Looking for a High Anonymous Proxy – Some Thoughts
If you’re looking for a super secure, highly anonymous proxy then it can be rather confusing. After all what does constitute such a server, there are no real definitions only opinions.
The first thing to be aware of is that if someone just adds the word secure or highly secure to their description it means nothing. There are literally thousands of one page proxy servers running as default installations on some free web hosting space which describe themselves as secure – they are not. To keep a proxy secure needs time, technical skill and a very real commitment to keeping the infrastructure secure.
For instance, there are loads of people running proxies who never even consider the question of which user context the proxy should be running in. It’s actually very important but surprisingly a huge number of people run their proxy services as root.
This is a very bad idea, not only does this potentially give an attacker a very real chance of obtaining complete control not only to the proxy but the server it runs on. The slightest bug or vulnerability in the service can be exploited – there goes the server, the data, user accounts and logs.
A Step Towards a Properly Secure Proxy
Someone more security aware might run the proxy service in the context of the ‘nobody’ user. The advantage of this account is that it has no real administrative rights or privileges and there the integrity of the server is maintained even if the account is compromised. It does have some rights though and can access public directories and any other directories or services running in the ‘nobody’ user context.
But the real secure way is to create a dedicated user account specifically to run the proxy server in. It would have no other function and importantly no other rights or permissions applied. This protects the server, the logs and any users data that may be on the machine. It’s a simple point but a fundamental step in running a truly secure proxy server and giving you a secure IP address to use – 99% of the proxies you find online won’t be set up like this.
The unfortunate thing is that people tend to imagine that a proxy server that obscures your IP address adds a level of security and anonymity automatically. This is simply not the case and a badly configured proxy is far worse than using no proxy at all. Remember that when you use a proxy server all your data is diverted through that server and everything is probably logged too. It’s a huge risk using a badly configured server, whether it’s meant to be a simple porn proxy or highly secure VPN!
The security of the proxy server is really dependent on the technical expertise of the people who set it up and run it. You’ll never get a secure proxy server for nothing simply because professionals don’t work for free. Kids running proxies on free web space who have no concept of security – do however.
Updated Content and Tags – May 10th, 2013
The Truth About Proxies
If you search on the internet you’ll find many proxy sites including plenty of USA based proxies – usually they consist of loads of adverts and a little slot in the middle of the page where you type the website you want.
These sites promise you the following -
- security
- anonymity
- ability to bypass firewalls
- ability to bypass content filters
In reality you’ll normally get none of these although to be fair there are some benefits. Here’s the truth about these proxies and the claimed benefits to help you make your own decision.
Security
If you’re really concerned about security and your privacy then the answer is don’t use these websites. certainly never use them to access any site that requires passwords or personal credentials. These sites normally are set up quickly and easily using a proxy software called Glype. This is simply installed on some cheap or free hosting account and surrounded by adverts in an attempt to make money.
Of course there’s nothing wrong with that but be aware the server is not secured, they are also not highly anonymous and there will be no mention of what happens to the logs and you are trusting that website with whatever data you send through it. In reality all you are doing is adding another risk to your browsing. There are some malicious web sites which exist just to steal any credentials that are sent through it.
Anonymity
The claim for anonymity for these sites can be partially true if they are configured correctly. What they can protect from is the web site you are visiting storing your IP address in it’s logs. The main problem with trying to stay anonymous on the web is two fold – firstly your browsing is logged in its entirety at your ISP, secondly it’s all in clear text so is readable by anyone.
The proxies will sometimes stop your IP address being logged at the web site you visit – that’s it. But in exchange it will be logged on their server which may well be run by a 16 year old in his spare time.
Using Proxies to Bypass Firewalls
This can work in a particularly lax environment but in those cases you probably won’t need a proxy server! If the firewall just blocks access to specific IP addresses or URLs then this might work. However most environments are rather more sophisticated than that. Also the majority of web proxy sites are themselves blocked anyway. They can be useful in countries with basic blocks on popular sites like Facebook and YouTube for example.
Using Proxies to Bypass Content Filters
This is a complete non starter as no web proxy will have the slightest effect here. The problem is that although a content filter also looks for specific web sites, IP addresses and content to block it actually looks at the request itself. Most filters look inside the packet themselves so proxies will have no effect whatsoever apart from getting you flagged by the IT Admins for trying to circumvent any restrictions. There is only one way to bypass a sophisticated content filter and that’s to use a concealed proxy server plus encrypt all your data. The encryption means that the content filter can’t look inside the packet and work out the destination. So if you don’t want to have every thing you do online logged and recorded by your ISP and/or employer then encryption is a must. It’s often used when people access pornography online – particularly popular in the middle East where a porn proxy are standard because of the various blocks implemented by the Governments.
Updated -
Using a Proxy Server to Enhance Freedom on the Internet
The United States of America is known for its declarative stances on life, liberty and the pursuit of happiness. However, this doesn’t seem to be the case when we spend a lifetime – pursuing liberty – only to be met with the unhappiness of censorship. In today’s modern world, the battle for freedom, along with the war against freedom of expression, has shifted gears online. Repressive regimes persistently undermine global civil liberties; cunningly employing various Internet censorship techniques to appear stagnant and under the radar.
The magnitude of Internet filtering and censorship in any given nation is measured by the OpenNet Initiative, or “ONI.” According their website mission statement, the OpenNet Initiative aims to “identify and document Internet filtering and surveillance, and to promote and inform wider public dialogues about such practices.” There are 5 categories of censorship magnitudes (in addition to various nations profiled on ONI’s website) that are structured upon the following bases:
1.) Lack of Evidence
In this case, there is no apparent evidence that websites are being blocked by the government, though forms of control may be employed. The biggest offending countries of proof-voided corroboration are: Afghanistan, Algeria, Bangladesh, Egypt, France, Germany, Iraq, Israel, Malaysia, Nepal, Nigeria, Uganda, Ukraine, United Kingdom, United States, Venezuela and finally, Zimbabwe.
2.) Suspected
This category alludes to suspicion of blocked websites by governmental influences, yet without tangible confirmation. A prime example is North Korea, which has a national intranet with approximately 30 approved websites. North Korea is an extremely isolated country, and this separation contributes to the difficulties posed in obtaining substantial information.
3.) Selective
This grouping implies that a small number of websites may be blocked, and/or a small number of people may see filtered results. Countries such as Armenia, Azerbaijan, Belarus, Georgia, India, Italy, Jordan, Kazakhstan, Libya, Moldova, Morocco, Russia, Singapore, Tajikistan, Thailand and Turkey serve as the deeming nations under this category.
4.) Substantial
This category identifies nations that filter search results, while further blocking websites at a regularly-low or moderate level. Countries likely to be considered under this grouping are Burma, Ethiopia, Gaza and the West Bank, Indonesia, Pakistan, South Korea, Sudan and Uzbekistan.
5.) Pervasive
Under this extreme magnitude, massive censorship is implemented by the government. Many websites are blocked and freedom of expression is severely limited. Participating nations include: Bahrain, China, Iran, Kuwait, Kyrgyzstan, Lebanon, North Korea, Oman, Qatar, Saudi Arabia, Syria, Tunisia, Turkmenistan, United Arab Emirates, Vietnam and Yemen.
In an attempt to expose cyber filtering and surveillance practices, OPI monitors and rates four areas of Internet activity, as listed below.
i.) Social
These websites generally centralize around taboo issues; ranging from sexually-explicit content, various forms of betting and drugs. The worst offending countries are considered to be: North Korea, Yemen, Uzbekistan, United Arab Emirates, Tunisia, Saudi Arabia, Qatar, Oman, Kuwait, Iran and Bahrain.
ii.) Political
This area pertains to website content that opposes, refutes or negates governmental control. Additionally banned are issues regarding human rights and freedom of expression. Implied transgressing countries are North Korea, Vietnam, Turkmenistan, Tunisia, Syria, Libya, Iran, China, Burma and Bahrain.
iii.) Internet Tools
This degree interferes, monitors and tampers with e-mail; web hosting; search and translation; VoIP communications and social media. In light of the Arab Spring uprising, social media has skyrocketed as expressive platforms that convey both sentiments and information in opposition with imposed, authoritative control. The worst offending nations are North Korea, Yemen, United Arab Emirates, Tunisia, Syria, Saudi Arabia, Qatar, Kuwait and Iran.
iv.) Conflict & Security
This classification includes anything spanning a vast military spectrum, with sectors in opposition, separatist movements and militant groups. The nations assumed under this category are North Korea, South Korea and China.
In a June 2011 issue of the New York Times, the United States was chronicled as a nation engaged in a global effort to “deploy shadow Internet and mobile phone systems[in which] dissidents can use to undermine repressive governments that seek to silence them by censoring or shutting down telecommunications networks.” Additionally, internet censorship can be circumvented by utilizing a proxy server website to access banned data. A proxy server website is an un-blocked server that is outside of the censored geographic area of the user. This website tool enables retrieval of censored data. Another way to informationally-intervene is by changing a censored IP address to that of an IP from a non-censored country. For assistance in visualizing the above information, look at our infographic below which showcases the key points of anti-censorship data. After all, it’s only fair that a democratic nation encourages “freedom of speech” as a globally-applicable entitlement.
Source: http://en.wikipedia.org/wiki/Internet_censorship
Source: http://en.wikipedia.org/wiki/Internet_censorship_circumvention
Source: http://en.wikipedia.org/wiki/Proxy_server
Source: http://opennet.net/research/profiles
Source: http://answers.yahoo.com/question/index?qid=20080223102536AAU9EcG
The Internet – A Forum for Free Speech
Freedom of expression is classed as a basic human right both in UN statute and International law. Of course this doesn’t mean that all countries and governments respect this right – clearly when you look at countries like Iran, China and Syria that certainly isn’t the case.
Post something critical online about the Thai royal family and if you live in Thailand, expect a knock on the door very soon. Egypt, Turkey, Gaddafi’s Libya and lots of other Middle Eastern countries also have take a very keen interest in controlling what is posted and discussed on the internet.
The control is usually implemented by fear supplemented by draconian filtering and censoring technologies. Facebook and YouTube are routinely blocked in lots of countries across the world simply because they are very lightly moderated and actively encourage free discussion.
Forums are also a great way for people to gather and discuss various topics and I want to tell you the story of an Arabic discussion forum called Tomaar.net. The site was initially created as a place for Saudis to discuss philosophical aspects of Islam – here’s a screenshot of it.
Tomaar Forum
The forum became very popular primarily because it was a place where subjects like women’s rights, equality and homosexuality could be discussed by Saudi’s in the context of their religion. It soon started to attract visitors from across the world and became a hugely successful forum for Arabic speakers. Needless to say that site was not very popular with the religious fundamentalists who hated this sort of free discussion – and this included the Saudi Government.
The forum was hosted in the USA, so it couldn’t be closed down by the Saudi Government who did however block all access from any ISP situated in their country. Fortunately the forum users were sophisticated web users and were able to use circumvention tools like Identity Cloaker and TOR to bypass the blocks and filters. Also many users lived outside Saudi Arabia and were not subject to the ban and so the forum continued to grow in popularity.
What Happened Next to Tomaar.net?
Well the forum had a pretty tough time over the coming months after the Saudi blocks were put up. First of all their hosting providers suddenly pulled the plug, no warning just a letter terminating their contract. Then followed a succession of hosting providers but all were unable to keep the forum up for very long.
Tomaar.net was being targeted and overloaded by frequent DDOS attacks. DDOS stands for Distributed Denial of Service and is basically when a web server is overloaded by loads of computers (also called a botnet) all making repeated requests at the same time. The server hosting the forum was being overloaded and falling over.
You can defend against these attacks and in fact they tried valiantly to keep the forum up commissioning specialist companies like Prolexic Technologies to protect the site. However in the end it just became too costly to protect the site against these regular attacks, the Tomaar site died and a lively discussion forum exists only in the cache of sites like the Waybackmachine.
Was the Saudi Government responsible for all this, there’s no direct proof that I know of. However there are many who strongly believe they were behind the attacks. The reality is that is would be extremely easy for a Government to shut down a site like this, you can even buy large DDOS attacks online for a few hundred dollars.
This is perhaps the most worrying aspect that even a site hosted in a country famous for protecting freedom of speech is not safe. It’s so very simple to close down a website if you have some resources available – no problem at all if you’re an oil rich fundamentalist government.
How to Authenticate a User – Cookies
Nearly every web site faces this dilemma – how to authenticate and identify the users of it’s site. In real life it’s not difficult, you can give someone a photo id or pass, or even ask people to show their drivers license.
The point is that in the real world, you can provide proof of your identity by using a physical credential. So you can borrow a DVD from Blockbusters or get a discount in a hotel by simply showing a specific card that you possess.
The Digital Identification Dilemma
Unfortunately it’s not quite the same in the digital world, it’s impractical (although not impossible) to supply physical credentials to prove your identity. But it does work on basically the same premise – the web site request your credentials and you need to supply them to continue.
An online authentication system like a web site – needs to be supplied with one of the following:
- Something you possess
- Something you know
- Something you are
- Any or all of the above
All these are called ‘authentication factors’ and the more that is supplied – then supposedly the more secure the system is meant to be. For instance if you hear a phrase like ‘Two Factor Authentication’ it simply means that you need two of the above to verify your identity. For example an ATM machine is a good example as you need a card (something you possess) and a PIN access code (something you know) in order to draw out some cash from your account.
In the digital world there are many simple but slightly unreliable ones, for instance verifying your location by IP address is simple to code, but unfortunately unreliable as they c an change freqeuntly. There is one main way of authenticating a user online and that is the ‘cookie’. It’s a term that most of us will be aware of but perhaps not entirely sure what they are.
The cookie is defined as a ‘handle, transaction id, or other token of agreement between operating systems’. The cookie is like the ticket you get when you leave your suit at the dry cleaners. It’s good for only one thing, to get your suit back. The cookie is exactly the same in digital format – a record of a specific transaction or visit. The only difference apart from the lack of a physical token is that the cookie will be updated each time you come back and visit the same site.
This is basically what happens when you visit a web site:
- Web site asks browser to store some information.
- Web site supplies the information.
- Browser stores the information in a file locally (the cookie).
- Cookie doesn’t contain any private information.
- Cookie is presented on subsequent visits.
It’s not that complicated and it’s not intended to be. The real aim is to identify subsequent visits by the same individual – with the aim of storing passwords, preferences and choices made by that person. All the major browsers have the facility to block or restrict cookies of course if you are concerned about the privacy issues.
How Is the Internet Filtered – Why Can’t I Visit that Site?
There are many nations who are rather keen on filtering the internet. Of course the examples they usually use are of sites run by pedophiles and criminals, which of course nobody objects to. However it rarely stops there, and once some sort of filtering system is adopted in a country you’ll find that list of sites that are blocked gets longer and more varied. Pretty soon there will be all sorts of extensive censorship being practiced – your Government will decide what you can and can’t do online.
But there’s another issue – the technical side is far from clear cut. There is no definitive best method for filtering on this scale. Here’s a couple of the methods some countries have implemented. Both of the techniques depend on the development of a blacklist (sites that needs to be blocked). So consider – somewhere there’s a little group of people who hold meetings deciding on what should be included in this list. Imagine if these people had strong religious or political beliefs – their decisions could be quite different from your own.
Unrelated to Post But Funny !
But to utilise this black list you have to find a way of stopping people visiting the sites on the list.
One of the most basic methods is DNS poisoning, an extremely simple method of modifying the domain name tables belonging to the ISP’s.
Using this method you can redirect requests for specific blocked pages to someplace else. So when a user asks for one of these pages his browser is actually misdirected to another server – either with a warning page or simply completely blank.
Surprisingly many of the Scandinavian countries like Norway and Sweden have used this method in the past, although it is also been utilised in Holland and Germany too. It’s an awful way of filtering as it messes around with the core functionality of the internet – DNS. But it’s biggest problem is it’s extremely easy to bypass, point your machine at any non-poisoned DNS server and you will get the right address and be able to access the website. The other obvious issue is that you have to block an entire website as the IP address is not related to a single page. Not easy with many social sites and collaborative platforms like Blogger and WordPress. For example is you want to block a single offensive YouTube video you’d end up blocking most of the site if you use this method.
There are more sophisticated methods of filtering the internet though, companies like BT and Optenet specialize in providing such services such as Netclean. All the solutions work in slightly different ways but fundamentally they all have some sort of method of comparing the requested URL with a list of ‘naughty urls’.
The list is obviously one problem as mentioned above – especially in the eyes of those of us who argue against censorship of the internet. But the technologies can also cause issues as well – a current report from Watchdog International highlighted a few technical difficulties that can happen with one of these technologies.
Here is a few of the instances.
ACMA Test of Blocking YouTube
When the Australian Government trialed the BGP filtering system Netclean White Box, they included a few URLs from Youtube to be blocked. The problem was that because a URL from this site was added, all requests for this domain name (Youtube) then got handled directly through the filter. Normally this wouldn’t be an issue with some low traffic criminal website but because YouTube is so popular the box had to deal with millions of requests – which in the end made the Whitebox fall over.
Wikipedia image was contained byIWF List
The Web Watch Foundation manages a very extensive black list of sites over the web. The list can be used by anybody as a master list of which web sites to block. In this event the IWF added the URL of a Picture saved on Wikipedia. Unfortunately this caused a problem with the BT Cleanfeed system being used, when the system filters the web request it acts like a proxy server replacing it’s own IP address with the request. In one of the tests this meant that Wikipedia got hundreds of thousands of request from a single IP address range (the BT Cleanfeed system) which ended up with it being banned and Wikipedia becoming inaccessible for everyone.
The Web Watch Foundation removed the URL pretty rapidly and realised their error but at least the potential problems were highlighted by it when you start any main-stream censorship and Internet Filtering. There is also the very real issue that such censorship can normally be bypassed very easily by simply using a proxy server if needed.
So Can I Watch UK TV in the USA
The trouble with most media websites is they look at your IP before determining what you can see online. More precisely they look at WHERE your IP is authorized to. Some internet sites like search engines use this to tailor your search results, to ensure that you do not end up getting a plumber who lives on the reverse side of the planet when you sort “local plumber” into Google.
So that is great but regrettably that is just about the only advantage. Much more often it is used to prevent access, so if you need to see US TV stations on line from Europe or perhaps British TV whilst in the US then you’ll be out of luck.
Here’s an example of the kind of display that you’ll get if you do try….
You’ll have the same sort of difficulty if you attempt to access NBC, ABC, Hulu or even Pandora from anyplace outside the USA – because you don’t have a US IP. It gets really annoying, particularly when you travel a lot and discover your self blocked from your favorite web sites simply because you happen to be in another location briefly.
Fortunately it’s possible to sidestep these blocks and actually a complete little miniature industry has developed into allowing completely unfettered use of these web sites.
OK just for illustration, although the same applies to almost every single media site in the world – let’s try and watch the wonderful BBC Iplayer from outside the UK. We’ll just use a security program called Identity Cloaker to access the BBC to demonstrate. The trick is to fool the website into thinking you’re in the UK. This is done by connecting via a different IP address, one based in the UK and hidden by a proxy server.
Here’s what I actually do
That is the small front end of Identity Cloaker which offers you the list of all the proxy servers (about 10 pages of them across a dozen countries). We want a UK one as that will give you a British IP address whcih is essential for UK TV in the USA. In this screen you search down and look for a UK host which has the fastest speed to your relative location. You can also access sites in the United States, Italy, Germany, Canada, Holland and some more places simply by choosing the correct banners.
After selecting this server you will have no problems – simply go to the BBC website and watch whatever you like. You can even disconnect after the programme you wish to watch has started playing (although if you need to change you’ll need to connect to a UK server again).
It’s very easy to use thanks to the point and click interface of Identity Cloaker. It will allow you to see UK TV in almost any country at all, your location simply doesn’t matter. There are loads of providers out there now , but I truly can recommend Identity Cloaker, they have now been around many years, really fast servers and do not charge per proxy like most of the companies.
There’s a really cheap demo for 10 days for a couple of dollars here — Identity Cloaker 10 day trial — try it first to check out how it works for you.
Looking for a Polish Proxy
In years gone by the internet was pretty open, I rarely remembered ever getting blocked access to a website. But things have changed now and there are lots of filters, blocks applied all over the place. In the last few days I was blocked from accessing Hulu in the USA, my banking site and a funny video clip on YouTube because ‘it was not accessible in my region’.
Fortunately for those of us who get cross about these sorts of things – there are now loads of tools and services which can bypass these blocks which use VPNs and proxy servers. It’s easy to find one if you want standard countries like US and the UK but they can be difficult to find for smaller countries.
For example my friend comes from Krakow but now has settled in the UK. But much of his family are still in Poland and he often finds himself connecting back to Polish websites. Unfortunately increasingly he gets blocked because his location (or IP adddress) is outside Poland. Last week it was a Polish TV site online and a bank based in Krakow that had an online service. It’s exactly the same reason you can’t access Hulu from the UK or some of the cracking shows on Canadian TV that are online.
The technology is called Geotargeting and the easiest way you can see this demonstrated is simply by using Google. So here’s what I get if I go to Google -
Google checks my IP address when I connect, cross references with a database of IP Address/Country and sees I’m in the UK so delivers the British version of Google.
But unfortunately this technology is also used to lock me out of many web sites and applications that are not UK based. SO I can’t watch Simpsons on Hulu, listen to music on Pandora or anything that is restricted to other countries.
Anyway I’ll show how I can change my IP address to a Polish one as a quick example. All I need to do is connect to a Polish server and tunnel my connection through that. This will then fool the web site into thinking that’s my location. There are lots of services which can do this but one I use often is called Overplay
Here’s the software working, I just select the country I need and then press connect. In this case I want to get an IP address from Poland so I select a Polish server from the list. I then just put in the username and password and I’m connected – that’s all there is to it – takes about 10 seconds.
Here’s the connection screen, then you just minimize it to the task bar and carry on as normal. However while this is connected all my requests are being routed through the server in Krakow, and that’s where I’ll appear to be from.
Now you can see that if I visit Google, this time I’ll be given the Polish version because my IP address is listed from Krakow. If I change connections I’ll be given a different version Of course this isn’t particularly useful as I’m not really in Poland. But if I wanted to access a Polish media site or online banking then it would be very useful.
If I changed to a US server I could use all the American sites even on my Ipad, change to Canadian server and watch Canadian TV and so on. They’re well worth checking out as you get all the servers included in the subscription – helpful support too – Overplay Trial.