For many people, using proxies is an essential step to enable security and personal privacy. They will know that every time they use the internet for anything that a record is kept in many places about their activity. Often it’s just a small cookie or a record in a log, but at your ISP for instance there is a complete record of every site you visit, every file download and every video watched. This is where the authorities go for instance when they want to investigate something, your ISP.
So it’s hardly surprising that many people seek to hide some of this information, you don’t need to be an international jewel thief or extremist terrorist to want a little more privacy than is currently available to the average internet user – i.e none at all.
So then they look at proxies, and indeed a ten minute Google search will point you in this direction. The proxy server will sit in between you and the web site you visit, meaning that they cannot record your visit properly – only the proxy address. You’ll still get everything logged in your ISP though unless the connection is encrypted perhaps using a VPN or SSH instead.
But here lies a problem, proxies can offer a layer of security but only when they are configured and administered properly. If they aren’t then you are merely handing over yet another complete record of your online activity to another server. In fact it can be worse than that, lots of of the ‘free proxies’ available online are only put there to steal and harvest people’s data. Enterprising hackers will take over these open proxies and log all the data that is transmitted through them – looking for usernames, passwords and identity information that can be used to make them money.
The internet is swarming with free proxies, using the vast majority of them is a really bad idea. I logged into four the other week completely at random and all of them were completely insecure in fact two of them had the proxy service itself running in the context of the ‘root’ account – something only a real IT novice would ever do and extremely dangerous. The reality is that a server is only secure when someone is taking the time and effort to ensure it is secure – that knowledge and effort is rarely available for free.
However if you’re only using a proxy to stream video, perhaps from BBC iPlayer or another media site then perhaps a free proxy could work? After all there’s no personal data just a stream of video so what’s the harm?
Well nothing really, the problem here is much more about practicalities, all these free proxies are completely overloaded and run at a pitifully slow rate. Occasionally you’ll unearth a little fast gem that has escaped notice by the proxy scrapers – but it won’t be fast for long -rarely longer than an hour or so. Expect to spend more time looking for new servers than using them. If you can afford it then a paid subscription is definitely the way forward. Here’s one I recommend in this video – Fast Proxy Server.
As you can see the proxies in this program run very quickly indeed, if you want to stream HD or even standard resolution video or media then a slow proxy will make most un watchable.
I used to love Netflix, it’s different, has lots of great movies/series and it’s very easy to access using Smart TVs or my favorite the Roku. But this Summer they pushed me too far, I had ‘discovered’ the show – Lost about 8 years later than everyone else. I’d listened to everyone rave about this, glazed over as they discussed strange sound plots and completely ignored it – mainly due to the hype. Well one day I noticed it on my Netflix account and thought I’d give it a try, the rest is a story about obsession. For a few days I watch a couple of episodes a day – right up to my vacation. I couldn’t wait to get back to complete the series but when I returned it had gone !!!!
Lost no longer appeared anywhere on the listings, a search revealed it was ‘unable to stream’. A Google search revealed lots of very upset people like me, stuck on an episode somewhere, stranded at some cliff hanger movement and now we were all ‘Lost’.
No warning, no countdown enabling you to take a few days off work and cram them in. One day Lost was there and the next day it had completely disappeared, what a wonderful way to treat your customers! Well a little research, led me to a few conclusions – firstly the show had only actually been removed from the UK Netflix, secondly Lost was still streaming on the US version and lastly my account would work on US Netflix if I had an American IP address.
So here’s what I discovered –
The truth is that if you use IP cloaking software like Identity Cloaker and hide your real IP address – you can be watching US Netflix irrespective of your real location. If you haven’t checked it out, then you’ll also discover that the US version had loads more shows and films – usually much more up to date stuff too. So it doesn’t matter if you’re in Canada, Germany, UK or Italy then you don’t have to stick with the version of Netflix you have been assigned you can pick your own.
You don’t need to open a new Netflix account, they seem to be global but just redirected to the country you are in.
Most of the blocks, bans and filters online are based on your location. It’s slightly ironic that the internet was meant to bring us all together, yet most of the world’s media sites are working out ways they can block people from different locations.
Anyway the vast majority of these sites simply look up your IP address when you connect before deciding if you watch or not. So for example to watch CTV the Canadian broadcaster, you’ll have to be based in Canada or connect from a Canadian IP address.
Unfortunately it’s difficult to control your real address as this is assigned to you when you connect to the internet by your ISP. Although it will sometimes vary, it will always be linked to the country you are connecting from.
Fortunately, you can hide your real IP address by conencting via an intermediary – often known as a proxy or VPN server.
How to Watch CTV Outside Canada
Anyway the easiest way to see how it’s done is to watch this short video.
That’s all there is to it. Using a program like Identity Cloaker means you can swap your IP address with a click of the mouse whenever you like. Switch to a Canadian one for CTV, then back to a US address for Hulu followed by a British IP address for the wonderful BBC iPLayer – more here – www.iplayerusa.org.
If you want to do it for free, you’ll need to find a free Canadian proxy you can use and modify your browser settings to use it instead. It’s not hard to do but unfortunately it’s difficult to find the servers, proxies and VPN servers are very expensive things to run.
You can try it out by using the Identity Cloaker trial account – 10 days of CTV, Iplayer, Hulu or whatever you need to check it works for a few dollars – for the price of a coffee and sandwich you’ll be impressed I’m sure!
You know sometimes you just wanna share a song…….
It’s worth a listen….
Of course, if I said someone lived in a ‘bad neighborhood’ or was rejected for a loan due to a bad credit score then you’d all know what I mean. But in this ever increasing online world there’s another aspect to your existence that can have an affect on your life – and that is your IP address.
Your IP address is of course your unique identifier assigned to your computer when it’s online. It’s full name is internet protocol address and you can read the technical background on the wonder of IP and it’s role in TCP/IP here. But suffice it to say, that without this address it is impossible to communicate online, it allows you to visit websites, download films and DVDs and send emails and just about every thing else available on the web.
In fact your IP address will already partly affect some areas of your online experience. Have you ever been blocked from a site or video? Perhaps tried to watch something on YouTube and been told it’s not available in your country? Well that’s all down to the location of your IP address – mainly what country it originates from.
So if you do a quick search online, many sites will tell you that to find your IP address – just select command prompt type in the command ipconfig /all as I’ve done in the screen shot above. From this screen you might suppose that my IP address is 192.168.1.15 as circled. This is actually a private IP address and is only valid in my internal network – it’s not my real internet facing address. Within my house like millions of other people I have multiple devices like laptops, phones and PCs all connected through my internet connection, these internal addresses allow them to communicate through my single real IP address.
To find your real IP address, you need to look at the configuration screen of your modem or router, the device that actually connects through to your internet provider.
Here’s mine –
Well a bit of mine, obscured for privacy reasons ! This address is allocated by my ISP to my connection and all my devices will appear to the internet to be from this single IP address. So my son, downloading games to his Xbox will appear at the same address as my wife and I surfing from the same location – we all originate from the same single address.
About Bad IP Addresses
So although at any point in time, your connection will be the only one online using this particular IP address – it doesn’t mean you always have. If you can see from the screen shot – the address has been assigned dynamically from my ISP – who basically have a big pool of addresses which they allocate individually to their customers. All the addresses will be assigned from this database which are registered to specific providers and countries. This is how geo-targeting works – everyone knows which country an IP address is assigned to. Which is why you’ll need a US IP address for Hulu and a UK address for BBC Iplayer, anyone can look up which country and IP address is located in very easily.
Sometimes an IP address can be used to send out millions of spam messages, attack websites or download and share pirated software and films. Most hackers and spammers will normally try and use someone else’s address to hide their location – obtained via viruses and malware without the owners knowledge.
This is the sort of behavior that can find any IP address blacklisted – on some of the thousands of lists of ‘bad IP addresses’. Many of these lists have been developed to combat Spam and so mail servers across the world can block any mail received from them. Unfortunately IP addresses are routinely shared and reallocated to you can easily end up with one these being issued to your connection.
Common scenarios of being allocated a ‘bad IP address’:
Problems Buying Things Online
Ever tried to buy something online and found your payment couldn’t be processed? You might get some generic error message from the retailer saying it couldn’t accept payment or something similar. This may be that your IP address has found itself onto a blacklist somewhere. Frequently IP addresses are blocked if they’ve been used by online criminals perhaps with stolen credit card details or similar. Some of the spam lists are also used by big payment processors – some companies block addresses from whole countries, certainly a problem if you’re accessing the internet from somewhere like Nigeria.
Difficulty with Sending Email
If your address (or worst your mail server address) has been put on an internet blacklist you may find problems with emails. Maybe emails bouncing back undelivered often with obscure sounding error messages. Many of the big webmail providers like Hotmail and Yahoo will routinely block emails from IP addresses on the blacklists.
Accessing Websites and Forums
Internet blacklists are often used by many sites to try and prevent spammers and hackers accessing the sites. Many websites will automatically block access from IP addresses which try and login to secure servers for example. Here’s the message I get whenever someone tries to hack into one of my websites.
IP: 184.108.40.206 (CN/China/-) Failures: 5 (sshd) Interval: 300 seconds Blocked: Permanent Block Log entries: Sep 13 04:51:36 xenon sshd: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.127.116.11 user=root Sep 13 04:51:38 xenon sshd: Failed password for root from 18.104.22.168 port 6291 ssh2 Sep 13 04:51:41 xenon sshd: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=22.214.171.124 user=root Sep 13 04:51:43 xenon sshd: Failed password for root from 126.96.36.199 port 4974 ssh2 Sep 13 04:51:46 xenon sshd: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.8.131.52 user=root
You can see that after three failed logins, the system will now block any attempted access from that specific IP address. It wouldn’t matter if that IP address was assigned to a different person or location, until that restriction is removed you wouldn’t be able to view my website using that address.
There are further questions 0f course – how do I find out if my address is blacklisted? How can I change my IP address? Which I will try and address in my next post –
There’s lots of little fancy media streaming devices out now, but for many people looking for something quick and simple to watch online stations like the BBC Iplayer on their TV screen – then a good option is the Nintendo Wii. Many people already have these and they stream media as well as most commercial devices.
But of course just like your computer most of these online channels are restricted to the country they are broadcast from – so you need to be in the USA for Hulu, the United Kingdom for BBC Iplayer and so on.
It’s of course easy to bypass these blocks using a security program like Identity Cloaker on a PC, you just click on the country you want to be in, but can you use the same functionality on other devices such as the Nintendo Wii?
Well the simple answer is yes ! In fact you can switch the location of your Wii to any country where they have a server based – e.g. France, United Kingdom, USA, Canada or Australia for example – so use a US proxy site or a UK one depending on your needs. This also works for some of the other commercial VPN/proxy services, just ask their support desks for help.
So here’s how it works for watching BBC Iplayer on a Nintendo Wii in the USA by using Identity Cloaker.
Obviously you’ll need to connect your Wii to the internet first, which is fairly straight forward. If you’re actually in the UK then all you need to do is go to the shopping channel from the main screen and download the BBC Iplayer channel and that’s it.
For Anyone Outside the United Kingdom – it’s slightly more complicated as you won’t be able to see that channel available. First of all change your country settings –
Wii Options> Wii Settings> Country> Change to UK
This is what controls what’s in the shopping channel – when set to the UK you’ll be able to download BBC Iplayer, you can change it back after if needed.
However this won’t fool the BBC Iplayer website if you’re not in the UK, because it will check your IP address when you try and watch anything. To do this you have to hide your real address and connect using a server based in the United Kingdom.
I will do this using my Identity Cloaker account as follows –
- Go to the Wii System Settings Page and select the Internet connection tab.
- Select the connection you are using and scroll down to proxy server settings.
- Enable the Proxy Server and select advanced settings
- Pick one of the IP address of an Identity Cloaker UK server and use Port 4040
- Input Your Identity Cloaker – Username and Password
- Save Settings and then Watch the BBC
You can get the IP address and your username/password from the Identity Cloaker support team or it’s listed in the members area. If you’re using a different service just contact their support for the same information – as long as they accept authentication in this manner then they all should work.
At the moment the press is full of the stories of cyber spying, surveillance and the NSA whistleblower – William Binney. Fair play to the man, it takes courage to stand up against the NSA but he’s definitely not the first. This particular organisation have been spying on our internet traffic for years and the huge spying complex being completed in Utah is merely the centralization of a spying network which has been up and running for many years. I am of course referring to the infamous Room 641A in San Francisco which was brought to the public attention by another brave whistle blower – Mark Klein.
Mark Klein was a contractor like William Binney working in AT&Ts switching center – a major part of the US internet backbone, when he became aware of a particular room in this building run by the NSA. Room 641A had been set up as a network tap, with effectively all the internet traffic that passed through this center being copied and routed into this room.
Inside the high security of this room sat a device called the Narus STA 6400 – a device capable of intercepting and analysing huge amounts of network traffic. No prizes for guessing what was going on here then! Mark Klein, gathered some proof together and exposed the room and it’s function to the world, leading to a court case brought by the EFF.
William Binney has brought the story up to date, and demonstrates that the NSA have never really stopped gathering this data. Here’s the story from Democracy Now – (edited ‘cos they deserve a link!)
The reality is that this new facility is no real secret, nor the methods being utilized by the world’s security organisations. There were lots of ‘Room 641As’ all across the US and indeed the world, capturing, logging and storing details of all the network traffic on the planet. It was always going to happen anyway, at least while we used an open, distributed and shared network like the internet to communicate.
The Mark Klein episode was nearly a decade ago now, and obviously just rooms are not quite enough nowadays. There’s lots of talk about legality, permission and here in the UK the Foreign Minister insisting that legal due process is always followed. The reality is that it’s much, much easier for a security organisation to capture all traffic – emails, web browsing, phone calls, search enquiries and everything else than it is to selectively capture the communications of individual suspects. Far simpler to dump the whole lot into huge databases and then data mine, or search for the information you require. If they could somehow just harvest ‘terrorist related data’ then I’m sure nobody would mind very much but they can’t. The data is ours –
this data is your web history, your emails, your search history – what you do online – at anytime from anywhere.
Had a few drinks? Watched Zero Dark 30? Then proceeded to flounder around the web using lots of ‘terrorist keywords’ . Well it doesn’t matter if you’re a kitchen fitter from Manchester – you’ll raise a few flags on a database somewhere…..and it could very well be via PRISM and the NSA, who might mention it to GCHQ!
Anyone who would believe that all this data would sit untouched, unmonitored and unanalysed until it’s needed is I’m afraid sadly deluded. Effectively we’re all turned into suspects – the PRISM project and the huge UTAH surveillance center changes nothing except perhaps the efficiency and scope.
So that’s it, all semblances of privacy whilst using any form of electronic communication gone. Millions of people’s privacy waved aside on the chance of catching the odd terrorist now and again. Of course there is another issue there, there are ways of keeping your privacy even now such as using a VPN. The methods of using security products, VPNs, false IP addresses and encryption can ensure that your data is not accessible by these broad sweeping exercises. Of course this is what the terrorists will do, at least the ones with a half a brain cell between them.
Which leads to the conclusion that the NSA will most only be snooping on the innocent….
Another post for those missing their favorite TV channels just because they are outside their home country. This ones about accessing RTE from the US, or in fact anywhere that’s outside the Irish Republic. RTE player is a great little site linked to the Irish National broadcaster – RTE (Raidió Teilifís Éireann).
As usual though if you’re not actually in Ireland when connecting to the website then it won’t work for you, although you can access some of the radio content and sometimes the Irish news. I always think this is a bit strange as the people who will want to watch things like RTE and the GAA over the internet will mostly be Irish people living in places like the UK and USA!
So How Do I Watch RTE in the US/UK?
It’s not actually that hard to do, when you connect to RTE player the site determines your location. It does this by checking the location of your IP address – if it’s an Irish IP then fine but anywhere else and you get redirected to the international version of RTE player which blocks most of the decent shows and all the sport like GAA.
So all you need to do is change your IP address to an Irish one. It’s actually not that easy to change your real IP address as it’s controlled by your ISP and is linked to the country you connect from. Fortunately there is another way, and that is connecting via a VPN or proxy server, when you do this the web site see’s the servers address and not your real one. So if the VPN server is in Ireland, you will also appear to be in Ireland and all Irish only resources like RTE Player will work just fine.
There are quite a few companies who offer these services, but only a handful worth considering especially if you need an Irish IP address. Here’s the one I use a security program called Identity Cloaker. I like it because it’s well priced and has lots of fast servers in different countries which is useful for accessing sites like BBC Iplayer, Hulu etc which also block access from outside countries.
It’s a little program which sits in the taskbar and you simply select the country you need to connect to –
So for RTE we’d obviously select one of the Irish servers and then press connect. You then open your browser as normal, and when you visit the RTE player site, you’ll get the Irish version of the site rather than the International one simply based on your IP address.
Using the Irish server you can watch anything on the site as RTE considers your location to be Ireland.
It’s extremely easy to use and the servers are very fast which is essential if you’re going to be streaming video across them. You can also access some fantastic sites in other countries simply by selecting the matching country – try Hulu by using a USA proxy, BBC Iplayer in the UK or there’s some great online TV stations in Canada and France for example. They’re all included in the subscription which only costs a few dollars – here’s the program in action.
If you want to access RTE in the US then give them a go, you can get a 10 day trial here, which only costs a few bucks.
If you’re looking for a super secure, highly anonymous proxy then it can be rather confusing. After all what does constitute such a server, there are no real definitions only opinions.
The first thing to be aware of is that if someone just adds the word secure or highly secure to their description it means nothing. There are literally thousands of one page proxy servers running as default installations on some free web hosting space which describe themselves as secure – they are not. To keep a proxy secure needs time, technical skill and a very real commitment to keeping the infrastructure secure.
For instance, there are loads of people running proxies who never even consider the question of which user context the proxy should be running in. It’s actually very important but surprisingly a huge number of people run their proxy services as root.
This is a very bad idea, not only does this potentially give an attacker a very real chance of obtaining complete control not only to the proxy but the server it runs on. The slightest bug or vulnerability in the service can be exploited – there goes the server, the data, user accounts and logs.
A Step Towards a Properly Secure Proxy
Someone more security aware might run the proxy service in the context of the ‘nobody’ user. The advantage of this account is that it has no real administrative rights or privileges and there the integrity of the server is maintained even if the account is compromised. It does have some rights though and can access public directories and any other directories or services running in the ‘nobody’ user context.
But the real secure way is to create a dedicated user account specifically to run the proxy server in. It would have no other function and importantly no other rights or permissions applied. This protects the server, the logs and any users data that may be on the machine. It’s a simple point but a fundamental step in running a truly secure proxy server and giving you a secure IP address to use – 99% of the proxies you find online won’t be set up like this.
The unfortunate thing is that people tend to imagine that a proxy server that obscures your IP address adds a level of security and anonymity automatically. This is simply not the case and a badly configured proxy is far worse than using no proxy at all. Remember that when you use a proxy server all your data is diverted through that server and everything is probably logged too. It’s a huge risk using a badly configured server, whether it’s meant to be a simple porn proxy or highly secure VPN!
The security of the proxy server is really dependent on the technical expertise of the people who set it up and run it. You’ll never get a secure proxy server for nothing simply because professionals don’t work for free. Kids running proxies on free web space who have no concept of security – do however.
Updated Content and Tags – May 10th, 2013