Some day maybe I shall write a the history of our detector as well, as it has funny stories and fatigue as well, but until then here is a short technical introduction regarding our yahoo detect services.
The principle on which the detectors are working is in the matter of fact relatively simple and I shall describe it in this article. On a server the site is hosted and on this site the user will come and enter the messenger ID of a friend in the textbox and press enter. In this moment the verification request of the ID is taken and sent to the detection robots. These robots take the ID send the vulnerability package to Yahoo, which also sends an answer which the robots will interpret. The key of detection is this interpretation, as according to this result the robots will know the yahoo status, whether the ID is invisible or offline. The result then is sent to the website where the results are shown to the user. Basically it is a change of packages/information between two messenger IDs, the robot’s and the person’s who is being checked.
Obviously the above description is almost absurdly simplified, but I can mention that there are a lot of protection systems and validations which have to be realized in the background of the pages which users can see, but the big picture is what had been described above. Because our robots are doing the work behind a person can detect an ID even he think, believe or is sure he is on victim’s ignore ID list also called block ID list.
About the robots it is worth to specify one single aspect that is very tightly tied to the false status that the detector sometimes can give back. The robots connect to several Yahoo servers, and some of these differ from one another from the protocols and installed applications’ point of view. Simply put, on some Yahoo servers the vulnerability is simply not working any more. When it comes to the change of packages between the two messenger IDs, on some servers the answer is not the “standard” one, or the one expected. This implicitly leads to a false result. Luckily these servers are very few, which leads us to our conclusion, if other detectors are saying it and they are giving back even more false results than IMvisible, that the yahoo detect is working 100%.
One last thing that is important to mention is, that due to the processes that are running in the background, the person who is verified will never find out about the verification. As for the person initiating the verification he or she will keep his anonymity as well.