Your browser (Internet Explorer 6) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.
X
Post

Unblock US Netflix Free Trial

A few years ago, only a select few could get access to Netflix. Indeed for quite a while the list of countries which has Netflix was very small, including only the largest developed countries primarily across North America and Europe.  This has changed greatly and now you can access the media giant in most countries in the world.  It doesn’t matter whether you’re in Japan, Turkey or the USA then you should be able to subscribe and watch Netflix without problems.

Unblock US Netflix Free Trial

This is not the complete story, as although you can access your Netflix account pretty much anywhere nowadays – what you’ll see is heavily dependent on where you happen to be located.  This is because Netflix has to license all the shows on a per country basis, i.e. if it pays for rights in the USA it would then have to pay separately for all the other countries.  Obviously this means that Netflix will invest much more heavily in the bigger markets than it will in the smaller countries.   So the service you get in somewhere like Austria will be much different from what you’ll receive if you logged in from New York.

The problem many people have with this, especially those who travel a lot is that these differences are hugely significant.  The actual figures vary quite a bit, but some estimates suggest that there are tens of thousands more films and TV shows in the biggest version of Netflix (the USA) than in the other countries.  Even though the subscription costs are similar it means that a US subscriber gets way more content than a subscriber from any other country.  What’s more if you travel you’ll switch between versions which can be extremely annoying when suddenly the box-set you’re half way through suddenly disappears because you’ve moved across a national boundary!

Is it fair? Well obviously this largely depends on where you happen to be.  You’re unlikely to hear many complaints from US residents especially if they don’t travel much.  The US version of Netflix is so much better than everyone else’s, not only in quantity but quality too.  For example at the time of writing there’s only one version of Netflix which has the latest blockbusters – The Last Jedi and Guardians of the Galaxy 2, yes of course it’s the US version.

How to Unblock US Netflix Free Trial

This is by far the simplest method to enable anyone to switch to the US version of Netflix irrespective of their location.

Over the years there have been many methods and indeed thousands of different services which allowed you to access different versions of Netflix from the one you’re locked into. However this has changed greatly over the last year or so. Netflix doesn’t like it’s users doing this even though it at one point there were millions ‘unofficially’ accessing Netflix from countries where it wasn’t even available. For instance, there were estimated at nearly 1/2 million Australian subscribers of Netflix in the year before it became available there!

Most of these were simply using straight forward proxies and VPNs to hide their current location. The concept was simple, if you relay your internet connection through a VPN server or proxy in the USA for example, Netflix would see the US IP address of the server not your true location. Which meant that a Netflix user in Mexico would get the US version instead of the Mexican version. Netflix started blocking and filtering these connections in a variety of ways however the real game-changer was when they started blocking access to commercial IP addresses.

This suddenly stopped 99% of VPNs and other unblock US login methods virtually overnight. The reason was that all of these services used ‘commercially’ registered IP addresses simply because they are very easy to obtain. Getting hold of ‘residential addresses’ is much, much harder simply because they’re normally reserved for ISPs who release them to home customers. The effect was almost instantaneous, social media and forums were filled with cries as suddenly all these VPN services stopped working. There was little point contacting support, as in most cases there was nothing they could do. The problems was the IP addresses not the services themselves which affected VPNs and even the Unblock US DNS not working too.

So is Unblock US Support for Netflix Still Possible?

Yes it is, but on a much less widespread scale. The method illustrated in the video above is working perfectly in the Summer of 2018 using a company called Smart DNS Proxy, well after Netflix’s initial purge.  The current state of play is that you must have access to a residential IP address based in the country you require in order to access that version of Netflix.  Most of the VPN service providers have pretty much given up on supporting Netflix for this reason.

Unfortunately residential IP addresses are difficult to obtain and extremely expensive even if you can access them.  The companies who do have access to them, for the most part have focused on addresses based in the USA.  There is a much greater demand for the US version of Netflix than any other country which is why they are still supported by some companies.  It’s important to check for yourself though, forget about reputation and fancy websites – pick a trial account and try it for yourself.  Netflix have indeed reduced the options and put lots of the disable unblock US companies out of business, but there are still some that remain.

IS it Really Worth the Effort to Unblock US Netflix?

It’s true that many national versions of Netflix are pretty similar, indeed some are virtually identical apart from language variants.  Depending on where you travel and to what extent you use Netflix it might not be worth the trouble or additional expense.  However for those of us who live in smaller countries, travel a lot or simply use our Netflix account very often getting access to the US version of Netflix is definitely worth it.

It’s not just the thousands of extra programmes and movies, but the quality as well.  Netflix makes a great effort to get blockbusters onto US Netflix in order to boost sales and support expensive advertising campaigns.  They simply won’t spend the same on a smaller market with less rewards.

unblock us download

A classic example is the film – The Last Jedi, which currently is only licensed on US Netflix.  You won’t find it on any other version currently and there are loads of the latest blockbusters which are only found on the American version which makes it well worth unblock US download to your computer.    The same situation happens with TV series, you might be happy to find the first series of a popular show on the French or UK version of Netflix.  However this is often because the older releases are cheaper, you’ll normally find that there most of the later series will be on the US version too.

Over the years I’ve tried loads of methods for unlocking US Netflix primarily so I can keep up with the latest releases. Proxies no longer work at all, so you can forget them. There are about two VPN services which still work in 2018 including Identity Cloaker. However you have to use the software and it won’t work on tablets and smartphones at the moment.

There is no doubt the best solution at the moment to unblock US Netflix and that’s to use a Smart DNS service which has the requisite residential IP addresses.  There’s only one which I have used which is both reliable and quick enough to stream video and that’s the service from Smart DNS Proxy.  They also include a VPN service but I suggest you leave that unless you need the security as the Smart DNS version works better.

The best thing is that this company actually provides a free trial if you access from the correct link.  Which means you can test it out and see if it’s worth the money before committing.  Honestly I’ll think you’ll be impressed, with both the speed an reliability and also the amazing amount of content on the US version of Netflix compared you your own locale. What’s more you can try before you buy with a Unblock US Netflix Free Trial.

Try it out on the Link below.

Free, No Obligation Trial of Smart DNS Proxy

 

 

Post

High Quality US Proxy Server – an Essential Tool

Many people use proxies to bypass internet filters and regional restrictions.   For example YouTube videos are often restricted to specific countries and it’s quite common to get the message – ‘not available in your country’.   However these are enforced by looking up your IP address and if you use a proxy you can effectively bypass these blocks.  They work because if you use proxy servers and connect through them, it’s the address of the server which is identified not your real address.   So if you use a US proxy you can access US only sites, use a UK server for British web sites and so on.   Well this is how it used to work, invest a few pennies to buy a cheap proxy or scrape a cheap proxy list and you were sorted.  These days have long gone now because of technical implementations in detecting these servers.

Unfortunately most of the websites that operate these region blocks can detect the use of proxies and they are mostly blocked.  Even if you use a high quality US proxy server, you won’t be able to access sites like Netflix or Hulu without receiving these sort of messages –

High Quality US Proxy

The usefulness of a proxy server is fairly limited now with more and more sites automatically blocking access from them. There are some issues with this, particularly people who surf through corporate networks for example.  Most firms use proxies in order to control access to the internet and limit security problems, so when Hulu blocks access through proxies it’s actually affecting this group as well.

Ensure the High Quality US Proxy Server Has a VPN Mode

If you want to bypass all the region locks and completely remove all of the restrictions on your internet connection then it’s a VPN service you should be using.  A VPN is a Virtual private network and operates in a similar way to a proxy server however the connection is encrypted and almost impossible to identify.     Even the highest quality proxy server can be detected however there is currently no method for actively identifying an incoming connection from a VPN server.

However, you have to be careful even when selecting a VPN service to use – some of the media companies have started to manually block these services too.  What they do is identify IP address ranges and companies who advertise the ability to bypass these blocks and ensure they can’t access the services.  Hulu and Netflix have been particularly aggressive in doing this and even some of the UK TV channels like the BBC blocking abroad as well.

In addition there are other measures being used to block connections originating from VPN servers too.   The BBC have recently extended their restrictions to include too many concurrent connections from the same IP addresses.  For example if you use a very popular VPN service, like Hide my ASS then you’ll be sharing your IP address with many thousands of users.  These are easy to detect and simple to block, it doesn’t actually matter how well they are configured if too many people are using them a VPN will be blocked as easily as cheap private proxies.   The threshold is difficult to assess and you don’t need to use completely dedicated proxies as long as they are not overloaded.

As you can tell, there are no guarantees on maintaining access to any particular service.  Currently Netflix and Hulu are probably the most aggressive in blocking access from VPN enabled services but many still work.  You should ensure that your chosen VPN provider is not advertising the ability to watch particular stations.  These are always targeted by the media sites, even years ago a private proxy server which promoted access to online TV stations would never last long – nowadays their servers will be blocked very quickly indeed.

Otherwise it really depends on which websites are a priority for you.  For example, as mentioned Netflix are one of the most aggressive companies in blocking access and even the best private proxies or VPN servers will be ineffective.  This is because in addition to other restrictions they also limit access to IP addresses classified as residential.  Unfortunately this instantly rules out 99% of VPN providers who usually are based in commercial data centers which have commercially classified IP ranges.  Try and connect to the US version of Netflix from a commercial IP address and you’ll get blocked instantly.  It doesn’t matter how well they are configured as even the high quality US proxy services won’t work if they’re tagged with commercial addresses.  Some of the more advanced security companies like . have some residential IP address ranges but these are very difficult to obtain for use by commercial companies.

If you want to use a particular service then it’s best to test the functionality first before subscribing for a longer period.  There are still VPN services which work with most of the media sites, however some are more difficult than others.  Accessing the US version of Netflix is probably the hardest as they only allow a specific category of IP addresses through their firewalls.

The reality is that without having some sort of control of your connection and IP address you will be constantly blocked, filtered and monitored whenever you are online.   For those of us who travel it’s even more inconvenient as websites we normally access are suddenly unavailable due to a new location.   Being able to hide your address stops all this and hands back control.

Post

How Does Netflix Block VPN Programs

Many of the internet’s biggest media sites operate a system of region locking.  The BBC iPlayer for example blocks access to anyone outside the UK, similarly the US website Hulu blocks access to anyone located outside the USA.  Virtually all the media web sites do this, including video sites like Youtube which controls what videos can be seen depending on your location.  Fortunately there is a way around this, and millions of people across the world use VPNs to hide their physical locations.

These work by obscuring your real IP address by redirecting your connection through the VPN server.  If the VPN is located in the correct country then you’ll be allowed access, so people would use a UK VPN to watch the BBC online and a US server to watch American content.    Most of the web sites try to block access from these VPN  servers however none have been very successful, except for one company – Netflix.

Here’s How Netflix Block VPN Programs

Most of the previous methods for blocking VPNs and proxies simply involve detecting and blacklisting the IP addresses of individual VPN servers. This works to some extent but is relatively simple for the VPN providers to bypass. When specific IP addresses are blocked they would simply replace them with alternatives, it ends up something of a cat and mouse game with the web providers. Many companies such as the BBC do this periodically so the blocks are normally fairly intermittent.

netflix-ussmartdns
Mostly though people were unaffected, most of the decent VPN services have many servers which they rotated IP addresses when unaffected. Netflix however adopted another tactic, which proved to be more effective. What they did was instead of blocking individual IP addresses of VPN servers, they blocked a whole classification – commercial based addresses.

All IP addresses are classified into two types – residential and commercial. Residential IP addresses are allocated to domestic customers via their ISPs well companies and data centres receive commercial addresses instead. Netflix solution worked instantly by blocking access to all commercial addresses, the region locking was enforced and none of the VPN services worked.

Currently there are only a couple of VPN services which still work, these have managed to incorporate residential addresses into their network. One of the oldest companies, Identity Cloaker has built this capability into it’s software so that if anyone tries to connect to Netflix they will automatically be redirected to a server assigned with a residential IP address range. It works perfectly although these addresses are expensive and difficult to obtain so you should check if you require them as most VPN services won’t have access to them.

Post

How to Bypass the Netflix Block

It’s cunning, it’s sneaky and has caused much sadness among movie fans across the world, I’m referring to Netflix suddenly blocking virtually every single VPN and proxy service.   Slowly it’s become harder and harder to find a reliable proxy service to access the wonders of USA Netflix and last month became pretty much impossible.   However on the internet it’s very difficult to block everyone and when the secret is out, you’re back to square one.

How to Bypass the Netflix Block

Well first it’s important to understand the method, how does Netflix block VPNs is the question but also the solution too. In fact it’s actually not as sophisticated as you might have thought, but it’s definitely pretty effective.

Netflix had previously followed the standard route of big media company wanting to block people like you and me trying to get round their region locks so they could watch the best movies with their NETFLIX SUBSCRIPTION. This was a combination of picking out the high profile VPNs – the services who advertise on social media and PPC plus manual identification of IP addresses with multiple streams. It works to an extent but is very time consuming and the VPN/proxy services simply switch addresses when required so that it becomes a constant battle.

However instead of pursuing this tactic indefinitely, Netflix chose another option and decided to target the classification as well as the location of the IP address. They simply blocked all ‘commercial’ classified IP addresses – which meant that anyone using an address held by a commercial organisation would not be able to access Netflix wherever they happened to be.

So every standard residential IP address would be allowed through but all the addresses from commercial enterprises were blocked across the board. These included virtually every data center too so all the VPN suddenly stopped working almost overnight. The only addresses that now worked were the ones classified as residential which are mostly allocated through ISPs directly to home users.

For a VPN service to continue to work with Netflix in any capacity it needed access to these residential IP addresses. Without these addresses it is impossible to bypass the Netflix block at at all. Fortunately a couple of companies seem to have gained access to these and introduced them into their server infrastructure effectively regaining access – one of them is Identity Cloaker which has enabled UK and USA residential IP addresses for Netflix users only.

Post

How to Fix Netflix VPN Problem – What Now?

Surely it cannot be true! Is Netflix blocking VPNs and proxies? Are we doomed to be locked into our own crap region of Netflix or even worse are people outside the Netflix coverage locked out completely. Well the simple answer is yes, at the moment Netflix is investing a huge amount of time and resources in blocking not just proxies – they’re also blocking VPN services too!  Fear not though, this article shows you how to fix Netflix VPN problems.

It’s come as a bit of a shock for many, most people go through the following stages with most region locked content.

  1. Annoyance – tried to watch a show, video or broadcast online somewhere like YouTube, BBC or Netflix and got blocked.
  2. Research – learn about region locking and finding out that it’s simply based on the location of your IP address
  3. Solution – realising that if you hide your IP address by using a VPN or proxy will bypass all these blocks and let you watch whatever the hell you want!

Once you reach the last stage all those annoying blocks and filters simply disappear.   You can watch anything from anywhere, irrespective of your location – for example I have sat in a Spanish bar watching the News on the BBC (UK IP address), then switched to an American IP to watch the US version of Netflix then watch some football on RTE (the Irish Broadcaster).    Without a suitable VPN service none of these would be possible, for me it makes a massive difference to my viewing options.

how to fix Netflix VPN

Now over the years, many of these online broadcasters have made various attempts to thwart these efforts.  In fact it would probably be safe to say the use of very simple proxy servers are now pretty much gone as far as bypassing region locking goes. There has been no such thing as a Netflix proxy free or paid that worked for many years, in fact the only major broadcaster who didn’t block proxies were the BBC but even they started doing this last year.   The problem is that the use of a proxy can be detected very easily by all these sites which now makes them fairly useless.

No worries, for we still had VPN services, the virtual private network connections are encrypted and almost impossible to detect.   Unfortunately these too started to suffer casualties and many broadcasters have waged a sort of half-hearted war on VPN servers too.  Initially it was nothing more than individually blocking the addresses of popular ones which became too mainstream if you found your netflix vpn not working prior to 2016 it was easily remedied.   It was never that bad though and usually you could just switch to another IP address and it would work fine.  Unfortunately that’s looking like it’s changing too  – the Netflix VPN ban was implemented towards the end of 2016.

Netflix have changed all this, they’ve really gone to war with VPN services and have actually managed to block 99% of them from working.   You’ll hear many tales of woe from people who have VPN accounts set up simply to watch the US version of Netflix which no longer work.   Netflix blocked VPN services every where, well very nearly all – for Netflix VPN 2017 needs something very specific.

So how to fix Netflix VPN ?

They have succeeded where many have failed by adopting a different tactic. Instead of trying to detect the VPN connections or individually identifying specific IP addresses, Netflix have focused on the origin of the VPN addresses. You see most IP addresses are grouped into two distinct groups –

  • Commercial IP Addresses – assigned from data centers for websites and commercial servers.
  • Residential IP addresses – assigned by ISPs to their customers from their internet accounts.

All the VPN and proxies came from the first category, so the VPNs all had commercial IP addresses. Netflix simply detected which group the connection was from and blocked all the commercial IP addresses whilst allowing the second category through. If you connected with a commercial IP address from a proxy or VPN to Netflix this is what you’d get this –

Netflix blocking proxies and VPNs
Suddenly almost overnight Netflix blocked VPNs, proxies and Smart DNS solutions from everywhere – they still couldn’t detect the presence of the technology – but they knew if the IP address was commercial.   However there’s a solution in this video entitled Netflix Block VPN services.

Fortunately there is some hope, a couple of the most advanced VPN systems had already identified this cause and have made plans to rectify. Identity Cloaker is one of these and have introduced code to detect when the VPN is used to connect to Netflix, when it does it is relayed through a residential IP address which is allowed through. It works perfectly and should do for the foreseeable future, although the downside is that residential IP addresses like this are much more expensive so there may be some pressure on subscriptions.   So if you want a VPN service specifically for Netflix you’ll need one that supports these residential addresses, that means only the sophisticated products will work and there is no best free VPN for Netflix anymore.

 Identity Cloaker is now one of the only VPN/Proxy services which is not blocked by Netflix.  Try the . trial here

Post

Switching Locations for a Better Price

Many companies who operate on the internet operate an economic technique called price discrimination. This is a way where companies can sell the same goods and services for different prices in order to maximise profits rather than sell at a single price to everyone. The concept follows the idea that different people will pay different amounts for the same product.

The internet initially looked like it would change this, price discrimination relies on separating markets in order to charge different amounts. When anyone can buy from anywhere in the world the barriers seemed to fall especially for services and low weight items which can be easily distributed. Why buy something for £100 from a UK based site when it’s available from a French site for half the price, the web threatened to smash down these barriers.

Alas this didn’t last long, and in some cases the internet has made things worse with global companies setting up localised versions of their sites (and prices) using a technology called geo-location. This is quite a simple technology which looks up your physical location based on the internet address (IP) that is assigned to you by your ISP (Internet service provider). Using this technology people are redirected or even blocked based on their location, so connect from France and you get a French version of a site, from USA you’ll get a US version and so on – the idea that different prices and services can be supplied based on what the local market will support.

This behaviour is now pretty pervasive with almost all internet retailers operating to some extent. Login and check an air fare price for example you’ll probably get offered a different fare depending on where you are physically for the same flight. This of course makes it essential that you can get some sort of control back unless you want to be paying top prices for everything you buy online. To do this is fortunately very straight forward – simply use proxies to change your IP address. Here’s how you can use an English proxy – just here, to switch your location to the UK.

So whilst connected to this service you can choose out of about twenty countries to route your connection through. Use a British server and you’ll have a British IP address, an American service will give you a US IP address and so on. Using this you can check out the prices of all sorts of site based on different physical locations.

For example I always use this to watch the BBC from Ireland but I recently wanted to book a city break for my family. Funnily enough I got completely different prices for flights based on an Irish address to a British address despite the flights being identical in every sense. Unsurprisingly I have found that generally my standard UK address gives me a much worse deal than a French or American on for some reason.

Post

New Police Powers in UK Surveillance Legislation

A new surveillance bill giving much stronger powers to various security agencies will be introduced by Theresa May next month.  November 4th will see the release of the new Investigatory Powers Bill which will force telecoms and internet service providers to retain their customers web browsing for 12 months.   To blunt the complaints from the ISPs, they will be paid to cover the extra costs involved in storing and handling all this data.

The access to this sensitive data will only be granted to police, intelligence agencies, National Crime agency and the HM Revenues and Customs.  So in reality it means thousands of people with links to any of these agencies will potentially be able to see what you were doing online over the last year.

work-933061_640

The measures are fairly similar to the previous Communications Data Bill(popularly known as the Snoopers Charter) which was blocked by the Liberal Democrats.  Again the new bill is far reaching and covering pretty much all web activities from email to web browsing and even Facebook and Twitter.  It sounds like there will be no exceptions and all platforms and everyone of us will be included.

Remember they are just proposals.

The justification is of course fairly predictable, terrorism, espionage and criminality. The ISPs are being paid not only to retain your emails, internet usage and other electronic communication but also to organise it and make it easily searchable to the various agencies.

There are of course many people who feel this is an unjustified invasion of privacy – here’s few of my objections.

  • You only spy on the innocent – people who have something to hide can and do encrypt their communications which won’t be accessible.
  • Can Governments be trusted with this huge and very personal data – I suggest not.
  • Is is justifiable to spy on millions of innocent in the small chance they’ll catch the odd ‘stupid’ criminal or terrorist.
  • Edward Snowden has shown us that security agencies have completely ignored privacy laws to this point, how can we trust them.
Post

End of the Line for Smart DNS ?

In  the battle to circumvent blocks, filtering and censorship – Smart DNS technology was like a breath of fresh air.  It catered for people who didn’t care about security and encryption – they were just concerned that the USA version of Netflix was much better than theirs or they desperately wanted to watch the latest version of Dr Who on the BBC online.    Both situations were restricted depending on your location, to watch the vastly superior US version of Netflix you had to physically be in the US and to use the BBC iPlayer you needed to be in the United Kingdom.

BBC Iplayer Blocked

Clearly all couldn’t be true, and slowly we’ve all got used to being blocked and redirected depending on our location.  Of course, we could all use VPNs and sometimes even proxies worked but these are expensive to run especially fast ones.  Imagine the costs of thousands of people streaming video all across  the world – the hardware and bandwidth requirements are substantial.   Decent VPN servers cost a lot to run and hence the subscriptions had to reflect this, people tried to piggyback free servers across the world but these are generally hacked or illegal servers which carried substantial risk to your personal data.

Smart DNS threatened to change this, instead of relaying your entire connection through a server in the required country it merely redirected a few packets to fool the geotargeting of the target server.  When you connected to Netflix – Smart DNS could fool the server into thinking you were in the UK, US, Australia or Japan with only a few misdirected packets of location data.   This meant it was fast, and secondly it was also much cheaper as the bandwidth costs of the Smart DNS supplier were much smaller.

All looked great but, the warnings have been there for some time that Smart DNS might not be so future proof.   Firstly it stopped working on many different media devices like the Chromecast or Roku where mysteriously the applications started to enforce public DNS servers. This meant that you could no longer specify your own DNS settings which effectively stopped you using Smart DNS. This caused problems however, particularly with speed where millions of devices where suddenly using public DNS servers like Google’s 8.8.8.8 server presumably without financial compensation, this issue slowly disappeared.

huluipblock

There’s no doubt though particularly for media companies like Netflix and Hulu, Smart DNS are in their targets.   Yesterday I tried my two Smart DNS accounts to try and get access to the Japanese version of Netflix (which has some great movies on it), all my attempts failed with the simple message – ‘blocked’ despite having worked fine the day before.  Specific IP addresses are simply being blocked from accessing the Netflix and Hulu services, it’s blunt and unsophisticated but it works.

The reality is that these global media providers are coming under increased pressure from the movies companies to block the use of circumvention particularly Smart DNS.   The reality is that it costs them money if they receive a fee for licensing the movie in a particular country and then millions of people end up watch it all over the world.

Of course they can do this with VPN and proxy servers, simply block access from specific IP addresses.  Which is why it looks like staying low key and using a more discrete service is a sensible option.  Some of these bigger VPN companies market very aggressively and directly promote specific TV stations, sporting events and TV channels in their advertising.  This makes them instant and high profile target for IP blocking, it’s probably best to avoid these companies – particularly for long subscriptions.

Identity Cloaker, is certainly worth a look – marketed only as a security product it’s been working for many years by deliberately keeping a low profile. Is it the end of Smart DNS? Well in some ways it’s more vulnerable than VPNs but only time will tell if it lives on.

Post

Looking for a High Anonymous Proxy – Some Thoughts

If you’re looking for a super secure, highly anonymous proxy then it can be rather confusing.  After all what does constitute such a server, there are no real definitions only opinions.

The first thing to be aware of is that if someone just adds the word secure or highly secure to their description it means nothing.  There are literally thousands of one page proxy servers running as default installations on some free web hosting space which describe themselves as secure – they are not.   To keep a proxy secure needs time, technical skill and a very real commitment to keeping the infrastructure secure.

For instance, there are loads of people running proxies who never even consider the question of which user context the proxy should be running in.  It’s actually very important but surprisingly a huge number of people run their proxy services as root.

This is a very bad idea, not only does this potentially give an attacker a very real chance of obtaining complete control not only to the proxy but the server it runs on.  The slightest bug or vulnerability in the service can be exploited – there goes the server, the data, user accounts and logs.

A Step Towards a Properly Secure Proxy

Someone more security aware might run the proxy service in the context of the ‘nobody’ user.   The advantage of this account is that it has no real administrative rights or privileges and there the integrity of the server is maintained even if the account is compromised.  It does have some rights though and can access public directories and any other directories or services running in the ‘nobody’ user context.

But the real secure way is to create a dedicated user account specifically to run the proxy server in.  It would have no other function and importantly no other rights or permissions applied.   This protects the server, the logs and any users data that may be on the machine.  It’s a simple point but a fundamental step in running a truly secure proxy server and giving you a secure IP address to use – 99% of the proxies you find online won’t be set up like this.

The unfortunate thing is that people tend to imagine that a proxy server that obscures your IP address adds a level of security and anonymity automatically.  This is simply not the case and a badly configured proxy is far worse than using no proxy at all.   Remember that when you use a proxy server all your data is diverted through that server and everything is probably logged too. It’s a huge risk using a badly configured server, whether it’s meant to be a simple porn proxy or highly secure VPN!

The security of the proxy server is really dependent on the technical expertise of the people who set it up and run it.  You’ll never get a secure proxy server for nothing simply because professionals don’t work for free. Kids running proxies on free web space who have no concept of security – do however.

Updated Content and Tags – May 10th, 2013

Aside

The Truth About Proxies

If you search on the internet you’ll find many proxy sites including plenty of USA based proxies – usually they consist of loads of adverts and a little slot in the middle of the page where you type the website you want.

These sites promise you the following –

  • security
  • anonymity
  • ability to bypass firewalls
  • ability to bypass content filters

In reality you’ll normally get none of these although to be fair there are some benefits.  Here’s the truth about these proxies and the claimed benefits to help you make your own decision.

Security

If you’re really concerned about security and your privacy then the answer is don’t use these websites.  certainly never use them to access any site that requires passwords or personal credentials.  These sites normally are set up quickly and easily using a proxy software called Glype.  This is simply installed on some cheap or free hosting account and surrounded by adverts in an attempt to make money.

Of course there’s nothing wrong with that but be aware the server is not secured, they are also not highly anonymous and there will be no mention of what happens to the logs and you are trusting that website with whatever data you send through it.  In reality all you are doing is adding another risk to your browsing.  There are some malicious web sites which exist just to steal any credentials that are sent through it.

Anonymity

The claim for anonymity for these sites can be partially true if they are configured correctly.  What they can protect from is the web site you are visiting storing your IP address in it’s logs.     The main problem with trying to stay anonymous on the web is two fold – firstly your browsing is logged in its entirety at your ISP, secondly it’s all in clear text so is readable by anyone.

The proxies will sometimes stop your IP address being logged at the web site you visit – that’s it.  But in exchange it will be logged on their server which may well be run by a 16 year old in his spare time.

Using Proxies to Bypass Firewalls

This can work in a particularly lax environment but in those cases you probably won’t need a proxy server!   If the firewall just blocks access to specific IP addresses or URLs then this might work.  However most environments are rather more sophisticated than that.  Also the majority of web proxy sites are themselves blocked anyway.  They can be useful in countries with basic blocks on popular sites like Facebook and YouTube for example.

Using Proxies to Bypass Content Filters

This is a complete non starter as no web proxy will have the slightest effect here.  The problem is that although a content filter also looks for specific web sites, IP addresses and content to block it actually looks at the request itself.  Most filters look inside the packet themselves so proxies will have no effect whatsoever apart from getting you flagged by the IT Admins for trying to circumvent any restrictions.  There is only one way to bypass a sophisticated content filter and that’s to use a concealed proxy server plus encrypt all your data.   The encryption means that the content filter can’t look inside the packet and work out the destination. So if you don’t want to have every thing you do online logged and recorded by your ISP and/or employer then encryption is a must. It’s often used when people access pornography online – particularly popular in the middle East where a porn proxy are standard because of the various blocks implemented by the Governments.

Updated –