45 comments

[ 2.8 ms ] story [ 110 ms ] thread
May have a couple of bugs but one use case would be finding out that rottentomatoes.com is run by Comcast.
(comment deleted)
When run against www.ssa.gov it says "something seems to be wrong" LOL
For .gov domains it might as well just show “The Government of the United States”.
Yep, could be an easy fix huh
That's not exclusively true anymore. For example, New York City has nyc.gov .
Very cool idea. I noticed it reports that ridiculousfish.com "is run by" namecheap, but namecheap is only the registrar and does not run or even host the site.
Thanks! Yea, the problem is the registrant organization of the domain is set to Namecheap. Not sure how to get around domain privacy for now.
Maybe the extension could check the info on the SSL certificates (if available) if the domain is registered through a proxy?
This is almost necessary for the extension to be useful. A good number of domains I checked are all "run" by WHOISGUARD, INC.
Hm, do SSL certificates have information about the owner?
I think only Extended Validation (EV) certificates have this info by default :(
You could have a list to recognise proxy names and in this case display clearly that the real owner has been obfuscated...
Hmm. It can't tell me that thewaytohappiness.org is run by Scientology.

But expecting it to see through Scientology front groups is perhaps asking too much. ^^

When ran against my own domain (diegorbaquero.com) it just shows "Something seems to be wrong"
Yea, it doesn't check for registrant name atm, should probably show that, if there's no registrant org.
What would be even more useful would be a "that's surprising!" button next to the result.

When an owner is often reported as surprising for a domain, the extension should either blink or directly display the owner without being clicked.

That's awesome, add that to the todos.
Could you share a link to the repo if its available? Very cool idea!
This appears to be a private key (so no one should ever be able to read this file): https://github.com/kaolti/Who-Runs-This/blob/master/key.pem

Is this for publishing to the chrome app store? If it is, I recommend taking down the extension and republishing with a new secure key ASAP.

lol, saved my ass it looks like! Took your advice.
Haha, no worries, we've all been there!
Would be nice to note that it sends hostnames of the sites you visit in plaintext, no SSL/TLS, across the internet to:

  http://api.corpwatch.org/companies
  http://104.236.253.171:9119
Is that really stupid?
Yes.
Learned something then! Is it take it off the store stupid or just regular?
I can't make that decision for you but generally things that transmit address bar input from a browser to other locations are enough for me to ban something from a network, whether it's encrypted in flight or not. Your personal DigitalOcean server being on the other end of the entire install base's queries (a) gives me pause, given the logging opportunities and (b) will fall over if you get some installation footprint. Your decision not to encrypt means that the threat vector expands from solely you to you as well as any adversaries in between the browser and you, so it's sort of an extra bummer on top of some bummers.

A screen shot extension for Chrome did this without telling people and it became headlines. There's a reason one popular tool for finding stuff that does this is called Little Snitch.

I see, thanks for letting me know. Seems like for now the best is to republish with encryption and have a note about it so that people know.
Nice catch. 104.236/16 is DigitalOcean, so best guess would be some kind of server belonging to the author.
It is mine, yea.
I think it is better if you mask your server ip using some service like CloudFlare and assign it a domain name when making public apps with links to your server.
Thanks for all the feedback guys! Took it down for now and will republish when it's fixed.
Is that a private key to connect to your server in your repo? https://github.com/kaolti/Who-Runs-This/blob/master/key.pem
Hehe, was for the Chrome store, got rid of it now.
Sorry, man, I'd recommend you re-package with a new key, and re-publish. There are numerous sites that log all Github commits, that private key is public now. Anyone could sign any other extension as you now.