @BBcan177 between. And on balance, a few spam blasts are certainly worth this service.
There's also nothing specifically concerning about the privacy policy if the IPinfo account is created using generic/anonymized 'personal' info and the API is otherwise only ever called by pfB.
Whitelist:
cdn.ipinfo.io dl.ipinfo.ioBlacklist:
pixel.ipinfo.io website-cdn.ipinfo.io [AFTER ACCOUNT CREATION] -
@Gertjan said in Is IPinfo safe?:
@joshgreyz said in Is IPinfo safe?:
Is it safe to use?
That's easy to answer
How much does it cost per month ?
If zero, to be sure, stay away from it.That was my thoughts too and it keeps spamming in the upper messages in pfSense dashboard too even if I have it disabled on the device.
Would have
you but my reputation is too low still to do that. -
@joshgreyz said in Is IPinfo safe?:
it keeps spamming in the upper messages in pfSense dashboard
please clarify this statement.
-
Personally I never had any failed updates I noticed from the old provider he used, although I deliberately put my cron at a non default time.
Since registering at ipinfo there has been a fair amount of spam, in the account section there is no means to control emails other than for statistics emails for your own lookups, on the spam is a unsubscribe link, when I clicked it, it showed I wasnt subscribed to any of their spam categories, but was a unsubscribe from all which I clicked.
I now await to see if the spam keeps coming or if they disable the account they can no longer market to.
-
@jrey If ipinfo hasnt been registered on pfblockerng, it seems to keep logging to ask the user to register, and it will put this on the pfsense dashboard, so its not just a log entry, but also a notification. I observed it on the first pfsense device I updated.
-
Hey guys,
I am the DevRel of IPinfo. I just randomly came across this thread and found it really interesting. I actually talked with BBCan17 during the integration of our data into the PFblockerNG.
I do not have extensive experience with the software nor the codebase, but I do try my best to help the community from our end. I mostly respond to subreddit posts and posts on our community platform.
BBCan17 can provide better context here, but usually when OSS projects use our free IP to Country ASN database (https://ipinfo.io/products/free-ip-database) I recommend them to integrate a project specific access token (e.g. Librespeed, Akvorado etc.)
That way user do not have to sign up for our services to use our data. Because our data is shared under CC-BY-SA 4.0, which allows commercial distribution this makes every users and project maintainers happy.
But I think in the few instances where the project maintainer did not integrate a native project-specific access token was due to allowing their users to make their decisions by themselves on whether or not to use our data. We are always happy for the project to use its own access token and not require end users to sign up on our website. We are just glad to support the project, that's all.
Advertisement and marketing communication are not my areas of expertise, but I can discuss this issue with teammates. In terms of sharing data with big tech, I think it is just standard boilerplate policy statements. For example, if you use Google Analytics on your site, you are technically sharing your site traffic data with Google. The same thing applies to some of the marketing analytics tools we use on the site.
However, this does not impact you if you are only using a static local offline database that contains our free IP to Country ASN data.
How much does it cost per month ?
If zero, to be sure, stay away from it.The intention for our free database is to support developers to be honest. We are relatively small company and majority of our team consists of developers and led by a developer.
When you make a request to download the database we do have some logging information, but after it is on your offline local storage we have no idea what is going on there. It is a database, which is local, static and offline.
So, what do we actually get out of it? Developer goodwill.
At the end of the day, our product is used by developers. We always prioritize having a good relationship with developers. So, this is our attempt at giving back to the community. Major OSS projects use our data that ranges from FOSS projects, Linux Distros, to even beginner programmers. Our intention is to make sure we are always there for developers and will always be there. Developers use our data, and win the hearts of developers we are giving this data for free.
I would like to apologize if there is any perception about us trying to gain anything from the community. I have been asking PFblockerNG community for months to integrate our data in to the software because the community would sometimes complain about IP geolocation issues. I always hang around in the subreddit and would like to actively help around. I was genuinely quite excited when our data integrated in the software.
We are currently making an engineering investment to improve our data for PFBlockerNG based on the recommendations shared by BBCan17. We hope that the community understands our commitment to the project.
If you have any questions for me, please leave them in our community platform (https://community.ipinfo.io/) or ask them in PFblockerNG subreddit.
Best Regards,
Abdullah
Developer Relations (DevRel)
IPinfo.io -
@jrey I login to my pfSense dashboard and there are now 320 "notices" on the top of the dashboard all stating the same thing:
pfBlockerNG ASN - To utilize the ASN functionality, you must register for a free IPinfo Account. Review IP Tab for more information. @ 2024-11-30 17:01:57
If I clear all these "notices" and then disable the setting in pfSense, I still end up with hundreds more "notices" starting the same error message above.
-
@joshgreyz said in Is IPinfo safe?:
I login to my pfSense dashboard and there are now 320 "notices"
Sounds like a problem, certainly not "spam".
Just to clarify you are NOT using ASN - certainly no obligation to register if you are not using ASN, so it sounds more like a problem with system trying to use the ASN data (when it shouldn't if you are disabled) -- I only tested during the development and clearly not a case I experienced, but then I also went directly from the old ASN provider to the new one. Other than during the registration process, I've never received an email from the provider, or as a result of the registration from anyone else related (easy to tell).
The download of the ASN data is tied to a cron job. That cron job should not as I recall even be created unless a "key" has been entered (but let me check) That cron job should also only runs once per day, so 320 + notices seems unlikely to be from that, since the update hasn't been out for that long.
More likely is that you have an ASN referenced or called in one of your lists/alias Double check your feeds for an ASN entry. The update the "feeds" job could run as frequently as 1 hour depending on your settings and it would tell you are that point that you need to have a key to use the referenced ASN. But the two jobs are completely unrelated as to when the key is needed (once per day), vs a reference to use a ASN which doesn't exist that could run every hour.
what do you see in the pfblockerNG extras.log (the actual down load is logged here) ?
what do you see in the pfblockerng.log (the feed updates are logged here) ?Error messages in either ?
Confirm the version of pfblockerNG you are running and on what pfsense version
Thanks
-
so the only way I can see, that you would see that message with any frequency is; if as I've described above you have a feed requesting an ASN
$row['format'] == 'asn' <-- is it in a list ?
and then have no key.
empty($pfb['asn_token']) <-- you need a key to use the ASN you have requested.
// IPinfo ASN Token verification if ($asn_run_once && $row['format'] == 'asn') { $mmsg = 'To utilize the ASN functionality, you must register for a free IPinfo Account. Review IP Tab for more information.'; if (empty($pfb['asn_token'])) { pfb_logger($mmsg, $logtype);double check each of your IP lists for an ASN entry, remove then entry requesting it OR get a key.
-
@Gertjan said in Is IPinfo safe?:
How much does it cost per month ?
If zero, to be sure, stay away from it.so then based on this advice, as funny as it is meant to be, and according to the original poster's previous questions about the CE version of pfSense (which is free) you'd suggest it should be avoided too.
-
@jrey said in Is IPinfo safe?:
so then based on this advice, as funny as it is meant to be, and according to the original poster's previous questions about the CE version of pfSense (which is free) you'd suggest it should be avoided too
pfSense, the binary, the installer, or the ISO yes. Great for testing it, so you can verify if you (really) need it.
Using pfSense is another thing.
Using it on a dedicated device and as others have already determine that it works fine on a 4100, got one. Setting up a backup plan. Managing the power farm : UPS and setting that up.
And the ever ongoing learning process.... My time can't be really expressed in money, but if I transform all my time invested in pfSense into something else that brings in revenue, I would be driving a Ferrari by now.Btw : even pfSense Plus, in a sense, is free (I never paid for it)
-
@Gertjan Just a friendly poke -- I took your post as "funny, as it is meant to be" - others it appears, assumed you were serious about avoiding it because it is "free". I'm a "
paidfree" user as well, with real netgate gear, but that wasn't the point. The person raising the question has a configuration (or other issue) it has nothing to do with it being product or list being "free" or "spam".
