Security and Privacy

How secure is the system? Can someone take it over?

We've built in many safeguards to prevent anyone from taking over the system. For example, the probes don't have any open ports that you can connect to (even locally) - they only support outgoing connections. We also use mutual authentication between the probes and the infrastructure components. Of course, we cannot be absolutely certain that an attack could not be carried out. We believe that the limited capabilities and the obscurity of the individual probes make the system an unattractive target, and that the current protection mechanisms are adequate.

Are the locations of probes made public?

Locations of all probes, whether they are marked as public or not, are irreversibly obfuscated up to one kilometre away. When viewing your own probe's page, the real location will be displayed. Note: coordinates obtained via the REST API are always obfuscated, even if you are identified as a probe host.

Does the probe listen to my local, private traffic?

No, it doesn't. It only talks to our central infrastructure and executes active measurement commands towards the public Internet.

If you're still concerned about the probe being able to snoop, you can install it on a switch port (the home router often has this already), where it cannot hear any other traffic. Even better, you can put it behind a firewall, as long as that firewall does not prevent the probe from talking to the outside world.

Can the probe measure my local network?

Both the infrastructure and the probe code (opens new window) refuse to measure local (e.g. RFC1918) addresses. If you need to prevent measuring anything else that you consider your local network, then you need to ensure that such connections are blocked (e.g. using a DMZ or a firewall).

Will my IP address show up in measurements done by my probe?

Yes, it will, although personal information such as MAC addresses and email addresses will never be shown (although IPv6 addresses can also expose the MAC address). You can find out more about exactly what information is accessible for both probes marked public and those not marked public, in this detailed RIPE Labs article (opens new window).

Do you accept any liability for incorrect operation, disputed actions or damages caused by the probe?

No, we don't.

What information is visible to different users?

Different information is available for different RIPE Atlas users, including hosts, sponsors and the general public:

• Hosts can see all available information about their own probes, including their probe ID, their network and other configuration settings, and their uptime information
• Sponsors cannot see the email addresses of the hosts whose probes they sponsor, or the network configuration settings, but can see all other information about the probes they sponsor
• The public can see some information about the public probes in the RIPE Atlas network, including probe IDs, connection history and user-defined measurements; however, the public cannot see configuration settings, MAC addresses, DNS entries or email addresses

Is the measurement data made public?

RIPE Atlas probes collect data from two types of measurements: built-in measurements and user-defined measurements. Data from the built-in measurements is made publicly available. When RIPE Atlas users create their own user-defined measurements using the API, it is possible to create non-public measurements; however, all user-defined measurements created using the web interface are public measurements. It is also possible to switch existing measurements from non-public to public using the web interface, but not vice versa.

We want to encourage our users to make their measurements public because openly available data adds the greatest value to everyone taking part in RIPE Atlas, and sharing information is at the heart of such collaborative efforts. You can learn more about this issue in this RIPE Labs article (opens new window).