For many people, using proxies if for security and personal privacy. They will know that every time they use the internet for anything that a record is kept in many places about their activity. Often it’s just a small cookie or a record in a log, but at your ISP for instance there is a complete record of every site you visit, every file download and every video watched. This is where the authorities go for instance when they want to investigate something, your ISP.
So it’s hardly surprising that many people seek to hide some of this information, you don’t need to be an international jewel thief or extremist terrorist to want a little more privacy than is currently available to the average internet user – i.e none at all.
So then they look at proxies, and indeed a ten minute Google search will point you in this direction. The proxy server will sit in between you and the web site you visit, meaning that they cannot record your visit properly – only the proxy address. You’ll still get everything logged in your ISP though unless the connection is encrypted perhaps using a VPN or SSH instead.
But here lies a problem, proxies can offer a layer of security but only when they are configured and administered properly. If they aren’t then you are merely handing over yet another complete record of your online activity to another server. In fact it can be worse than that, lots of of the ‘free proxies’ available online are only put there to steal and harvest people’s data. Enterprising hackers will take over these open proxies and log all the data that is transmitted through them – looking for usernames, passwords and identity information that can be used to make them money.
The internet is swarming with free proxies, using the vast majority of them is a really bad idea. I logged into four the other week completely at random and all of them were completely insecure in fact two of them had the proxy service itself running in the context of the ‘root’ account – something only a real IT novice would ever do and extremely dangerous. The reality is that a server is only secure when someone is taking the time and effort to ensure it is secure – that knowledge and effort is rarely available for free.
However if you’re only using a proxy to stream video, perhaps from BBC iPlayer or another media site then perhaps a free proxy could work? After all there’s no personal data just a stream of video so what’s the harm?
Well nothing really, the problem here is much more about practicalities, all these free proxies are completely overloaded and run at a pitifully slow rate. Occasionally you’ll unearth a little fast gem that has escaped notice by the proxy scrapers – but it won’t be fast for long -rarely longer than an hour or so. Expect to spend more time looking for new servers than using them. If you can afford it then a paid subscription is definitely the way forward. Here’s one I recommend in this video – Fast Proxy Server.
As you can see the proxies in this program run very quickly indeed, if you want to stream HD or even standard resolution video or media then a slow proxy will make most un watchable.
Most of the blocks, bans and filters online are based on your location. It’s slightly ironic that the internet was meant to bring us all together, yet most of the world’s media sites are working out ways they can block people from different locations.
Anyway the vast majority of these sites simply look up your IP address when you connect before deciding if you watch or not. So for example to watch CTV the Canadian broadcaster, you’ll have to be based in Canada or connect from a Canadian IP address.
Unfortunately it’s difficult to control your real address as this is assigned to you when you connect to the internet by your ISP. Although it will sometimes vary, it will always be linked to the country you are connecting from.
Fortunately, you can hide your real IP address by conencting via an intermediary – often known as a proxy or VPN server.
How to Watch CTV Outside Canada
Anyway the easiest way to see how it’s done is to watch this short video.
That’s all there is to it. Using a program like Identity Cloaker means you can swap your IP address with a click of the mouse whenever you like. Switch to a Canadian one for CTV, then back to a US address for Hulu followed by a British IP address for the wonderful BBC iPLayer.
If you want to do it for free, you’ll need to find a free Canadian proxy you can use and modify your browser settings to use it instead. It’s not hard to do but unfortunately it’s difficult to find the servers, proxies and VPN servers are very expensive things to run.
You can try it out by using the Identity Cloaker trial account – 10 days of CTV, Iplayer, Hulu or whatever you need to check it works for a few dollars – for the price of a coffee and sandwich you’ll be impressed I’m sure!
You may wonder why I’m writing about Poland and worrying about where to find a proxy server in Poland. Well although I have no real need to access Polish websites, I happen to know a few people who live near me and do.
In years gone by the internet was pretty open, I rarely remembered ever getting blocked access to a website. But things have changed now and there are lots of filters, blocks applied all over the place. In the last few days I was blocked from accessing Hulu in the USA, my banking site and a funny video clip on YouTube because ‘it was not accessible in my region’.
Fortunately for those of us who get cross about these sorts of things – there are now loads of tools and services which can bypass these blocks which use VPNs and proxy servers. It’s easy to find one if you want standard countries like US and the UK but they can be difficult to find for smaller countries.
For example my friend comes from Krakow but now has settled in the UK. But much of his family are still in Poland and he often finds himself connecting back to Polish websites. Unfortunately increasingly he gets blocked because his location (or IP adddress) is outside Poland. Last week it was a Polish TV site online and a bank based in Krakow that had an online service. It’s exactly the same reason you can’t access Hulu from the UK or some of the cracking shows on Canadian TV that are online.
The technology is called Geotargeting and the easiest way you can see this demonstrated is simply by using Google. So here’s what I get if I go to Google -
Google checks my IP address when I connect, cross references with a database of IP Address/Country and sees I’m in the UK so delivers the British version of Google.
But unfortunately this technology is also used to lock me out of many web sites and applications that are not UK based. SO I can’t watch Simpsons on Hulu, listen to music on Pandora or anything that is restricted to other countries.
Anyway I’ll show how I can change my IP address to a Polish one as a quick example. All I need to do is connect to a Polish server and tunnel my connection through that. This will then fool the web site into thinking that’s my location. There are lots of services which can do this but one I use often is called Overplay
Here’s the software working, I just select the country I need and then press connect. In this case I want to get an IP address from Poland so I select a Polish server from the list. I then just put in the username and password and I’m connected – that’s all there is to it – takes about 10 seconds.
Here’s the connection screen, then you just minimize it to the task bar and carry on as normal. However while this is connected all my requests are being routed through the server in Krakow, and that’s where I’ll appear to be from.
Now you can see that if I visit Google, this time I’ll be given the Polish version because my IP address is listed from Krakow. If I change connections I’ll be given a different version Of course this isn’t particularly useful as I’m not really in Poland. But if I wanted to access a Polish media site or online banking then it would be very useful.
Here’s another option demonstrated in this video about accessing TVN player.
If I changed to a US server I could use all the American sites even on my Ipad, change to Canadian server and watch Canadian TV and so on. They’re well worth checking out as you get all the servers included in the subscription – helpful support too – Overplay Trial.
There’s lots of little fancy media streaming devices out now, but for many people looking for something quick and simple to watch online stations like the BBC Iplayer on their TV screen – then a good option is the Nintendo Wii. Many people already have these and they stream media as well as most commercial devices.
But of course just like your computer most of these online channels are restricted to the country they are broadcast from – so you need to be in the USA for Hulu, the United Kingdom for BBC Iplayer and so on.
It’s of course easy to bypass these blocks using a security program like Identity Cloaker on a PC, you just click on the country you want to be in, but can you use the same functionality on other devices such as the Nintendo Wii?
Well the simple answer is yes ! In fact you can switch the location of your Wii to any country where they have a server based – e.g. France, United Kingdom, USA, Canada or Australia for example – so use a US proxy site or a UK one depending on your needs. This also works for some of the other commercial VPN/proxy services, just ask their support desks for help.
So here’s how it works for watching BBC Iplayer on a Nintendo Wii in the USA by using Identity Cloaker.
Obviously you’ll need to connect your Wii to the internet first, which is fairly straight forward. If you’re actually in the UK then all you need to do is go to the shopping channel from the main screen and download the BBC Iplayer channel and that’s it.
For Anyone Outside the United Kingdom – it’s slightly more complicated as you won’t be able to see that channel available. First of all change your country settings -
Wii Options> Wii Settings> Country> Change to UK
This is what controls what’s in the shopping channel – when set to the UK you’ll be able to download BBC Iplayer, you can change it back after if needed.
However this won’t fool the BBC Iplayer website if you’re not in the UK, because it will check your IP address when you try and watch anything. To do this you have to hide your real address and connect using a server based in the United Kingdom.
I will do this using my Identity Cloaker account as follows -
- Go to the Wii System Settings Page and select the Internet connection tab.
- Select the connection you are using and scroll down to proxy server settings.
- Enable the Proxy Server and select advanced settings
- Pick one of the IP address of an Identity Cloaker UK server and use Port 4040
- Input Your Identity Cloaker – Username and Password
- Save Settings and then Watch the BBC
You can get the IP address and your username/password from the Identity Cloaker support team or it’s listed in the members area. If you’re using a different service just contact their support for the same information – as long as they accept authentication in this manner then they all should work.
If you’re looking for a super secure, highly anonymous proxy then it can be rather confusing. After all what does constitute such a server, there are no real definitions only opinions.
The first thing to be aware of is that if someone just adds the word secure or highly secure to their description it means nothing. There are literally thousands of one page proxy servers running as default installations on some free web hosting space which describe themselves as secure – they are not. To keep a proxy secure needs time, technical skill and a very real commitment to keeping the infrastructure secure.
For instance, there are loads of people running proxies who never even consider the question of which user context the proxy should be running in. It’s actually very important but surprisingly a huge number of people run their proxy services as root.
This is a very bad idea, not only does this potentially give an attacker a very real chance of obtaining complete control not only to the proxy but the server it runs on. The slightest bug or vulnerability in the service can be exploited – there goes the server, the data, user accounts and logs.
A Step Towards a Properly Secure Proxy
Someone more security aware might run the proxy service in the context of the ‘nobody’ user. The advantage of this account is that it has no real administrative rights or privileges and there the integrity of the server is maintained even if the account is compromised. It does have some rights though and can access public directories and any other directories or services running in the ‘nobody’ user context.
But the real secure way is to create a dedicated user account specifically to run the proxy server in. It would have no other function and importantly no other rights or permissions applied. This protects the server, the logs and any users data that may be on the machine. It’s a simple point but a fundamental step in running a truly secure proxy server and giving you a secure IP address to use – 99% of the proxies you find online won’t be set up like this.
The unfortunate thing is that people tend to imagine that a proxy server that obscures your IP address adds a level of security and anonymity automatically. This is simply not the case and a badly configured proxy is far worse than using no proxy at all. Remember that when you use a proxy server all your data is diverted through that server and everything is probably logged too. It’s a huge risk using a badly configured server, whether it’s meant to be a simple porn proxy or highly secure VPN!
The security of the proxy server is really dependent on the technical expertise of the people who set it up and run it. You’ll never get a secure proxy server for nothing simply because professionals don’t work for free. Kids running proxies on free web space who have no concept of security – do however.
Updated Content and Tags – May 10th, 2013
If you search on the internet you’ll find many proxy sites including plenty of USA based proxies – usually they consist of loads of adverts and a little slot in the middle of the page where you type the website you want.
These sites promise you the following -
- ability to bypass firewalls
- ability to bypass content filters
In reality you’ll normally get none of these although to be fair there are some benefits. Here’s the truth about these proxies and the claimed benefits to help you make your own decision.
If you’re really concerned about security and your privacy then the answer is don’t use these websites. certainly never use them to access any site that requires passwords or personal credentials. These sites normally are set up quickly and easily using a proxy software called Glype. This is simply installed on some cheap or free hosting account and surrounded by adverts in an attempt to make money.
Of course there’s nothing wrong with that but be aware the server is not secured, they are also not highly anonymous and there will be no mention of what happens to the logs and you are trusting that website with whatever data you send through it. In reality all you are doing is adding another risk to your browsing. There are some malicious web sites which exist just to steal any credentials that are sent through it.
The claim for anonymity for these sites can be partially true if they are configured correctly. What they can protect from is the web site you are visiting storing your IP address in it’s logs. The main problem with trying to stay anonymous on the web is two fold – firstly your browsing is logged in its entirety at your ISP, secondly it’s all in clear text so is readable by anyone.
The proxies will sometimes stop your IP address being logged at the web site you visit – that’s it. But in exchange it will be logged on their server which may well be run by a 16 year old in his spare time.
Using Proxies to Bypass Firewalls
This can work in a particularly lax environment but in those cases you probably won’t need a proxy server! If the firewall just blocks access to specific IP addresses or URLs then this might work. However most environments are rather more sophisticated than that. Also the majority of web proxy sites are themselves blocked anyway. They can be useful in countries with basic blocks on popular sites like Facebook and YouTube for example.
Using Proxies to Bypass Content Filters
This is a complete non starter as no web proxy will have the slightest effect here. The problem is that although a content filter also looks for specific web sites, IP addresses and content to block it actually looks at the request itself. Most filters look inside the packet themselves so proxies will have no effect whatsoever apart from getting you flagged by the IT Admins for trying to circumvent any restrictions. There is only one way to bypass a sophisticated content filter and that’s to use a concealed proxy server plus encrypt all your data. The encryption means that the content filter can’t look inside the packet and work out the destination. So if you don’t want to have every thing you do online logged and recorded by your ISP and/or employer then encryption is a must. It’s often used when people access pornography online – particularly popular in the middle East where a porn proxy are standard because of the various blocks implemented by the Governments.
The United States of America is known for its declarative stances on life, liberty and the pursuit of happiness. However, this doesn’t seem to be the case when we spend a lifetime – pursuing liberty – only to be met with the unhappiness of censorship. In today’s modern world, the battle for freedom, along with the war against freedom of expression, has shifted gears online. Repressive regimes persistently undermine global civil liberties; cunningly employing various Internet censorship techniques to appear stagnant and under the radar.
The magnitude of Internet filtering and censorship in any given nation is measured by the OpenNet Initiative, or “ONI.” According their website mission statement, the OpenNet Initiative aims to “identify and document Internet filtering and surveillance, and to promote and inform wider public dialogues about such practices.” There are 5 categories of censorship magnitudes (in addition to various nations profiled on ONI’s website) that are structured upon the following bases:
1.) Lack of Evidence
In this case, there is no apparent evidence that websites are being blocked by the government, though forms of control may be employed. The biggest offending countries of proof-voided corroboration are: Afghanistan, Algeria, Bangladesh, Egypt, France, Germany, Iraq, Israel, Malaysia, Nepal, Nigeria, Uganda, Ukraine, United Kingdom, United States, Venezuela and finally, Zimbabwe.
This category alludes to suspicion of blocked websites by governmental influences, yet without tangible confirmation. A prime example is North Korea, which has a national intranet with approximately 30 approved websites. North Korea is an extremely isolated country, and this separation contributes to the difficulties posed in obtaining substantial information.
This grouping implies that a small number of websites may be blocked, and/or a small number of people may see filtered results. Countries such as Armenia, Azerbaijan, Belarus, Georgia, India, Italy, Jordan, Kazakhstan, Libya, Moldova, Morocco, Russia, Singapore, Tajikistan, Thailand and Turkey serve as the deeming nations under this category.
This category identifies nations that filter search results, while further blocking websites at a regularly-low or moderate level. Countries likely to be considered under this grouping are Burma, Ethiopia, Gaza and the West Bank, Indonesia, Pakistan, South Korea, Sudan and Uzbekistan.
Under this extreme magnitude, massive censorship is implemented by the government. Many websites are blocked and freedom of expression is severely limited. Participating nations include: Bahrain, China, Iran, Kuwait, Kyrgyzstan, Lebanon, North Korea, Oman, Qatar, Saudi Arabia, Syria, Tunisia, Turkmenistan, United Arab Emirates, Vietnam and Yemen.
In an attempt to expose cyber filtering and surveillance practices, OPI monitors and rates four areas of Internet activity, as listed below.
These websites generally centralize around taboo issues; ranging from sexually-explicit content, various forms of betting and drugs. The worst offending countries are considered to be: North Korea, Yemen, Uzbekistan, United Arab Emirates, Tunisia, Saudi Arabia, Qatar, Oman, Kuwait, Iran and Bahrain.
This area pertains to website content that opposes, refutes or negates governmental control. Additionally banned are issues regarding human rights and freedom of expression. Implied transgressing countries are North Korea, Vietnam, Turkmenistan, Tunisia, Syria, Libya, Iran, China, Burma and Bahrain.
iii.) Internet Tools
This degree interferes, monitors and tampers with e-mail; web hosting; search and translation; VoIP communications and social media. In light of the Arab Spring uprising, social media has skyrocketed as expressive platforms that convey both sentiments and information in opposition with imposed, authoritative control. The worst offending nations are North Korea, Yemen, United Arab Emirates, Tunisia, Syria, Saudi Arabia, Qatar, Kuwait and Iran.
iv.) Conflict & Security
This classification includes anything spanning a vast military spectrum, with sectors in opposition, separatist movements and militant groups. The nations assumed under this category are North Korea, South Korea and China.
In a June 2011 issue of the New York Times, the United States was chronicled as a nation engaged in a global effort to “deploy shadow Internet and mobile phone systems[in which] dissidents can use to undermine repressive governments that seek to silence them by censoring or shutting down telecommunications networks.” Additionally, internet censorship can be circumvented by utilizing a proxy server website to access banned data. A proxy server website is an un-blocked server that is outside of the censored geographic area of the user. This website tool enables retrieval of censored data. Another way to informationally-intervene is by changing a censored IP address to that of an IP from a non-censored country. For assistance in visualizing the above information, look at our infographic below which showcases the key points of anti-censorship data. After all, it’s only fair that a democratic nation encourages “freedom of speech” as a globally-applicable entitlement.
Freedom of expression is classed as a basic human right both in UN statute and International law. Of course this doesn’t mean that all countries and governments respect this right – clearly when you look at countries like Iran, China and Syria that certainly isn’t the case.
Post something critical online about the Thai royal family and if you live in Thailand, expect a knock on the door very soon. Egypt, Turkey, Gaddafi’s Libya and lots of other Middle Eastern countries also have take a very keen interest in controlling what is posted and discussed on the internet.
The control is usually implemented by fear supplemented by draconian filtering and censoring technologies. Facebook and YouTube are routinely blocked in lots of countries across the world simply because they are very lightly moderated and actively encourage free discussion.
Forums are also a great way for people to gather and discuss various topics and I want to tell you the story of an Arabic discussion forum called Tomaar.net. The site was initially created as a place for Saudis to discuss philosophical aspects of Islam – here’s a screenshot of it.
The forum became very popular primarily because it was a place where subjects like women’s rights, equality and homosexuality could be discussed by Saudi’s in the context of their religion. It soon started to attract visitors from across the world and became a hugely successful forum for Arabic speakers. Needless to say that site was not very popular with the religious fundamentalists who hated this sort of free discussion – and this included the Saudi Government.
The forum was hosted in the USA, so it couldn’t be closed down by the Saudi Government who did however block all access from any ISP situated in their country. Fortunately the forum users were sophisticated web users and were able to use circumvention tools like Identity Cloaker and TOR to bypass the blocks and filters. Also many users lived outside Saudi Arabia and were not subject to the ban and so the forum continued to grow in popularity.
What Happened Next to Tomaar.net?
Well the forum had a pretty tough time over the coming months after the Saudi blocks were put up. First of all their hosting providers suddenly pulled the plug, no warning just a letter terminating their contract. Then followed a succession of hosting providers but all were unable to keep the forum up for very long.
Tomaar.net was being targeted and overloaded by frequent DDOS attacks. DDOS stands for Distributed Denial of Service and is basically when a web server is overloaded by loads of computers (also called a botnet) all making repeated requests at the same time. The server hosting the forum was being overloaded and falling over.
You can defend against these attacks and in fact they tried valiantly to keep the forum up commissioning specialist companies like Prolexic Technologies to protect the site. However in the end it just became too costly to protect the site against these regular attacks, the Tomaar site died and a lively discussion forum exists only in the cache of sites like the Waybackmachine.
Was the Saudi Government responsible for all this, there’s no direct proof that I know of. However there are many who strongly believe they were behind the attacks. The reality is that is would be extremely easy for a Government to shut down a site like this, you can even buy large DDOS attacks online for a few hundred dollars.
This is perhaps the most worrying aspect that even a site hosted in a country famous for protecting freedom of speech is not safe. It’s so very simple to close down a website if you have some resources available – no problem at all if you’re an oil rich fundamentalist government.
There are many nations who are rather keen on filtering the internet. Of course the examples they usually use are of sites run by pedophiles and criminals, which of course nobody objects to. However it rarely stops there, and once some sort of filtering system is adopted in a country you’ll find that list of sites that are blocked gets longer and more varied. Pretty soon there will be all sorts of extensive censorship being practiced – your Government will decide what you can and can’t do online.
But there’s another issue – the technical side is far from clear cut. There is no definitive best method for filtering on this scale. Here’s a couple of the methods some countries have implemented. Both of the techniques depend on the development of a blacklist (sites that needs to be blocked). So consider – somewhere there’s a little group of people who hold meetings deciding on what should be included in this list. Imagine if these people had strong religious or political beliefs – their decisions could be quite different from your own.
But to utilise this black list you have to find a way of stopping people visiting the sites on the list.
One of the most basic methods is DNS poisoning, an extremely simple method of modifying the domain name tables belonging to the ISP’s.
Using this method you can redirect requests for specific blocked pages to someplace else. So when a user asks for one of these pages his browser is actually misdirected to another server – either with a warning page or simply completely blank.
Surprisingly many of the Scandinavian countries like Norway and Sweden have used this method in the past, although it is also been utilised in Holland and Germany too. It’s an awful way of filtering as it messes around with the core functionality of the internet – DNS. But it’s biggest problem is it’s extremely easy to bypass, point your machine at any non-poisoned DNS server and you will get the right address and be able to access the website. The other obvious issue is that you have to block an entire website as the IP address is not related to a single page. Not easy with many social sites and collaborative platforms like Blogger and WordPress. For example is you want to block a single offensive YouTube video you’d end up blocking most of the site if you use this method.
There are more sophisticated methods of filtering the internet though, companies like BT and Optenet specialize in providing such services such as Netclean. All the solutions work in slightly different ways but fundamentally they all have some sort of method of comparing the requested URL with a list of ‘naughty urls’.
The list is obviously one problem as mentioned above – especially in the eyes of those of us who argue against censorship of the internet. But the technologies can also cause issues as well – a current report from Watchdog International highlighted a few technical difficulties that can happen with one of these technologies.
Here is a few of the instances.
ACMA Test of Blocking YouTube
When the Australian Government trialed the BGP filtering system Netclean White Box, they included a few URLs from Youtube to be blocked. The problem was that because a URL from this site was added, all requests for this domain name (Youtube) then got handled directly through the filter. Normally this wouldn’t be an issue with some low traffic criminal website but because YouTube is so popular the box had to deal with millions of requests – which in the end made the Whitebox fall over.
Wikipedia image was contained byIWF List
The Web Watch Foundation manages a very extensive black list of sites over the web. The list can be used by anybody as a master list of which web sites to block. In this event the IWF added the URL of a Picture saved on Wikipedia. Unfortunately this caused a problem with the BT Cleanfeed system being used, when the system filters the web request it acts like a proxy server replacing it’s own IP address with the request. In one of the tests this meant that Wikipedia got hundreds of thousands of request from a single IP address range (the BT Cleanfeed system) which ended up with it being banned and Wikipedia becoming inaccessible for everyone.
The Web Watch Foundation removed the URL pretty rapidly and realised their error but at least the potential problems were highlighted by it when you start any main-stream censorship and Internet Filtering. There is also the very real issue that such censorship can normally be bypassed very easily by simply using a proxy server if needed.