From 6eb1097177e1c973cbc51a102846e3513f728781 Mon Sep 17 00:00:00 2001
From: Rick Dicaire <ardy@str002.ldev>
Date: Thu, 22 Jan 2026 19:02:57 -0500
Subject: [PATCH 01/20] 1st

---
 _posts/2026-01-22-Mitigate-Correlation.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 _posts/2026-01-22-Mitigate-Correlation.md

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
new file mode 100644
index 000000000..4cda0b210
--- /dev/null
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -0,0 +1,15 @@
+---
+layout: post
+title: "Mitigating User Tracking Caused By Correlation Attack"
+lang: "en"
+author: "@rdica"
+heading: "Mitigating User Tracking Caused By Correlation Attack"
+---
+
+By default the Jamulus protocol does not map usernames to IP addresses in any publicly available data.  
+However it is possible to execute a correlation attack to achieve user&lt;&dash;&gt;IP mapping.  
+This was first reported to Jamulus developers here: [https://github.com/orgs/jamulussoftware/discussions/3545](https://github.com/orgs/jamulussoftware/discussions/3545)
+
+<!--more-->
+
+## Scope

From b9b4bb9958d3c8900563c86d3dc9b2c3444b9176 Mon Sep 17 00:00:00 2001
From: Rick Dicaire <ardy@str002.ldev>
Date: Thu, 22 Jan 2026 19:17:50 -0500
Subject: [PATCH 02/20] 2nd

---
 _posts/2026-01-22-Mitigate-Correlation.md | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
index 4cda0b210..eeb652cea 100644
--- a/_posts/2026-01-22-Mitigate-Correlation.md
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -2,7 +2,7 @@
 layout: post
 title: "Mitigating User Tracking Caused By Correlation Attack"
 lang: "en"
-author: "@rdica"
+author: "rdica"
 heading: "Mitigating User Tracking Caused By Correlation Attack"
 ---
 
@@ -10,6 +10,23 @@ By default the Jamulus protocol does not map usernames to IP addresses in any pu
 However it is possible to execute a correlation attack to achieve user&lt;&dash;&gt;IP mapping.  
 This was first reported to Jamulus developers here: [https://github.com/orgs/jamulussoftware/discussions/3545](https://github.com/orgs/jamulussoftware/discussions/3545)
 
-<!--more-->
-
 ## Scope
+
+This document will attempt to summarize the problem, and provide mitigations for both users, and server admins.
+
+## The Problem - Pings and Join Events
+
+### Pings
+
+When a user attempts to connect to a server, they open the Connect dialog window. The client will **start** sending &ldquo;pings&rdquo; to every server listed in that genre to report delay latency &lpar;basically network distance&rpar; to those servers.
+
+Anyone running a server can capture those &ldquo;pings&rdquo; using tools like `tcpdump` or `tshark/wireshark` and view the IP addresses of the clients that are sending them.  
+**No username data is sent.** This is part of the Jamulus protocol, by design, to maintain a level of privacy and prevent others from finding the IP addresses of specific users.
+
+### Join Events
+
+A user will either select a server from the list, or type in a server address:port, click Connect or hit Enter, and the client will then attempt to connect to the server. At this point the client **stops** sending the &ldquo;pings&rdquo; and the client typically completes the connection to the server.
+
+Each genre has a directory server. The purpose of the directory server is to provide clients with a listing of servers registered to it, and the users connected to each server. This is public data, and viewed in the Connect dialog window, and available through a number of websites, like [https://explorer.jamulus.io](explorer.jamulus.io) or [https://jamulusjams.com](jamulusjams.com).
+
+Anyone can run an explorer instance. An explorer queries each genres directory server to get a list of servers, then queries each server directly to get a list of connected users. This is public data. **There is no IP address information on users, just the user profile data**. Again this is by design to prevent IP&lt;&dash;&gt;username mapping.  This data can also be saved for later processing.

From 61302508c9740eafd220ef196d0d4081eed37f08 Mon Sep 17 00:00:00 2001
From: Rick Dicaire <ardy@str002.ldev>
Date: Thu, 22 Jan 2026 19:19:39 -0500
Subject: [PATCH 03/20] url

---
 _posts/2026-01-22-Mitigate-Correlation.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
index eeb652cea..1bef39b2f 100644
--- a/_posts/2026-01-22-Mitigate-Correlation.md
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -27,6 +27,6 @@ Anyone running a server can capture those &ldquo;pings&rdquo; using tools like `
 
 A user will either select a server from the list, or type in a server address:port, click Connect or hit Enter, and the client will then attempt to connect to the server. At this point the client **stops** sending the &ldquo;pings&rdquo; and the client typically completes the connection to the server.
 
-Each genre has a directory server. The purpose of the directory server is to provide clients with a listing of servers registered to it, and the users connected to each server. This is public data, and viewed in the Connect dialog window, and available through a number of websites, like [https://explorer.jamulus.io](explorer.jamulus.io) or [https://jamulusjams.com](jamulusjams.com).
+Each genre has a directory server. The purpose of the directory server is to provide clients with a listing of servers registered to it, and the users connected to each server. This is public data, and viewed in the Connect dialog window, and available through a number of websites, like [explorer.jamulus.io](https://explorer.jamulus.io) or [jamulusjams.com](https://jamulusjams.com).
 
 Anyone can run an explorer instance. An explorer queries each genres directory server to get a list of servers, then queries each server directly to get a list of connected users. This is public data. **There is no IP address information on users, just the user profile data**. Again this is by design to prevent IP&lt;&dash;&gt;username mapping.  This data can also be saved for later processing.

From fe2fde552fb3ae12d32ea382bb2fddcff7bd85db Mon Sep 17 00:00:00 2001
From: Rick Dicaire <ardy@str002.ldev>
Date: Thu, 22 Jan 2026 19:44:07 -0500
Subject: [PATCH 04/20] updates

---
 _posts/2026-01-22-Mitigate-Correlation.md | 48 +++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
index 1bef39b2f..b152490b2 100644
--- a/_posts/2026-01-22-Mitigate-Correlation.md
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -30,3 +30,51 @@ A user will either select a server from the list, or type in a server address:po
 Each genre has a directory server. The purpose of the directory server is to provide clients with a listing of servers registered to it, and the users connected to each server. This is public data, and viewed in the Connect dialog window, and available through a number of websites, like [explorer.jamulus.io](https://explorer.jamulus.io) or [jamulusjams.com](https://jamulusjams.com).
 
 Anyone can run an explorer instance. An explorer queries each genres directory server to get a list of servers, then queries each server directly to get a list of connected users. This is public data. **There is no IP address information on users, just the user profile data**. Again this is by design to prevent IP&lt;&dash;&gt;username mapping.  This data can also be saved for later processing.
+
+### Correlation Attack
+
+Anyone can run servers **and** explorer instances.  
+Using IPs captured by a server, one can correlate **when an IP address stops pinging** &lpar;ie; just connected to a server&rpar; and **when a new client joined a server** &lpar;username data from explorer query directly to a jamulus server&rpar; to produce an IP&lt;&dash;&gt;username mapping. The IP address can then be processed to provide geolocation data. From this one can determine the location of a specific user.
+
+## The Current Correlation Attack (as of 20260122)
+
+### Listeners
+
+There are seven servers on public Jamulus space, one in each genre. They are named ***Duet***, and have a userlimit set at two. They all share the same IP and each sit on different ports.  
+These servers are &ldquo;listening&rdquo; for pings from clients, and packet capturing them to get the IP addresses of users clients.
+
+```
+Genre               Name   IP:port
+
+Any Genre1          Duet   24.199.107.192:22121
+Any Genre2          Duet   24.199.107.192:22122
+Any Genre3          Duet   24.199.107.192:22123
+Rock                Duet   24.199.107.192:22124
+Jazz                Duet   24.199.107.192:22125
+Classical/Folk      Duet   24.199.107.192:22126
+Choral/Barbershop   Duet   24.199.107.192:22127
+```
+
+### User Data
+
+There is an explorer instance collecting lists of servers and users running from **`137.184.43.255`**  
+IP addresses of users collected from the listeners are being correlated with join events derived from the explorer instance to produce IP&lt;&dash;&gt;username mappings. IP addresses are processed to provide geolocation data of users. This geolocation data is being collected **and** displayed without express permission of users, and with no means to opt in or out.
+
+**This data is also being fed into AI for various analyses**, again with no express permission, and no means to opt in or out.
+
+## Mitigations
+
+### Clients
+
+When you open the Connect dialog window your client starts sending pings to every server in the list. **`24.199.107.192`** is the IP address of one of those servers. A server using **`24.199.107.192`** exists on each genre, their names are ***Duet***.  
+Blocking outgoing **UDP** traffic on your DAW or router to **`24.199.107.192`** will prevent the listeners from collecting your IP address and break the correlation attack. This will help prevent you from being tracked.
+
+### Server Admins
+
+Server admins can contribute to helping prevent user tracking by blocking the explorer probe.  
+If you run a server on the jamulus public network, it is currently being indexed by the explorer instance on **`137.184.43.255`**  
+Blocking incoming **UDP** traffic from **`137.184.43.255`** will prevent the explorer from indexing your server and breaks the correlation attack. This will protect users on your server from being tracked while they use it.
+
+---
+
+Updated information can be found here: [https://jamulusjams.com/block-user-tracking.html](https://jamulusjams.com/block-user-tracking.html)

From 1be9eee44b7a9e96459d92ccf1a2f34e37c7aadf Mon Sep 17 00:00:00 2001
From: Rick Dicaire <ardy@str002.ldev>
Date: Thu, 22 Jan 2026 19:57:44 -0500
Subject: [PATCH 05/20] more

---
 _posts/2026-01-22-Mitigate-Correlation.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
index b152490b2..8a51ab6d9 100644
--- a/_posts/2026-01-22-Mitigate-Correlation.md
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -10,6 +10,8 @@ By default the Jamulus protocol does not map usernames to IP addresses in any pu
 However it is possible to execute a correlation attack to achieve user&lt;&dash;&gt;IP mapping.  
 This was first reported to Jamulus developers here: [https://github.com/orgs/jamulussoftware/discussions/3545](https://github.com/orgs/jamulussoftware/discussions/3545)
 
+<!--more-->
+
 ## Scope
 
 This document will attempt to summarize the problem, and provide mitigations for both users, and server admins.

From 0023b5e9c32b2064d752365117b7964ae3d21c09 Mon Sep 17 00:00:00 2001
From: Rick Dicaire <ardy@str002.ldev>
Date: Thu, 22 Jan 2026 20:00:46 -0500
Subject: [PATCH 06/20] breaks

---
 _posts/2026-01-22-Mitigate-Correlation.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
index 8a51ab6d9..ed52705da 100644
--- a/_posts/2026-01-22-Mitigate-Correlation.md
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -68,13 +68,15 @@ IP addresses of users collected from the listeners are being correlated with joi
 
 ### Clients
 
-When you open the Connect dialog window your client starts sending pings to every server in the list. **`24.199.107.192`** is the IP address of one of those servers. A server using **`24.199.107.192`** exists on each genre, their names are ***Duet***.  
+When you open the Connect dialog window your client starts sending pings to every server in the list. **`24.199.107.192`** is the IP address of one of those servers. A server using **`24.199.107.192`** exists on each genre, their names are ***Duet***.
+
 Blocking outgoing **UDP** traffic on your DAW or router to **`24.199.107.192`** will prevent the listeners from collecting your IP address and break the correlation attack. This will help prevent you from being tracked.
 
 ### Server Admins
 
 Server admins can contribute to helping prevent user tracking by blocking the explorer probe.  
-If you run a server on the jamulus public network, it is currently being indexed by the explorer instance on **`137.184.43.255`**  
+If you run a server on the jamulus public network, it is currently being indexed by the explorer instance on **`137.184.43.255`**
+
 Blocking incoming **UDP** traffic from **`137.184.43.255`** will prevent the explorer from indexing your server and breaks the correlation attack. This will protect users on your server from being tracked while they use it.
 
 ---

From e245c3166bd52fe4a317658a0a096ed601d80307 Mon Sep 17 00:00:00 2001
From: Rick Dicaire <ardy@str002.ldev>
Date: Mon, 2 Feb 2026 11:10:30 -0500
Subject: [PATCH 07/20] updates

---
 _posts/2026-01-22-Mitigate-Correlation.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
index ed52705da..3e6055044 100644
--- a/_posts/2026-01-22-Mitigate-Correlation.md
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -1,13 +1,13 @@
 ---
 layout: post
-title: "Mitigating User Tracking Caused By Correlation Attack"
+title: "Privacy: Mitigating User Tracking By Third Parties"
 lang: "en"
 author: "rdica"
-heading: "Mitigating User Tracking Caused By Correlation Attack"
+heading: "Privacy: Mitigating User Tracking By Third Parties"
 ---
 
 By default the Jamulus protocol does not map usernames to IP addresses in any publicly available data.  
-However it is possible to execute a correlation attack to achieve user&lt;&dash;&gt;IP mapping.  
+However it is possible to correlate connections to servers to achieve user&lt;&dash;&gt;IP mapping.  
 This was first reported to Jamulus developers here: [https://github.com/orgs/jamulussoftware/discussions/3545](https://github.com/orgs/jamulussoftware/discussions/3545)
 
 <!--more-->
@@ -33,12 +33,12 @@ Each genre has a directory server. The purpose of the directory server is to pro
 
 Anyone can run an explorer instance. An explorer queries each genres directory server to get a list of servers, then queries each server directly to get a list of connected users. This is public data. **There is no IP address information on users, just the user profile data**. Again this is by design to prevent IP&lt;&dash;&gt;username mapping.  This data can also be saved for later processing.
 
-### Correlation Attack
+### Correlation
 
 Anyone can run servers **and** explorer instances.  
 Using IPs captured by a server, one can correlate **when an IP address stops pinging** &lpar;ie; just connected to a server&rpar; and **when a new client joined a server** &lpar;username data from explorer query directly to a jamulus server&rpar; to produce an IP&lt;&dash;&gt;username mapping. The IP address can then be processed to provide geolocation data. From this one can determine the location of a specific user.
 
-## The Current Correlation Attack (as of 20260122)
+## Current Correlation (as of 20260202)
 
 ### Listeners
 
@@ -70,14 +70,14 @@ IP addresses of users collected from the listeners are being correlated with joi
 
 When you open the Connect dialog window your client starts sending pings to every server in the list. **`24.199.107.192`** is the IP address of one of those servers. A server using **`24.199.107.192`** exists on each genre, their names are ***Duet***.
 
-Blocking outgoing **UDP** traffic on your DAW or router to **`24.199.107.192`** will prevent the listeners from collecting your IP address and break the correlation attack. This will help prevent you from being tracked.
+Blocking outgoing **UDP** traffic on your DAW or router to **`24.199.107.192`** will prevent the listeners from collecting your IP address and breaks correlation. This will help prevent you from being tracked.
 
 ### Server Admins
 
 Server admins can contribute to helping prevent user tracking by blocking the explorer probe.  
 If you run a server on the jamulus public network, it is currently being indexed by the explorer instance on **`137.184.43.255`**
 
-Blocking incoming **UDP** traffic from **`137.184.43.255`** will prevent the explorer from indexing your server and breaks the correlation attack. This will protect users on your server from being tracked while they use it.
+Blocking incoming **UDP** traffic from **`137.184.43.255`** will prevent the explorer from indexing your server and breaks correlation. This will protect users on your server from being tracked while they use it.
 
 ---
 

From 2a4ecb7e3ba0c9052e5686ab5738ab8b2fa385b2 Mon Sep 17 00:00:00 2001
From: rdica <kritek@gmail.com>
Date: Wed, 11 Mar 2026 10:22:29 -0400
Subject: [PATCH 08/20] Update _posts/2026-01-22-Mitigate-Correlation.md

Co-authored-by: ann0see <20726856+ann0see@users.noreply.github.com>
---
 _posts/2026-01-22-Mitigate-Correlation.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
index 3e6055044..a1ed74220 100644
--- a/_posts/2026-01-22-Mitigate-Correlation.md
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -36,7 +36,7 @@ Anyone can run an explorer instance. An explorer queries each genres directory s
 ### Correlation
 
 Anyone can run servers **and** explorer instances.  
-Using IPs captured by a server, one can correlate **when an IP address stops pinging** &lpar;ie; just connected to a server&rpar; and **when a new client joined a server** &lpar;username data from explorer query directly to a jamulus server&rpar; to produce an IP&lt;&dash;&gt;username mapping. The IP address can then be processed to provide geolocation data. From this one can determine the location of a specific user.
+Using IPs captured by a server, one can correlate **when an IP address stops pinging** &lpar;ie; just connected to a server&rpar; and **when a new client joined a server** &lpar;username data from explorer query directly to a jamulus server&rpar; to produce an IP&lt;&dash;&gt;username mapping. The IP address can then be processed to provide geolocation data. From this one can determine the approximate location of a specific user even if no location was set in the users' profile.
 
 ## Current Correlation (as of 20260202)
 

From 0672aa115fec268cba255554c67326a73910c647 Mon Sep 17 00:00:00 2001
From: rdica <kritek@gmail.com>
Date: Wed, 11 Mar 2026 10:22:52 -0400
Subject: [PATCH 09/20] Update _posts/2026-01-22-Mitigate-Correlation.md

Co-authored-by: ann0see <20726856+ann0see@users.noreply.github.com>
---
 _posts/2026-01-22-Mitigate-Correlation.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
index a1ed74220..666c83b2a 100644
--- a/_posts/2026-01-22-Mitigate-Correlation.md
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -38,7 +38,7 @@ Anyone can run an explorer instance. An explorer queries each genres directory s
 Anyone can run servers **and** explorer instances.  
 Using IPs captured by a server, one can correlate **when an IP address stops pinging** &lpar;ie; just connected to a server&rpar; and **when a new client joined a server** &lpar;username data from explorer query directly to a jamulus server&rpar; to produce an IP&lt;&dash;&gt;username mapping. The IP address can then be processed to provide geolocation data. From this one can determine the approximate location of a specific user even if no location was set in the users' profile.
 
-## Current Correlation (as of 20260202)
+## Current Correlation (as of 2026-02-02)
 
 ### Listeners
 

From c9cd3035d555a8f3d6fb106d4c523aca7d4c376d Mon Sep 17 00:00:00 2001
From: rdica <kritek@gmail.com>
Date: Wed, 11 Mar 2026 10:30:08 -0400
Subject: [PATCH 10/20] Update _posts/2026-01-22-Mitigate-Correlation.md

Co-authored-by: ann0see <20726856+ann0see@users.noreply.github.com>
---
 _posts/2026-01-22-Mitigate-Correlation.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
index 666c83b2a..482edfaa0 100644
--- a/_posts/2026-01-22-Mitigate-Correlation.md
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -74,7 +74,7 @@ Blocking outgoing **UDP** traffic on your DAW or router to **`24.199.107.192`**
 
 ### Server Admins
 
-Server admins can contribute to helping prevent user tracking by blocking the explorer probe.  
+Server admins can decide to prevent user tracking by blocking the explorer probe.  
 If you run a server on the jamulus public network, it is currently being indexed by the explorer instance on **`137.184.43.255`**
 
 Blocking incoming **UDP** traffic from **`137.184.43.255`** will prevent the explorer from indexing your server and breaks correlation. This will protect users on your server from being tracked while they use it.

From d5c8ae98b6e4a5b25ab21bc9a23fa306e7ddc9f1 Mon Sep 17 00:00:00 2001
From: rdica <kritek@gmail.com>
Date: Wed, 11 Mar 2026 10:31:45 -0400
Subject: [PATCH 11/20] Update _posts/2026-01-22-Mitigate-Correlation.md

Co-authored-by: ann0see <20726856+ann0see@users.noreply.github.com>
---
 _posts/2026-01-22-Mitigate-Correlation.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
index 482edfaa0..c5e05bd8c 100644
--- a/_posts/2026-01-22-Mitigate-Correlation.md
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -77,7 +77,7 @@ Blocking outgoing **UDP** traffic on your DAW or router to **`24.199.107.192`**
 Server admins can decide to prevent user tracking by blocking the explorer probe.  
 If you run a server on the jamulus public network, it is currently being indexed by the explorer instance on **`137.184.43.255`**
 
-Blocking incoming **UDP** traffic from **`137.184.43.255`** will prevent the explorer from indexing your server and breaks correlation. This will protect users on your server from being tracked while they use it.
+Blocking incoming **UDP** traffic from **`137.184.43.255`** will prevent the explorer from indexing your server and breaks correlation. This will disable user tracking on your server from the blocked server.
 
 ---
 

From e366b3ed054b0674c7273d8c0cb33cd45b8448da Mon Sep 17 00:00:00 2001
From: Rick Dicaire <ardy@str002.ldev>
Date: Wed, 11 Mar 2026 10:35:50 -0400
Subject: [PATCH 12/20] updates

---
 _posts/2026-01-22-Mitigate-Correlation.md | 28 +++++++++++------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
index c5e05bd8c..a76b2ad38 100644
--- a/_posts/2026-01-22-Mitigate-Correlation.md
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -7,43 +7,43 @@ heading: "Privacy: Mitigating User Tracking By Third Parties"
 ---
 
 By default the Jamulus protocol does not map usernames to IP addresses in any publicly available data.  
-However it is possible to correlate connections to servers to achieve user&lt;&dash;&gt;IP mapping.  
+However it is possible to correlate connections to Servers to achieve user&lt;&dash;&gt;IP mapping.  
 This was first reported to Jamulus developers here: [https://github.com/orgs/jamulussoftware/discussions/3545](https://github.com/orgs/jamulussoftware/discussions/3545)
 
 <!--more-->
 
 ## Scope
 
-This document will attempt to summarize the problem, and provide mitigations for both users, and server admins.
+This document will attempt to summarize the problem, and provide mitigations for both users, and Server admins.
 
 ## The Problem - Pings and Join Events
 
 ### Pings
 
-When a user attempts to connect to a server, they open the Connect dialog window. The client will **start** sending &ldquo;pings&rdquo; to every server listed in that genre to report delay latency &lpar;basically network distance&rpar; to those servers.
+When a user attempts to connect to a server, they open the Connect dialog window. The client will **start** sending &ldquo;pings&rdquo; to every Server listed in that genre to report delay latency &lpar;basically network distance&rpar; to those Servers.
 
-Anyone running a server can capture those &ldquo;pings&rdquo; using tools like `tcpdump` or `tshark/wireshark` and view the IP addresses of the clients that are sending them.  
+Anyone running a Server can capture those &ldquo;pings&rdquo; using tools like `tcpdump` or `tshark/wireshark` and view the IP addresses of the clients that are sending them.  
 **No username data is sent.** This is part of the Jamulus protocol, by design, to maintain a level of privacy and prevent others from finding the IP addresses of specific users.
 
 ### Join Events
 
-A user will either select a server from the list, or type in a server address:port, click Connect or hit Enter, and the client will then attempt to connect to the server. At this point the client **stops** sending the &ldquo;pings&rdquo; and the client typically completes the connection to the server.
+A user will either select a Server from the list, or type in a Server address:port, click Connect or hit Enter, and the client will then attempt to connect to the server. At this point the client **stops** sending the &ldquo;pings&rdquo; and the client typically completes the connection to the server.
 
-Each genre has a directory server. The purpose of the directory server is to provide clients with a listing of servers registered to it, and the users connected to each server. This is public data, and viewed in the Connect dialog window, and available through a number of websites, like [explorer.jamulus.io](https://explorer.jamulus.io) or [jamulusjams.com](https://jamulusjams.com).
+Each genre has a directory server. The purpose of the directory Server is to provide clients with a listing of Servers registered to it, and the users connected to each server. This is public data, and viewed in the Connect dialog window, and available through a number of websites, like [explorer.jamulus.io](https://explorer.jamulus.io) or [jamulusjams.com](https://jamulusjams.com).
 
-Anyone can run an explorer instance. An explorer queries each genres directory server to get a list of servers, then queries each server directly to get a list of connected users. This is public data. **There is no IP address information on users, just the user profile data**. Again this is by design to prevent IP&lt;&dash;&gt;username mapping.  This data can also be saved for later processing.
+Anyone can run an explorer instance. An explorer queries each genres directory Server to get a list of Servers, then queries each Server directly to get a list of connected users. This is public data. **There is no IP address information on users, just the user profile data**. Again this is by design to prevent IP&lt;&dash;&gt;username mapping.  This data can also be saved for later processing.
 
 ### Correlation
 
-Anyone can run servers **and** explorer instances.  
+Anyone can run Servers **and** explorer instances.  
 Using IPs captured by a server, one can correlate **when an IP address stops pinging** &lpar;ie; just connected to a server&rpar; and **when a new client joined a server** &lpar;username data from explorer query directly to a jamulus server&rpar; to produce an IP&lt;&dash;&gt;username mapping. The IP address can then be processed to provide geolocation data. From this one can determine the approximate location of a specific user even if no location was set in the users' profile.
 
 ## Current Correlation (as of 2026-02-02)
 
 ### Listeners
 
-There are seven servers on public Jamulus space, one in each genre. They are named ***Duet***, and have a userlimit set at two. They all share the same IP and each sit on different ports.  
-These servers are &ldquo;listening&rdquo; for pings from clients, and packet capturing them to get the IP addresses of users clients.
+There are seven Servers on public Jamulus space, one in each genre. They are named ***Duet***, and have a userlimit set at two. They all share the same IP and each sit on different ports.  
+These Servers are &ldquo;listening&rdquo; for pings from clients, and packet capturing them to get the IP addresses of users clients.
 
 ```
 Genre               Name   IP:port
@@ -59,7 +59,7 @@ Choral/Barbershop   Duet   24.199.107.192:22127
 
 ### User Data
 
-There is an explorer instance collecting lists of servers and users running from **`137.184.43.255`**  
+There is an explorer instance collecting lists of Servers and users running from **`137.184.43.255`**  
 IP addresses of users collected from the listeners are being correlated with join events derived from the explorer instance to produce IP&lt;&dash;&gt;username mappings. IP addresses are processed to provide geolocation data of users. This geolocation data is being collected **and** displayed without express permission of users, and with no means to opt in or out.
 
 **This data is also being fed into AI for various analyses**, again with no express permission, and no means to opt in or out.
@@ -68,16 +68,16 @@ IP addresses of users collected from the listeners are being correlated with joi
 
 ### Clients
 
-When you open the Connect dialog window your client starts sending pings to every server in the list. **`24.199.107.192`** is the IP address of one of those servers. A server using **`24.199.107.192`** exists on each genre, their names are ***Duet***.
+When you open the Connect dialog window your client starts sending pings to every Server in the list. **`24.199.107.192`** is the IP address of one of those Servers. A Server using **`24.199.107.192`** exists on each genre, their names are ***Duet***.
 
 Blocking outgoing **UDP** traffic on your DAW or router to **`24.199.107.192`** will prevent the listeners from collecting your IP address and breaks correlation. This will help prevent you from being tracked.
 
 ### Server Admins
 
 Server admins can decide to prevent user tracking by blocking the explorer probe.  
-If you run a server on the jamulus public network, it is currently being indexed by the explorer instance on **`137.184.43.255`**
+If you run a Server on the jamulus public network, it is currently being indexed by the explorer instance on **`137.184.43.255`**
 
-Blocking incoming **UDP** traffic from **`137.184.43.255`** will prevent the explorer from indexing your server and breaks correlation. This will disable user tracking on your server from the blocked server.
+Blocking incoming **UDP** traffic from **`137.184.43.255`** will prevent the explorer from indexing your Server and breaks correlation. This will disable user tracking on your Server from the blocked Server.
 
 ---
 

From 959ffb558d7cfd376819aa00bf49362b1cc9fc40 Mon Sep 17 00:00:00 2001
From: Rick Dicaire <ardy@str002.ldev>
Date: Wed, 11 Mar 2026 10:46:41 -0400
Subject: [PATCH 13/20] updates

---
 _posts/2026-01-22-Mitigate-Correlation.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
index a76b2ad38..9c13972e8 100644
--- a/_posts/2026-01-22-Mitigate-Correlation.md
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -20,23 +20,23 @@ This document will attempt to summarize the problem, and provide mitigations for
 
 ### Pings
 
-When a user attempts to connect to a server, they open the Connect dialog window. The client will **start** sending &ldquo;pings&rdquo; to every Server listed in that genre to report delay latency &lpar;basically network distance&rpar; to those Servers.
+When a user attempts to connect to a Server, they open the Connect dialog window. The client will **start** sending &ldquo;pings&rdquo; to every Server listed in that genre to report delay latency &lpar;basically network distance&rpar; to those Servers.
 
 Anyone running a Server can capture those &ldquo;pings&rdquo; using tools like `tcpdump` or `tshark/wireshark` and view the IP addresses of the clients that are sending them.  
 **No username data is sent.** This is part of the Jamulus protocol, by design, to maintain a level of privacy and prevent others from finding the IP addresses of specific users.
 
 ### Join Events
 
-A user will either select a Server from the list, or type in a Server address:port, click Connect or hit Enter, and the client will then attempt to connect to the server. At this point the client **stops** sending the &ldquo;pings&rdquo; and the client typically completes the connection to the server.
+A user will either select a Server from the list, or type in a Server address:port, click Connect or hit Enter, and the client will then attempt to connect to the Server. At this point the client **stops** sending the &ldquo;pings&rdquo; and the client typically completes the connection to the Server.
 
-Each genre has a directory server. The purpose of the directory Server is to provide clients with a listing of Servers registered to it, and the users connected to each server. This is public data, and viewed in the Connect dialog window, and available through a number of websites, like [explorer.jamulus.io](https://explorer.jamulus.io) or [jamulusjams.com](https://jamulusjams.com).
+Each genre has a directory Server. The purpose of the directory Server is to provide clients with a listing of Servers registered to it, and the users connected to each Server. This is public data, and viewed in the Connect dialog window, and available through a number of websites, like [explorer.jamulus.io](https://explorer.jamulus.io), [jamulusjams.com](https://jamulusjams.com), or [jamscout.de](https://jamscout.de).
 
 Anyone can run an explorer instance. An explorer queries each genres directory Server to get a list of Servers, then queries each Server directly to get a list of connected users. This is public data. **There is no IP address information on users, just the user profile data**. Again this is by design to prevent IP&lt;&dash;&gt;username mapping.  This data can also be saved for later processing.
 
 ### Correlation
 
 Anyone can run Servers **and** explorer instances.  
-Using IPs captured by a server, one can correlate **when an IP address stops pinging** &lpar;ie; just connected to a server&rpar; and **when a new client joined a server** &lpar;username data from explorer query directly to a jamulus server&rpar; to produce an IP&lt;&dash;&gt;username mapping. The IP address can then be processed to provide geolocation data. From this one can determine the approximate location of a specific user even if no location was set in the users' profile.
+Using IPs captured by a Server, one can correlate **when an IP address stops pinging** &lpar;ie; just connected to a Server&rpar; and **when a new client joined a Server** &lpar;username data from explorer query directly to a Jamulus Server&rpar; to produce an IP&lt;&dash;&gt;username mapping. The IP address can then be processed to provide geolocation data. From this one can determine the approximate location of a specific user even if no location was set in the users' profile.
 
 ## Current Correlation (as of 2026-02-02)
 
@@ -75,7 +75,7 @@ Blocking outgoing **UDP** traffic on your DAW or router to **`24.199.107.192`**
 ### Server Admins
 
 Server admins can decide to prevent user tracking by blocking the explorer probe.  
-If you run a Server on the jamulus public network, it is currently being indexed by the explorer instance on **`137.184.43.255`**
+If you run a Server on the Jamulus public network, it is currently being indexed by the explorer instance on **`137.184.43.255`**
 
 Blocking incoming **UDP** traffic from **`137.184.43.255`** will prevent the explorer from indexing your Server and breaks correlation. This will disable user tracking on your Server from the blocked Server.
 

From 6f82cce77fa738eb0a6bd561e3b13059030842c9 Mon Sep 17 00:00:00 2001
From: Rick Dicaire <ardy@str002.ldev>
Date: Wed, 11 Mar 2026 10:49:05 -0400
Subject: [PATCH 14/20] updates

---
 _posts/2026-01-22-Mitigate-Correlation.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
index 9c13972e8..2dd032d41 100644
--- a/_posts/2026-01-22-Mitigate-Correlation.md
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -36,14 +36,14 @@ Anyone can run an explorer instance. An explorer queries each genres directory S
 ### Correlation
 
 Anyone can run Servers **and** explorer instances.  
-Using IPs captured by a Server, one can correlate **when an IP address stops pinging** &lpar;ie; just connected to a Server&rpar; and **when a new client joined a Server** &lpar;username data from explorer query directly to a Jamulus Server&rpar; to produce an IP&lt;&dash;&gt;username mapping. The IP address can then be processed to provide geolocation data. From this one can determine the approximate location of a specific user even if no location was set in the users' profile.
+Using IPs captured by a Server, one can correlate **when an IP address stops pinging** &lpar;ie; just connected to a Server&rpar; and **when a new client joined a Server** &lpar;username data from explorer query directly to a Jamulus Server&rpar; to produce an IP&lt;&dash;&gt;username mapping. The IP address can then be processed to provide geolocation data. From this one can determine the approximate location of a specific user even if no location was set in the users profile.
 
 ## Current Correlation (as of 2026-02-02)
 
 ### Listeners
 
 There are seven Servers on public Jamulus space, one in each genre. They are named ***Duet***, and have a userlimit set at two. They all share the same IP and each sit on different ports.  
-These Servers are &ldquo;listening&rdquo; for pings from clients, and packet capturing them to get the IP addresses of users clients.
+These Servers are &ldquo;listening&rdquo; for pings from clients, and packet capturing them to get the IP addresses of user clients.
 
 ```
 Genre               Name   IP:port

From bdb1178d547b9d102a5630356899b96dd1b11766 Mon Sep 17 00:00:00 2001
From: Rick Dicaire <ardy@str002.ldev>
Date: Wed, 11 Mar 2026 10:56:03 -0400
Subject: [PATCH 15/20] updates

---
 _posts/2026-01-22-Mitigate-Correlation.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
index 2dd032d41..fda43b6d4 100644
--- a/_posts/2026-01-22-Mitigate-Correlation.md
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -29,9 +29,9 @@ Anyone running a Server can capture those &ldquo;pings&rdquo; using tools like `
 
 A user will either select a Server from the list, or type in a Server address:port, click Connect or hit Enter, and the client will then attempt to connect to the Server. At this point the client **stops** sending the &ldquo;pings&rdquo; and the client typically completes the connection to the Server.
 
-Each genre has a directory Server. The purpose of the directory Server is to provide clients with a listing of Servers registered to it, and the users connected to each Server. This is public data, and viewed in the Connect dialog window, and available through a number of websites, like [explorer.jamulus.io](https://explorer.jamulus.io), [jamulusjams.com](https://jamulusjams.com), or [jamscout.de](https://jamscout.de).
+Each genre has a Directory Server. The purpose of the Directory Server is to provide clients with a listing of Servers registered to it, and the users connected to each Server. This is public data, and viewed in the Connect dialog window, and available through a number of websites, like [explorer.jamulus.io](https://explorer.jamulus.io), [jamulusjams.com](https://jamulusjams.com), or [jamscout.de](https://jamscout.de).
 
-Anyone can run an explorer instance. An explorer queries each genres directory Server to get a list of Servers, then queries each Server directly to get a list of connected users. This is public data. **There is no IP address information on users, just the user profile data**. Again this is by design to prevent IP&lt;&dash;&gt;username mapping.  This data can also be saved for later processing.
+Anyone can run an explorer instance. An explorer queries each genres Directory Server to get a list of Servers, then queries each Server directly to get a list of connected users. This is public data. **There is no IP address information on users, just the user profile data**. Again this is by design to prevent IP&lt;&dash;&gt;username mapping.  This data can also be saved for later processing.
 
 ### Correlation
 

From bc1df1f9ff66e3070c8b0244b8e6321f6defebe1 Mon Sep 17 00:00:00 2001
From: Rick Dicaire <ardy@str002.ldev>
Date: Wed, 11 Mar 2026 11:06:11 -0400
Subject: [PATCH 16/20] updates

---
 _posts/2026-01-22-Mitigate-Correlation.md | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
index fda43b6d4..920007c8c 100644
--- a/_posts/2026-01-22-Mitigate-Correlation.md
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -38,11 +38,11 @@ Anyone can run an explorer instance. An explorer queries each genres Directory S
 Anyone can run Servers **and** explorer instances.  
 Using IPs captured by a Server, one can correlate **when an IP address stops pinging** &lpar;ie; just connected to a Server&rpar; and **when a new client joined a Server** &lpar;username data from explorer query directly to a Jamulus Server&rpar; to produce an IP&lt;&dash;&gt;username mapping. The IP address can then be processed to provide geolocation data. From this one can determine the approximate location of a specific user even if no location was set in the users profile.
 
-## Current Correlation (as of 2026-02-02)
+## Current Correlation (as of 2026-03-11)
 
 ### Listeners
 
-There are seven Servers on public Jamulus space, one in each genre. They are named ***Duet***, and have a userlimit set at two. They all share the same IP and each sit on different ports.  
+There are currently seven known Servers on public Jamulus space, one in each genre. They are hosted on [DigitalOcean](https://digitalocean.com) instances. They are named ***Duet***, and have a userlimit set at two. They all share the same IP and each sit on different ports.  
 These Servers are &ldquo;listening&rdquo; for pings from clients, and packet capturing them to get the IP addresses of user clients.
 
 ```
@@ -59,11 +59,9 @@ Choral/Barbershop   Duet   24.199.107.192:22127
 
 ### User Data
 
-There is an explorer instance collecting lists of Servers and users running from **`137.184.43.255`**  
+There is an explorer instance collecting lists of Servers and users running from **`137.184.43.255`**. It is hosted on a [DigitalOcean](https://digitalocean.com) instance.  
 IP addresses of users collected from the listeners are being correlated with join events derived from the explorer instance to produce IP&lt;&dash;&gt;username mappings. IP addresses are processed to provide geolocation data of users. This geolocation data is being collected **and** displayed without express permission of users, and with no means to opt in or out.
 
-**This data is also being fed into AI for various analyses**, again with no express permission, and no means to opt in or out.
-
 ## Mitigations
 
 ### Clients

From 76ab74123df3399adadc29c9ad55a8e797b910d5 Mon Sep 17 00:00:00 2001
From: Rick Dicaire <ardy@str002.ldev>
Date: Thu, 12 Mar 2026 16:28:23 -0400
Subject: [PATCH 17/20] updates

---
 _posts/2026-01-22-Mitigate-Correlation.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
index 920007c8c..07bfc0350 100644
--- a/_posts/2026-01-22-Mitigate-Correlation.md
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -36,7 +36,7 @@ Anyone can run an explorer instance. An explorer queries each genres Directory S
 ### Correlation
 
 Anyone can run Servers **and** explorer instances.  
-Using IPs captured by a Server, one can correlate **when an IP address stops pinging** &lpar;ie; just connected to a Server&rpar; and **when a new client joined a Server** &lpar;username data from explorer query directly to a Jamulus Server&rpar; to produce an IP&lt;&dash;&gt;username mapping. The IP address can then be processed to provide geolocation data. From this one can determine the approximate location of a specific user even if no location was set in the users profile.
+Using IPs captured by a Server, one can correlate **when an IP address stops pinging** &lpar;ie; just connected to a Server&rpar; and **when a new client joined a Server** &lpar;username data from explorer query directly to a Jamulus Server&rpar; to produce an IP&lt;&dash;&gt;username mapping. The IP address can then be processed to provide geolocation data. From this one can determine the approximate location of a specific user.
 
 ## Current Correlation (as of 2026-03-11)
 

From 35d74a5910f10b257681de3989d0cb80bddfec84 Mon Sep 17 00:00:00 2001
From: Rick Dicaire <ardy@str002.ldev>
Date: Sat, 14 Mar 2026 16:21:41 -0400
Subject: [PATCH 18/20] added new IPs

---
 _posts/2026-01-22-Mitigate-Correlation.md | 39 ++++++++++++-----------
 1 file changed, 21 insertions(+), 18 deletions(-)

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
index 07bfc0350..39584ed63 100644
--- a/_posts/2026-01-22-Mitigate-Correlation.md
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -42,41 +42,44 @@ Using IPs captured by a Server, one can correlate **when an IP address stops pin
 
 ### Listeners
 
-There are currently seven known Servers on public Jamulus space, one in each genre. They are hosted on [DigitalOcean](https://digitalocean.com) instances. They are named ***Duet***, and have a userlimit set at two. They all share the same IP and each sit on different ports.  
+There are currently fourteen known Servers on public Jamulus space, two in each genre. They are hosted on [DigitalOcean](https://digitalocean.com) and [Oracle Cloud](https://oracle.com) instances. They are named ***Duet*** and ***Jamulus on 22x24***, and have a userlimit set at two. They all share the same IP and each sit on different ports.  
 These Servers are &ldquo;listening&rdquo; for pings from clients, and packet capturing them to get the IP addresses of user clients.
 
 ```
-Genre               Name   IP:port
-
-Any Genre1          Duet   24.199.107.192:22121
-Any Genre2          Duet   24.199.107.192:22122
-Any Genre3          Duet   24.199.107.192:22123
-Rock                Duet   24.199.107.192:22124
-Jazz                Duet   24.199.107.192:22125
-Classical/Folk      Duet   24.199.107.192:22126
-Choral/Barbershop   Duet   24.199.107.192:22127
+Genre               Name               IP:port
+
+Any Genre1          Duet               24.199.107.192:22121
+                    Jamulus on 22124   89.168.107.178:22155
+Any Genre2          Duet               24.199.107.192:22122
+                    Jamulus on 22224   89.168.107.178:22156
+Any Genre3          Duet               24.199.107.192:22123
+                    Jamulus on 22624   89.168.107.178:22157
+Rock                Duet               24.199.107.192:22124
+                    Jamulus on 22424   89.168.107.178:22158
+Jazz                Duet               24.199.107.192:22125
+                    Jamulus on 22324   89.168.107.178:22159
+Classical/Folk      Duet               24.199.107.192:22126
+                    Jamulus on 22524   89.168.107.178:22160
+Choral/Barbershop   Duet               24.199.107.192:22127
+                    Jamulus on 22724   89.168.107.178:22161
 ```
 
 ### User Data
 
-There is an explorer instance collecting lists of Servers and users running from **`137.184.43.255`**. It is hosted on a [DigitalOcean](https://digitalocean.com) instance.  
+There are explorer instances collecting lists of Servers and users running from **`137.184.43.255`** and **`89.168.107.178`**. They are hosted on [DigitalOcean](https://digitalocean.com) and [Oracle Cloud](https://oracle.com) instances.  
 IP addresses of users collected from the listeners are being correlated with join events derived from the explorer instance to produce IP&lt;&dash;&gt;username mappings. IP addresses are processed to provide geolocation data of users. This geolocation data is being collected **and** displayed without express permission of users, and with no means to opt in or out.
 
 ## Mitigations
 
 ### Clients
 
-When you open the Connect dialog window your client starts sending pings to every Server in the list. **`24.199.107.192`** is the IP address of one of those Servers. A Server using **`24.199.107.192`** exists on each genre, their names are ***Duet***.
+When you open the Connect dialog window your client starts sending pings to every Server in the list. **`24.199.107.192`** and **`89.168.107.178`** are one the IP addresses of one of those Servers. A Server using **`24.199.107.192`** and **`89.168.107.178`** exists on each genre, their names are ***Duet*** and ***Jamulus on 22x24***.
 
-Blocking outgoing **UDP** traffic on your DAW or router to **`24.199.107.192`** will prevent the listeners from collecting your IP address and breaks correlation. This will help prevent you from being tracked.
+Blocking outgoing **UDP** traffic on your DAW or router to **`24.199.107.192`** and **`89.168.107.178`** will prevent the listeners from collecting your IP address and breaks correlation. This will help prevent you from being tracked.
 
 ### Server Admins
 
 Server admins can decide to prevent user tracking by blocking the explorer probe.  
 If you run a Server on the Jamulus public network, it is currently being indexed by the explorer instance on **`137.184.43.255`**
 
-Blocking incoming **UDP** traffic from **`137.184.43.255`** will prevent the explorer from indexing your Server and breaks correlation. This will disable user tracking on your Server from the blocked Server.
-
----
-
-Updated information can be found here: [https://jamulusjams.com/block-user-tracking.html](https://jamulusjams.com/block-user-tracking.html)
+Blocking incoming **UDP** traffic from **`137.184.43.255`** and **`89.168.107.178`** will prevent the explorer from indexing your Server and breaks correlation. This will disable user tracking on your Server from the blocked Server.

From 3e36fca0e4855a5cc5802927dd6703e8af0a7838 Mon Sep 17 00:00:00 2001
From: Rick Dicaire <ardy@str002.ldev>
Date: Sat, 14 Mar 2026 16:22:48 -0400
Subject: [PATCH 19/20] updates

---
 _posts/2026-01-22-Mitigate-Correlation.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
index 39584ed63..aa6e1842a 100644
--- a/_posts/2026-01-22-Mitigate-Correlation.md
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -80,6 +80,6 @@ Blocking outgoing **UDP** traffic on your DAW or router to **`24.199.107.192`**
 ### Server Admins
 
 Server admins can decide to prevent user tracking by blocking the explorer probe.  
-If you run a Server on the Jamulus public network, it is currently being indexed by the explorer instance on **`137.184.43.255`**
+If you run a Server on the Jamulus public network, it is currently being indexed by the explorer instances on **`137.184.43.255`** and **`89.168.107.178`**.
 
 Blocking incoming **UDP** traffic from **`137.184.43.255`** and **`89.168.107.178`** will prevent the explorer from indexing your Server and breaks correlation. This will disable user tracking on your Server from the blocked Server.

From 382a13c183e4c1494ed64f1a0dcc4dcb0675a8f9 Mon Sep 17 00:00:00 2001
From: Rick Dicaire <ardy@str002.ldev>
Date: Tue, 17 Mar 2026 11:28:20 -0400
Subject: [PATCH 20/20] Revert "added new IPs"

This reverts commit 35d74a5910f10b257681de3989d0cb80bddfec84.
---
 _posts/2026-01-22-Mitigate-Correlation.md | 39 +++++++++++------------
 1 file changed, 18 insertions(+), 21 deletions(-)

diff --git a/_posts/2026-01-22-Mitigate-Correlation.md b/_posts/2026-01-22-Mitigate-Correlation.md
index aa6e1842a..d33695db6 100644
--- a/_posts/2026-01-22-Mitigate-Correlation.md
+++ b/_posts/2026-01-22-Mitigate-Correlation.md
@@ -42,44 +42,41 @@ Using IPs captured by a Server, one can correlate **when an IP address stops pin
 
 ### Listeners
 
-There are currently fourteen known Servers on public Jamulus space, two in each genre. They are hosted on [DigitalOcean](https://digitalocean.com) and [Oracle Cloud](https://oracle.com) instances. They are named ***Duet*** and ***Jamulus on 22x24***, and have a userlimit set at two. They all share the same IP and each sit on different ports.  
+There are currently seven known Servers on public Jamulus space, one in each genre. They are hosted on [DigitalOcean](https://digitalocean.com) instances. They are named ***Duet***, and have a userlimit set at two. They all share the same IP and each sit on different ports.  
 These Servers are &ldquo;listening&rdquo; for pings from clients, and packet capturing them to get the IP addresses of user clients.
 
 ```
-Genre               Name               IP:port
-
-Any Genre1          Duet               24.199.107.192:22121
-                    Jamulus on 22124   89.168.107.178:22155
-Any Genre2          Duet               24.199.107.192:22122
-                    Jamulus on 22224   89.168.107.178:22156
-Any Genre3          Duet               24.199.107.192:22123
-                    Jamulus on 22624   89.168.107.178:22157
-Rock                Duet               24.199.107.192:22124
-                    Jamulus on 22424   89.168.107.178:22158
-Jazz                Duet               24.199.107.192:22125
-                    Jamulus on 22324   89.168.107.178:22159
-Classical/Folk      Duet               24.199.107.192:22126
-                    Jamulus on 22524   89.168.107.178:22160
-Choral/Barbershop   Duet               24.199.107.192:22127
-                    Jamulus on 22724   89.168.107.178:22161
+Genre               Name   IP:port
+
+Any Genre1          Duet   24.199.107.192:22121
+Any Genre2          Duet   24.199.107.192:22122
+Any Genre3          Duet   24.199.107.192:22123
+Rock                Duet   24.199.107.192:22124
+Jazz                Duet   24.199.107.192:22125
+Classical/Folk      Duet   24.199.107.192:22126
+Choral/Barbershop   Duet   24.199.107.192:22127
 ```
 
 ### User Data
 
-There are explorer instances collecting lists of Servers and users running from **`137.184.43.255`** and **`89.168.107.178`**. They are hosted on [DigitalOcean](https://digitalocean.com) and [Oracle Cloud](https://oracle.com) instances.  
+There is an explorer instance collecting lists of Servers and users running from **`137.184.43.255`**. It is hosted on a [DigitalOcean](https://digitalocean.com) instance.  
 IP addresses of users collected from the listeners are being correlated with join events derived from the explorer instance to produce IP&lt;&dash;&gt;username mappings. IP addresses are processed to provide geolocation data of users. This geolocation data is being collected **and** displayed without express permission of users, and with no means to opt in or out.
 
 ## Mitigations
 
 ### Clients
 
-When you open the Connect dialog window your client starts sending pings to every Server in the list. **`24.199.107.192`** and **`89.168.107.178`** are one the IP addresses of one of those Servers. A Server using **`24.199.107.192`** and **`89.168.107.178`** exists on each genre, their names are ***Duet*** and ***Jamulus on 22x24***.
+When you open the Connect dialog window your client starts sending pings to every Server in the list. **`24.199.107.192`** is the IP address of one of those Servers. A Server using **`24.199.107.192`** exists on each genre, their names are ***Duet***.
 
-Blocking outgoing **UDP** traffic on your DAW or router to **`24.199.107.192`** and **`89.168.107.178`** will prevent the listeners from collecting your IP address and breaks correlation. This will help prevent you from being tracked.
+Blocking outgoing **UDP** traffic on your DAW or router to **`24.199.107.192`** will prevent the listeners from collecting your IP address and breaks correlation. This will help prevent you from being tracked.
 
 ### Server Admins
 
 Server admins can decide to prevent user tracking by blocking the explorer probe.  
 If you run a Server on the Jamulus public network, it is currently being indexed by the explorer instances on **`137.184.43.255`** and **`89.168.107.178`**.
 
-Blocking incoming **UDP** traffic from **`137.184.43.255`** and **`89.168.107.178`** will prevent the explorer from indexing your Server and breaks correlation. This will disable user tracking on your Server from the blocked Server.
+Blocking incoming **UDP** traffic from **`137.184.43.255`** will prevent the explorer from indexing your Server and breaks correlation. This will disable user tracking on your Server from the blocked Server.
+
+---
+
+Updated information can be found here: [https://jamulusjams.com/block-user-tracking.html](https://jamulusjams.com/block-user-tracking.html)