by Don Park
at 2007/01/18 07:18:50
I've just added preliminary 9-block IP identification feature to Daily, my blog server to enhance commenter identity beyond name and website. Basically, what I am doing is using a privacy protecting derivative of each commenter's IP address to build a 9-block image and displaying it next the commenter's name. To see this in action, you'll have to drill into the post view to see the comments.
The derivative is currently first four bytes of SHA1(IP + salt). Since dynamic IPs change, you'll see 9-blocks change over time for a particular user. But it doesn't seem to change often enough to affect IP identification within typical comment activity clusters. I could reduce this problem by changing the derivative to SHA1(CIDR(IP) + salt) but CIDR blocks could get pretty big. I am looking into ways (i.e. identify router-level blocks) to solve this problem.
Anyway, you can see your 9-block by commenting to this or other posts. I'll add a couple of test comments to start with.
Update:
Anything new needs a good name so one can refer to it easily. My first choice was identicon but I've decided to go with identiglyph or idglyph because identicon was used elsewhere. I am back to being undecided. Identicon is just too perfect. I hate being wishywashy.
Update 2:
Source has been released.
Update 3:
The number of comments to this post is getting rather unusually large which interferes with user experience. How about giving my other posts, like Identicon Explained, Application Ideas for Identicons, Identicon-based Anti-Phishing Protection, Canvas-based Identicon, or Third Party Identicons some of your identicon love? :-)
Comments
This is a test of 9-block IP feature
btw, you can generate 9-block in any size like with following URL:
http://www.docuverse.com/blog/9block?code={32-bit integer}&size={16...64}
http://www.docuverse.com/blog/9block?code={32-bit integer}&size={16...64}
Mad scientist stuff, I think.
Can you draw me with a cowlick?
So the point is some sort of visually apparent deniability when it comes to others making comments in my name? Nice and fast, I will add.
Don, yes. Not so sure about the code being fast under heavy load though. Every image is being rendered on the fly then scaled downed using bicubic scaling algorithm for quality sake. I'll add caching and other stuff later.
Interestingly enough, following post shows that comment spammers are using many bots working in parallel, each with a unique IP address.
http://tinyurl.com/36r8co
Interestingly enough, following post shows that comment spammers are using many bots working in parallel, each with a unique IP address.
http://tinyurl.com/36r8co
Testing. Wow, this is a really neat trick.
It's funky, but alas my IP address changes quite frequently (I go home, to my ADSL, and leave the office.)
Maybe you could use a unique number in a cookie. This, of course, would bite everyone who has more than one computer (and/or browser) but given that people seem to change computer less often than IP address...
Then again, maybe people just don't like cookies...
Maybe you could use a unique number in a cookie. This, of course, would bite everyone who has more than one computer (and/or browser) but given that people seem to change computer less often than IP address...
Then again, maybe people just don't like cookies...
Very cute indeed. A nice idea well implemented.
The curiosity is killing me! :-)
Cool! Wonder how mine looks...
This is pretty cool. Question - what if a visitor regularly uses 2 or different computer to post from? There's gotta be a way to adjust for that. This is a great proof of concept. I hope you can develop it further.
Another test. This post is going to have the worthless comments ever, heh.
Want to see which is prettier... my employer's IP address, or my home one... This is from work.
Want to see which is prettier... my employer's IP address, or my home one... and this one is from my home PC.
Oooh. Home network wins by a landslide.
So far, David's IP is winning the look contest. :-)
Yay! Never thought I would win a beauty contest :-)
It's almost viral in the way people get excited about their IP's look. LOL.
I wonder what mine will look like.
Very cool. Would be a great visual clue in threaded bulletin boards, slashdot comments, and the like.
This is pretty cool. Will you be releasing the source code so we can all play without hammering your server?
Very cool stuff :)
Brilliant! Despite some of the caveats mentioned by other posters here, I love the concept.
Checking out the look, this is from my work IP...
Although I've got a few ideas I haven't rolled into it yet, I'll release the source if there is a lot of interest.
That's very cool. I'd be interested in the source.
I wish I could say something meaningful but nobody will believe me just because I work across the room from Jeremy..
This is a fantastic idea.
And I'm not just saying that because I want to see my little icon design thing.
And I'm not just saying that because I want to see my little icon design thing.
Awesome! Dugg.
Come to think of it, it's rather backward to see your 'identicon' (too bad the domain is taken) after you post. I'll fix it later so people can see it in the comment form.
Very pretty.
This is pretty cool, because it adds a way to quickly visually identify the poster, in a way that provides at least a moderate amount of verification. But as I can see here, the icons vary wildly (the nature of the radomization from sha()), so it's just a glyph; there's no additional information one can get from it.
I wonder if you couldn't use color, or multiple glyphs, to indicate netblock "regions"; it might be interesting to have some similarities between glyphs that are all from Comcast or China, as well as differences for the individual poster. Might help with comment moderation (i.e., behind the scenes) too, for those sites getting lots of comments (and the inevitable comment spam).
I wonder if you couldn't use color, or multiple glyphs, to indicate netblock "regions"; it might be interesting to have some similarities between glyphs that are all from Comcast or China, as well as differences for the individual poster. Might help with comment moderation (i.e., behind the scenes) too, for those sites getting lots of comments (and the inevitable comment spam).
Nice idea. I used MD5 and just gave the raw digest on my site (not currently enabled). But the visual conversion is much nicer.
Aldrete: Yes, adorning the image with meaning visual hints to mark anonymous proxy was one of the ideas I was planning to add. Since images are small and don't have much room, two or three part glyph approach might be better though.
Well now I've just got to see what my IP looks like here at work. =)
Very nice. I'd be interested in the source, too.
Two additional thoughts/points:
1. The salt must be sufficiently large to prevent attack.
2. On the CPU issue, an option is to pass the hashed IP to a javascript function so that it renders client-side.
BTW, I'd be interested in getting the source code. :)
1. The salt must be sufficiently large to prevent attack.
2. On the CPU issue, an option is to pass the hashed IP to a javascript function so that it renders client-side.
BTW, I'd be interested in getting the source code. :)
This reminds me of snowflakes. One things I really REALLY like about this, is that it's very easy to spot a specific writer when I'm scrolling (since the icons are easier to catch the eye than the names).
Charles: Salt is indeed large and site-specific so identicons can't be recognized across sites. Re javascript version, agreed. The only reason I went to server-side is because I am planning to inject some extra info into identicons.
Devon: Yes, I think is particularly useful in places where content from multiple users are jumbled together, like wiki for example. This afternoon, I am seeing Ross Mayfield so I'll talk to him about adding identicon support to SocialText wiki.
Devon: Yes, I think is particularly useful in places where content from multiple users are jumbled together, like wiki for example. This afternoon, I am seeing Ross Mayfield so I'll talk to him about adding identicon support to SocialText wiki.
I think Phil Wilson’s IP look the best so far, hands down. Alex Bosworth’s is also pretty.
And yeah, I’m commenting just to see what mine looks like. :)
And yeah, I’m commenting just to see what mine looks like. :)
Yours ain't bad either. Kinda robot thing going on there. :-)
Depending on the extra info, you could still do this client-side. But I guess if you generate the identicon (I also like IPglyph :p) on a cache miss, then the overhead is small anyway.
Also, in my implementation, I drop the last octet from the hash and provide this in the clear at the end (as a crude way to catch minor changes in IP). An alternative was to provide 3 hashes (full, 3 octets, 2 octets). As you can see, my ideas don't bother to future proof for IPv6 :)
Also, in my implementation, I drop the last octet from the hash and provide this in the clear at the end (as a crude way to catch minor changes in IP). An alternative was to provide 3 hashes (full, 3 octets, 2 octets). As you can see, my ideas don't bother to future proof for IPv6 :)
and mine?
Interesting and Cool. I'll try to think of a good name, but I typically suck at making up names.
There are soooo many ways you can expand this project. Making the icons a little bigger could be a start, but other than that I think you pretty much nailed this.
I'll be checking back soon :)
--Jon Z
There are soooo many ways you can expand this project. Making the icons a little bigger could be a start, but other than that I think you pretty much nailed this.
I'll be checking back soon :)
--Jon Z
Since the identicon is not yet visible without posting... I'll just have to post. Awesome idea!
Brilliant idea, I must admit I'm only replying to see my own identicon, but I guess that proves that the idea works somehow! ;)
Jon, you can get larger version of the icon by adding 'size' parameter.
For example, view following tinyurl to see 40 pixel version of your identicon.
http://tinyurl.com/3cpcaz
In the next version, I'll show larger version on mouseover or click-through.
For example, view following tinyurl to see 40 pixel version of your identicon.
http://tinyurl.com/3cpcaz
In the next version, I'll show larger version on mouseover or click-through.
You should really show an identicon at the bottom to prevent people from posting comments to see their identicon.
Awesome idea! Of course, I'm just commenting to see what mine looks like ;-)
Charles: Yes, I mentioned in my previous comments. For now, load is not significant yet and I am interested in people's reactions.
That's cool. Size parameter, got it. Thanks Don!
--Jon
--Jon
Love it. Of course, the dynamic nature of cable modems and whatnot make this a bit of a problem...
joshua: I have a workable solution in the pipeline. Since I am an army of one and not a dual core at that, it'll take some time to code and deploy. :-)
Meanwhile, I think identicon is reasonably effective within a single discussion thread over half a day to a couple of days which fits blog comment use case fairly well.
Meanwhile, I think identicon is reasonably effective within a single discussion thread over half a day to a couple of days which fits blog comment use case fairly well.
Just a negative example.
This is awesome! I want it for my sites. :)
cooll...whats mine :)
Just joining in to see mine (at work).
This looks very nice :)
don't even need a mirror to check out my identicon
Is e-mail or other asserted identity information mixed in to distinguish multiple commenters behind the same firewall?
Perhaps not.
ipicon, ipimage, ippix, ipident, ipme...
hey babe, what's your sign?
Totally useless post to satisfy my own curiosity.
Yeah, just curios, too
Very nice.
Very nice, indeed. (now on Hotspot Shield VPN)
ipicon does sound nice
Wow this is really cool.
Lovely! Wonder what mine looks like...
Love the idea. Good use of hashing to obfuscate and add functionality at the same time!
hehe, my ip just reset so i came to see the change :)
From Barcelona we have......
Love it!
whee!
I've been thinking a LOT about the name, and I believe (remember, this is just my humble and worthless oppinion) that the name should have "ip" somewhere in it, since that's what defines the "service". I've been trying hard to think of such a name.... can't come up with a good one, it's hard!
identicon sounds like just another gravatar/avatar wanna be. You have to come out as different, unique, awesome, cool, the next new wave....
You're 90% there though: you have a working product. Keep up the great work and I'll back you up on whatever name you choose :)
--Jon Z
identicon sounds like just another gravatar/avatar wanna be. You have to come out as different, unique, awesome, cool, the next new wave....
You're 90% there though: you have a working product. Keep up the great work and I'll back you up on whatever name you choose :)
--Jon Z
Cool.
Trying again from home.
What did you code this in? Can you release source code?
Very clever and creative idea! -Edwin
Nicely done, but mostly just a fun project, not really something for in "the real world". (Heck, I had to type something to see my Identicon[tm]!)
It looks like your server is straining, been on your page for over 3 minutes now and only 50% of the images have loaded.
Would be good to have the source code available.
Would be good to have the source code available.
Nice! Now I've just gotta see what this looks like for me...
This is quite cool.
Wonder what mine looks like?
One problem however: What if I post from multiple locations? (Work and Home for instance)?
And how about 'My-con' for a name?
One problem however: What if I post from multiple locations? (Work and Home for instance)?
And how about 'My-con' for a name?
Hi Edwin. Where have you been hiding? Ah, just a stonethrow from where Collaxa was. Hope you are having fun there.
Nice idea! But how many people like tin_the_fatty up there get branded as Nazis?
Right. That's on the list of todos which may get foreshadowed by persistent identicon support since that will allow people to choose their identicons.
Another "me too". Very nice. Is the algorithm not reversible?
Wicked. And I like my identicon... In the coming months I am going to travel a lot in Asia, I guess I am going to gather a nice collection of them. :-)
Jadon, the short answer is that it's practically not reversible.
The longer answer is that the algorithm is reversible by either brute force or some weakness in SHA1 algorithm which is a computational equivalent of a very rough surface onto which a ball is bounced off of. The amount of brute force necessary is directly related to the exact shape of that rough surface and is determined by the salt used by the identicon provider. If the salt is too small then an attacker can find the salt value by trying different values until the target code is generated from the source IP.
Combine that cryptofuggery with the reward (rather lack of) of successful reversal and the answer is that there is no reason for anyone capable of thinking to attempt reversal for anything other than high risk use cases.
The longer answer is that the algorithm is reversible by either brute force or some weakness in SHA1 algorithm which is a computational equivalent of a very rough surface onto which a ball is bounced off of. The amount of brute force necessary is directly related to the exact shape of that rough surface and is determined by the salt used by the identicon provider. If the salt is too small then an attacker can find the salt value by trying different values until the target code is generated from the source IP.
Combine that cryptofuggery with the reward (rather lack of) of successful reversal and the answer is that there is no reason for anyone capable of thinking to attempt reversal for anything other than high risk use cases.
Hi dda, sorry I missed your pass-through SFO. Let's get together for a drink next time you are here. Hope you and your gal are swell without swelling. ;-p
Very cool idea. Assuming Apple or Cisco haven't already trademarked it, how about iPcon (pronounced eye-p-con)?
iPcon is cool too but I originally came up with this idea to be used as an easy means of visually distinguishing multiple units of information, anything that can be reduced to bits. It's not just IPs but also people, places, and things.
IMHO, too much of the web what we read are textual or numeric information which are not easy to distinguish at a glance when they are jumbled up together. So I think adding visual identifiers will make the user experience much more enjoyable.
Anyway, that's why I felt identicon was a better fit.
IMHO, too much of the web what we read are textual or numeric information which are not easy to distinguish at a glance when they are jumbled up together. So I think adding visual identifiers will make the user experience much more enjoyable.
Anyway, that's why I felt identicon was a better fit.
Don, even I stopped swelling ;-)
My trip[s] to SF were indeed short. Next time I'll give you some advance notice!
Say, your source code could do with some comments, or, alternatively – since I suspect my limited knowledge of Java is the reason I have difficulties deciding what happens in the renderer – an algorithm would be cool.
My trip[s] to SF were indeed short. Next time I'll give you some advance notice!
Say, your source code could do with some comments, or, alternatively – since I suspect my limited knowledge of Java is the reason I have difficulties deciding what happens in the renderer – an algorithm would be cool.
Hehe. I know. I know. It wasn't ready for sharing but they asked for it so I obliged. I still got some cleaning up to do before sprinkling comments so developers who go blind easily should drink a bottle or two of fine french wine while waiting.
cool, like it
"developers who go blind easily should drink a bottle or two of fine french wine while waiting."
That's my department, and can be arranged :-)
That's my department, and can be arranged :-)
This blog post is almost guaranteed to have one of the longest comment threads ever :)
And you broke the 100 mark. Hurrah! ;-p
Very cool.
This one looks cool on the comment form header. How well does it scale?
mine's ugly :(
I've written a PHP implementation. Currently the glyphs are generated on-the-fly but I'm working on a cache. Please take a look at:
http://digitalconsumption.com/forum/180
It would be good to get some testing. Note that I used two colour glyphs which don't quite have the simplicity of a single colour glyph but they can store more information.
http://digitalconsumption.com/forum/180
It would be good to get some testing. Note that I used two colour glyphs which don't quite have the simplicity of a single colour glyph but they can store more information.
A few notes on my implementation.
- I did it from scratch without reference to Don's code and so the principle is the same, but the implementation is different.
- I used my own set of blocks. In particular, I replaced those that were invariant under 90 degree rotation with those that are not. This is because I use 2 bits of entropy to determine the rotation of a block.
- Glyphs sizes are in multiples of 3 and sizes above 24 are drawn directly but those smaller are drawn at 24 and then re-sampled down to the smaller size to give a better appearance.
- I did it from scratch without reference to Don's code and so the principle is the same, but the implementation is different.
- I used my own set of blocks. In particular, I replaced those that were invariant under 90 degree rotation with those that are not. This is because I use 2 bits of entropy to determine the rotation of a block.
- Glyphs sizes are in multiples of 3 and sizes above 24 are drawn directly but those smaller are drawn at 24 and then re-sampled down to the smaller size to give a better appearance.
i look forward to take it to my blog highly cool stuff!!!
this looks good
this looks good
This is very cool. Good idea.
Unfortunately, there's a high likelihood for these 9-block designs to look like swastikas.
Since mathematical analysis is not enough to detect all of the values that might resemble bad symbols, image analysis must be applied to all the values to build an efficient hash filter. Thankfully, this has to be done only once.
So far, I think mine looks to be the most swastikas-like of the lot. As everyone has said, though, this is extremely cool.
The reason I came to comment though: the example images in your feeds don't seem to be working (both RSS and Atom). I suspect because they don't have the benefit of the HTML base element.
I would hate for your RSS readers to miss out on something as pretty as this. :)
The reason I came to comment though: the example images in your feeds don't seem to be working (both RSS and Atom). I suspect because they don't have the benefit of the HTML base element.
I would hate for your RSS readers to miss out on something as pretty as this. :)
I like mine! :)
Interesting, mine is somewhat tribal looking.
This is the coolest thing I've seen in a long time! And a great example of opening the source and watching people go wild with it. Yay for creativity + FLOSS + the Net + people!
I want to get a tattoo of this :)
James, the bug is on my todo list.
Nancy, I was surprised too by how excited people got. I'll flip out if I see people wearing identicon tattoos like dc is saying. Ha!
Nancy, I was surprised too by how excited people got. I'll flip out if I see people wearing identicon tattoos like dc is saying. Ha!
I like my own. Thanks.
Nice idea. As stated before, this is flaky for those using computer in multiple locations, but anyway, this is definitely a nice application
It'd be cool if this generated the an Etag http header based on the ip address. Do caching proxies match etags at different urls?
Oh look there, the source code version does support Etags... great minds, etc!
think alike? :-) actually, ETag works better than modification or expiration date for resources like identicon which is why I did this.
No good idea goes unpunished: I wonder how many folks will choose not to comment if they get assigned a dorky-looking identicon. Maybe you should remove the preview -- mine's pretty gross. BTW, I think Phil Wilson's is the best looking one up there so far.
For the name, I like "ipenticon". Sophisticated but meaningless.
Very cool idea.
These are the types of projects that make me glad I'm in this area.
These are the types of projects that make me glad I'm in this area.
Thanks Sputnik, er, Jesse. ;-)
I have to know. Awesome.
To avoid swastikas, you could perhaps try using left-right mirror symmetry instead of point symmetry around the center?
Very cool idea. I like my icon. :)
Ooh, I like mine.
Hi Flaky. Caught your comment just before bedtime. :-)
I am planning to add other symmetries as well as new patches but it would be a shame to give up the basic 9-block symmetry just because of the swastika. Also, I would prefer introducing a general filter for undesirable shapes using visual analysis because there could be other culture-specific taboo symbols.
Thanks for the thought though. I am going to bed now before my wife kicks my ass.
I am planning to add other symmetries as well as new patches but it would be a shame to give up the basic 9-block symmetry just because of the swastika. Also, I would prefer introducing a general filter for undesirable shapes using visual analysis because there could be other culture-specific taboo symbols.
Thanks for the thought though. I am going to bed now before my wife kicks my ass.
Mine is pretty boring!
This is cooler than this morning! (Which is -9C/16F where I am)
Very cool. A couple of them are very reminiscent of swastikas, I've noticed. Was this intentional?
testing testing 1 2 1 2
Where do I want to go ?:)
Gotta do it
Yeah, you guessed it, another test. Nice idea man, really sweet and nice.
ping
Mine is pretty cool.
Wonder what mine looks like :-)
I just wanted to see...
Hoh-ho my icon is different
Awesome idea! I'll definatly be using a derivative of this for my forum (7000+ members).
very nice
So, this is how an indin IP address will look like ...
Nice!
Nice!
Im in dubai :)
Boing!
This comment was sent from the office - will repeat from home tonight, to see the difference
curious
I rather like mine, although I would have preferred something in a nice shade of blue.
Lets c the difference...
I had to try. Nice idea!
Excellent idea!
Uhm .... i don't like that my identicon looks like a swastica.
Oh, btw, I'm from Germany ... and this might just be the first offending identicon - woooohoooo, I'm a first! :D
... well, but other than that, it's cool! :)
Oh, btw, I'm from Germany ... and this might just be the first offending identicon - woooohoooo, I'm a first! :D
... well, but other than that, it's cool! :)
This could also be a good idea for online games to identify players. Just texture the back of each player using the identicon ;)
Btw, i just noticed we (german subsidiary of a US company) have a static IP address ... my colleagues all see the same swastica icon - ouch!
Just to get my identicon - cool
Nice idea Don.
This may be useful for online communities that require users to login before posting simply because it makes it easy to identify comments from the same person. Just hash the user's login name instead of their IP.
This may be useful for online communities that require users to login before posting simply because it makes it easy to identify comments from the same person. Just hash the user's login name instead of their IP.
Well, I can see mine without posting, but what the heck. I'm not excited by it - I think I need to change IP address! And from home I'm going to vary according to my ISP's whim.
I wonder if something based on, say, a hashed-up GUID might be worth playing with?
I wonder if something based on, say, a hashed-up GUID might be worth playing with?
Great idea.
What does my IP look like? Hmm...
Well, lets see what all the hype is about.
let's see
getting a tatto
Huzzah!
mine couln't be more boring!
Nice idea.
Hmm, I think that someone's going to end up having a swastika though...
Hmm, I think that someone's going to end up having a swastika though...
I like mine.
I like it so much that -with your permission- I'd like to publish a notice in spanish magazine dotNetMania, if you don't mind.
let's see
<img class="comment_identicon"
src="http://www.docuverse.com/blog/9block?code=296742454&am