Monday, November 30, 2009

Anonymous Proxy Lists - A Dangerous Proxy

The concept of anonymous proxy lists are great - especially if you are concerned about protecting your privacy on the internet. An anonymous proxy will basically act as an intermediary on the internet and forward all your requests for web sites whilst not revealing your IP address or physical location. Normally your IP address will be stored on the server logs of any web server you access but when you use an anonymous proxy server then it has no record of your location or IP address.

anonymous proxiesOk so this sounds good - that is what anonymous proxy servers are for - to protect your privacy. The big problem and it is a very big problem is that all your data is actually passed through this proxy server usually completely unencrypted - the data is merely forwarded to it's destination.

Recently a colleague of mine mentioned to me he was using an anonymous proxy in order to access and play online roulette games. Because his ISP was based in the USA all of the online casinos wouldn't let him play due to their online gaming laws. Of course when he used the proxy server his location was actually given as that of the proxy server (Russia in this case) and he was able to play. He also told me this was much more secure as his internet activities could not be traced back to his IP address and location.

I'm afraid although there is some truth in this, it is far from a good idea. To use an anonymous proxy you must have 100% confidence in the integrity of the server and of the people controlling this server. You are passing all your data mostly unencrypted through this proxy in order for it to forward to the web page you requested. All your information and personal details can be accessed via the administrators of this proxy server - a simple capture like tcpdump will log every piece of data that passes through.

Guess where my friend got his Anonymous Proxy Server List from!

You may have guessed already, it was a list posted on a Russian hacker site. He was trusting all his personal information to a proxy server supplied to him by a bunch of Russian hackers. On a scale of bad ideas it really did rate pretty highly but people do it all the time. They feel secure by the mere name, anonymous proxy server sounds good doesn't it until you see Igor sifting through your data one late night looking for passwords and account numbers.

So if you want to use an Anonymous Proxy Server to protect your identity


  • Make sure it is run by a responsible company or organisation

  • Always check the ownership of the anonymous proxy - use a WHOIS lookup to see where IP is registered

  • Even be careful about the above - often a server is compromised and used as an anonymous proxy without the owners knowledge

  • Never use a proxy from a list found floating about the internet

  • Encrypt any data - so it is not readable



I can understand anyones desire to protect their privacy online, there are so many people trying to snoop on our online lives all the way from Governments to hackers, identity thieves and spammers. They all want to know your data for different reasons but it still seems like spying in my book.

Does anyone else feel uncomfortable with the European Data Directive which states that all our online data (web sites we access, emails records, mobile phone logs) should be stored for up to 2 years by our ISPs. The UK Government want to go even further and store all this data in a central database presumably so they can find some way to lose the data. There are suggestions and litigation happening now that suggest the same thing may be happening in the USA as well - visit the Electronic Frontier Foundation - for details on the cases.

No comments:

Post a Comment

Custom Search
Powered By Blogger