Nonce injection and observation system for detecting eavesdroppers

The invention claimed is: 1. A method performed by a system comprising one or more computers on the Internet, each of which has at least one hardware processor and memory holding computer program instructions for execution on the at least one hardware processor for operating the respective computer, the method comprising: with the system: generating a nonce and including the nonce in a portion of a first network message; sending the first network message to a first computer over one or more network links, the first computer being distinct from the system; and, recording information about the sending of the nonce in a nonce record; subsequently, the system: receiving the nonce in a second network message from a second computer, the second computer being distinct from the system; recording information about the second network message from the second computer in a log entry; matching the nonce record to the log entry; and, determining, based at least in part on the nonce record and the log entry, that the second computer is associated with an eavesdropper on at least one of: (a) the one or more network links over which the first network message was sent to the first computer and (b) the first computer; wherein the system sending the first network message comprises at least one of: (i) a domain name system (DNS) server sending a DNS answer, where the DNS server inserts the nonce into at least one of an internet protocol (IP) address and a canonical name (CNAME), the DNS answer being in response to a DNS query for a hostname; (ii) a proxy server sending a hypertext transfer protocol (HTTP) response, where the proxy server inserts the nonce into at least one of: a real user monitoring (RUM) script, a hypertext markup language (HTML) page, an HTTP header, and HTTP body, wherein the HTTP response comprises at least one of: an HTTP message encrypted according to transport layer security (TLS) or other protocol, an HTTP/2 message, an HTTP.x message where x signifies any version; (iii) a client device sending a DNS query, where the client device inserts the nonce into a queried name; (iv) a client device sending an HTTP message, where the client device inserts the nonce into at least one of: a server name indication (SNI) field, a destination IP address, an HTTP header, and HTTP body, wherein the HTTP message comprises at least one of: an HTTP message encrypted according to TLS or other protocol, an HTTP/2 message, and an HTTP.x message where x signifies any version; and, (v) a client device sending a RUM beacon, where the client device inserts the nonce into the RUM beacon. 2. The method of claim 1 , wherein the queried name comprises a hostname. 3. The method of claim 1 , wherein the system sending the first network message comprises inserting the nonce into an otherwise unused field in the transport layer or network layer. 4. The method of claim 1 , wherein the recording of the information about the sending of the nonce in a nonce record comprises recording at least one of: a nonce value, an identifier carrying the nonce, a time and date of the first network message, a destination of the first network message; and, one or more results of one or more network tests conducted at the time of sending the first network message. 5. The method of claim 1 , wherein a connection over which the first network message is sent comprises a transport layer security (TLS) encrypted connection, and the nonce is placed into a cleartext portion of the first network message. 6. The method of claim 1 , wherein the generating of the nonce and the including of the nonce in a portion of a first network message comprises inserting the nonce into a network identifier. 7. The method of claim 1 , wherein the nonce comprises a limited-time use nonce. 8. The method of claim 1 , further comprising: in response to said determination that the second computer is associated with an eavesdropper, taking an action, the action comprising reporting the determination to a customer of the system whose content is associated with the first network message. 9. The method of claim 1 , further comprising: in response to said determination that the second computer is associated with an eavesdropper, taking an action, the action comprising at least one of: (i) routing network traffic between two or more computers in the system so as to avoid at least one of: one or more network links associated with the eavesdropper, one or more hosts associated with the eavesdropper, and one or more services associated with the eavesdropper; and (ii) encapsulating network traffic traveling across at least one network link associated with the eavesdropper. 10. A method performed by a system comprising one or more computers on the Internet, each of which has at least one hardware processor and memory holding computer program instructions for execution on the at least one hardware processor for operating the respective computer, the method comprising: with the system: generating a nonce and including the nonce in a portion of a first network message; sending the first network message to a first computer over one or more network links, the first computer being distinct from the system; and, recording information about the sending of the nonce in a nonce record; subsequently, at the system: receiving the nonce in a second network message from a second computer, the second computer being distinct from the system; recording information about the second network message from the second computer in a log entry; matching the nonce record to the log entry; and, determining, based at least in part on the nonce record and the log entry, that the second computer is associated with an eavesdropper on at least one of: (a) the one or more network links over which the first network message was sent to the first computer and (b) the first computer; wherein the sending of the first network message comprises sending at least one Internet Protocol packet, and setting a Time to Live (TTL) in the at least one Internet Protocol packet, so as to limit the distance, in router hops, that the first network message will travel, thus limiting where an eavesdropper might observe the nonce in the first network message; and, the method further comprising the system: recording information about the TTL when sending of the nonce in the nonce record; and, in response to the determination that the second computer is associated with an eavesdropper, using at least the recorded information about the TTL, to determine the eavesdropper's possible location(s). 11. The method of claim 10 , further comprising, delaying sending of subsequent network messages with the nonce while waiting to receive the nonce in the second network message from the second computer. 12. The method of claim 10 , further comprising using arrival time of the second network message from the second computer, to determine the eavesdropper's possible location(s). 13. A system for detecting eavesdroppers on a network, comprising: one or more computers on the Internet, each of which has at least one hardware processor and memory holding computer program instructions for execution on the at least one hardware processor for operating the respective computer; the one or more computers in the system holding computer program instructions that, when executed, cause the one or more computers to: generate a nonce and including the nonce in a portion of a first network message; send the first network message to a first computer over one or more network links, the first computer being distinct from the system; record information about the sending of the nonce in a