How to Protect your Internet Anonymity and Privacy/Type of Proxy Servers

From Wikibooks, open books for an open world
Jump to navigation Jump to search

Type of Proxy Servers

Network Proxies[edit | edit source]

Many software vendors let you believe that there are huge numbers of free public proxies all over the world for you to choose from. Most of these proxy servers will be closed soon after they are discovered. Mostly likely the administrators did not secure their computer networks properly. Otherwise, they receive complains from victims of cyber attacks, or the servers are overwhelmed by traffic.

Simple proxies do not require special software clients. You just need to set your browser to use a specific IP address and port number. What you are sold is the software to scan the world for public proxies, a convenient way to handle a large list of them, and to switch over when the current one becomes too slow. The money is better spent on private proxy services, ideally avoiding paper trails on the payment.

Public proxies are largely obsolete because of their unreliability and restrictions. Most do not support the https protocol, and many do not allow posting. However, they are the only way when other reliable anonymity networks are banned, as at Wikipedia. If you discover a fresh public proxy fast enough, using it as the last leg of your proxy chain, you can safely publish the truth about your adversaries even if the server logs at Wikipedia are compromised. You are somewhat protected from the unknown operator of the public proxy when you run your browser or other clients over a virtual private network (VPN).

Web Proxies[edit | edit source]

Historically also called CGI proxies, these servers fetch the contents you requested, and display the contents at their website. You do not need to set anything on your browser other than filling in the URL you desired. They are convenient and restrictive at the same time. Because of the indirection, some contents are not displayed as intended. They can only be used for the http protocol, excluding instant message and email clients, unless you use the web based versions.

They are more reliable than public proxies as they are supported by advertisement. They often attract users by providing standard encryption, the https protocol that most browsers support. An encrypted proxy server has the same functionality as a VPN if you are just using the browser. Both avoid spying by your ISP, but it is unavoidable that the proxy or VPN servers can spy on you, unless your communications are end-to-end encrypted.

A major attraction of web proxies is the ease of chaining. No matter what and how many proxies you are using, as long as you can browse the site of the web proxy, you can add another proxy in the chain. Though the chaining of two or more web proxies is tricky if at all possible. For an encrypted proxy, the preceding proxy stages do not know the requested URL and content, and the encrypted proxy itself do not know who made the request.

Also, you can have one browser tab for encrypted proxy, and other tabs for normal browsing without filtering insecure contents.

There are special tricks to detect that visitor is using an anonymous proxy server. See Proxy Cop.

Virtual Private Networks[edit | edit source]

By encrypting the internet connection between your computer and the server, a virtual private network (VPN) provider turns part of the internet, including your computer, into their local network. A VPN can provide any service that a typical local network has, such as storage. Since you are not directly connected to the internet anymore, as a minimum the VPN provides internet connectivity independent of your ISP, allowing you to hide your own IP. Unlike http or socks proxy, VPN encrypts all network traffic, including instant messengers, IRC and Skype.

The advantage of VPN is that, even though your browser uses a proxy server, it's plugins like Flash, Java do not. They have the same privilege as external applications, and so does Firefox add-ons. All these external applications need to do is to "ping" their own server and log your system IP, which is typically the IP from your ISP. This is irrespective of the proxy setting in your browser. A VPN changes the system IP to an internal value, which hides your true IP.

With a VPN setup up, the other place to get your external IP is from your firewall/router, if it supports Network Management Protocols.

Typically a VPN client creates an additional virtual Ethernet network adapter. All your external traffic will be routed through this second adapter, encrypted, repackaged, before sending off via your real adapter. The advantage is that all Internet clients, browsers, email and chat clients, use the VPN without modifying any settings.

For anonymity, the most attractive feature of VPNs is that you can run any other types of proxy client on top of it, adding one stage to the proxy chain. Your adversary has to obtain and correlate one more stage of server log, reducing the probability of successfully tracing you.

There are many paid VPN services such as, and BlackLogic, who charge on a per month or per year basis. The paid services usually have no limitations unlike the free options. Currently Hotspot Shield is free, relatively fast, supported by banner advertising. It is based on OpenVPN, available for Windows and Mac only. The VPN client is installed and executed just as any other programs. The major security risk of Hotspot Shield is that, when the free service is overloaded, the client is being disconnected without warning, other than a small icon turning red. Internet traffic will automatically avoid the disabled adapter, using the original adapter instead, without any disruption. Any other types of proxy will cut off internet traffic when they fail, which is the only desirable feature for anonymity.

AlwaysVPN is a prepaid VPN service. It is compatible with OpenVPN and is available on various popular operating systems including Linux. It appeared that the Linux version is faster. DNS requests are resolved by OpenDNS with a rather restrictive filtering selected.

While most VPN providers charge monthly or yearly fees, K-Secure VPN is a product that users pay only a one time charge ($49.95) and use it forever. It runs natively on all Windows operating systems (both 32-bit and 64-bit) and Linux (32-bit only). In addition to building VPN the traditional way, K-Secure VPN can also be used to protect only a set of network services based on an easy-to-use RULE system.

It is easy to setup your own VPN in the cloud such as the Amazon Web Services. On 2010, Amazon announced a free one year period on many entry level services. Your ISP cannot monitor you as all your Internet traffic is through an encrypted tunnel. Your apparent IP will be that of Amazon. This IP is still traceable to your account at Amazon. And since your are the only one accessing your Amazon machine, your ID can be traced via three server logs - the web server, your VPN server at Amazon, your ISP.

In theory, it should be possible to tunnel a VPN within another VPN provider. Experimentally, it is not successful to chain two VPN's by just running them on the same machine. The use of a virtual machine, with a different VPN client running on each of the host and the guest does not work either. The problem with virtual machines is that you still need a license for the operating installed on them. So even though there are free virtual machines, you still need a free operating system like Linux.

When you are connected to a VPN, you are accepting other sharing users into your local area network, and you have no idea how the network is administered. It is important to check your firewall settings to prevent unwanted incoming connections.

Currently, the most untraceable VPNs use TOR, where all the network traffic is redirected to use TOR. This redirection can be done simply with the built-in system package iptables of Linux. Unfortunately TOR calls it "transparent proxy". It is so named because users do not need to set any proxy on any applications once the VPN is setup. But if the destination website does not accept TOR IP's, you can set the application, e.g., browser, to use a proxy, which will be the last proxy in the overall chain.