Beware of "Anonymous" Proxy Servers
"Anonymous" proxy servers are not really anonymous. The word "anonymous" is used here in reference to the property of the proxy not to forward your Internet Protocol (IP) address to the website you are visiting through the proxy server. In other words, the website thinks the request for information is coming from the proxy's IP. However, in many cases, even this isn't true of "anonymous" proxies.
Anonymous proxies may forward your IP at any moment without you knowing - it would take extensive and comprehensive testing to see if your IP is ever forwarded. Moreover, the proxy may not forward you IP, but chances are it will return the web site's cookies to you, which can in turn be used to track your browsing.
Also, there is rarely ever any protection against the "anonymous" proxy logging your connection information (IP, website visited, time online, etc.). And there is rarely a privacy policy associated with the "anonymous" proxy service, which means that they are free to sell your browsing habit information along with your IP to the highest bidder.
If that doesn't turn you off, then I suggest at least using an anti-script/cookie/ad tool to at least protect your privacy from the websites you are visiting. Perhaps a smart choice is also to use secure web-based CGI proxies. These proxies use reviewed open source code and encrypt your web browsing using standard banking operation 128 bit Secure Sockets Layer (SSL) encryption. Although they are harder to find, these proxies are generally safer and provide more privacy - your ISP/censor cannot know what information you are accessing. A simple google search for "SSL CGI Proxy" or "Secure CGI Proxy" should yield some usable results.
These proxies are generally web-based and do not allow you to connect other applications through them, but tunneling encrypted SSL proxies should allow any TCP/UDP packets to be redirected and "wrapped" in SSL. For those who would like to learn more about the SSL protocol and how it increases your privacy and security, I encourage you to visit http://www.techweb.com/encyclopedia/defineterm.jhtml?term=SSL and a more in depth introduction here: http://docs.sun.com/source/816-6156-10/contents.htm . For techies looking for more than an understanding, you can download, read and compile the source code for OpenSSL protocol here: http://www.openssl.org/source/ . For techies and computer security experts, I recommend this paper by David Wagner of the University of California, Berkeley & Bruce Schneier of Counterpane Systems which analyses the weaknesses of the SSL protocol v3.0: http://www.schneier.com/paper-ssl.html .
And remember, beware of "anonymous" proxy servers and protect yourself from scripts, cookies, and browsing history cache by deleting or encrypting these often. For that purpose, I recommend using CCleaner (http://www.ccleaner.com/) or Spybot Search & Destroy 's remove usage tracks capability (http://www.safer-networking.org/index2.html).
About Civisec: Internet Security for Civil Society
The goal of the CiviSec Project is to address and raise awareness of emerging issues of Internet censorship, surveillance and infowar, and in turn empower organizations and individuals to take informed action when implementing privacy and security solutions online.
Archives
| September 2010 | ||||||
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | ||