FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


How secure are anonymous proxies?





Traveller
A number of issues regarding proxies have been discussed here, but this is one aspect I have not seen: How secure are anonymous proxies for HTTP and HTTPS use?

Why do I ask? As many of you know, I am an American living outside the U.S. Well, there is a financial service I would like to access (one that I already know to be legitimate), but it will not allow Internet access from outside the States. If I use a U.S.-based, anonymous proxy, I AM able to access the site, but I have not tried sending any private info yet, since I am not sure how secure it would be to do so through the proxy.

Thus, my question is: how secure ARE these proxies, and could they safely be used for something that truly requires a great deal of security?

Thanks.
icedrakon
Ther are many programs that claim to be anonymus proxies i refer only to very few hide my ip, tor (very powerful), there is also a numper of plugins in firefox that called foxproxy but the best way it is too use another programm or service to test your proxy.... (a google search in proxy testing may be helful)

And The answer is no..
Traveller
Programs are not proxies: servers are proxies. Some programs can act as proxies on your computer, but they either do not change your IP address at all, or are actually just making use of some proxy server that's already out there. In Firefox, all one needs to do is to set the appropriate option to point to the proxy server one wishes to use.

Thus, the question is not how to use a proxy, but are anonymous proxies secure enough to use for personal financial information?
Vrythramax
I can't find any documentation on accessing secure sites via a proxy in your particular case Traveller, but speaking stricly personally...I do not trust any of these so-called anonymous proxy services....who knows what they are logging behind the scenes. At the very least they are logging what sites you go to, and the very most possibly keystrokes while on particular sites.

Better safe than sorry.
myrevolt
It is not recommended to transmit sensitive information through a proxy, especially one with an unknown admin. That being said I think what you want to look into is pgp tunneling. I am not very familiar with it myself, however this may be useful. Essentially the weakest link is whether or not the admin records the data; that is assuming of course that the data is encrypted somewhat and that you are not doing this over a wireless connection (airsnort?). Depending on that nature of it, if you have a trusted friend living in the US that can input the information on the site for you, that may be your best bet. Best of luck, true security is something that can never be truly obtained(/attained?).
Jaan
What about TOR onion? I've heard it is more secure than traditional proxies. Do you think the connections could be monitored?
Crosser
where do we get free proxies from. And what are SSl proxies?
Vrythramax
Crosser wrote:
where do we get free proxies from. And what are SSl proxies?


A simple google search for free proxies will give a pretty well defined list of available proxy sites. An SSL Proxy is basically the same as the others, except that it is routed through a secure server (which may or may not have a valid certificate....just because they say they are secure you should check it out), and the information is encrypted.
[FuN]goku
im not really sure on how secure they are..... but i use em anyways...... um... i prefer web based proxies... like hidemyass and.... stupidcensorship ... those are good... stupidcensorship gives better anonimity tho
darrenpaul
I honestly wouldn't trust one of those proxy's if it involves financial information
Vrythramax
I think the real question here is exactly how anonymous are you when using these proxy services? You have to connect to thier site, and type in the url you want to go to....does anyone really believe any of these services are just providing this service (and using bandwidth) for free, or are they saving your browsing history (extremely easy to do) and possibly sending your initial connection IP address to other marketing services to cover the cost of thier "free service"?
Traveller
Vrythramax wrote:
I think the real question here is exactly how anonymous are you when using these proxy services?


Actually, no. My real question was not about anonymity, but data security. In this case, I don't care if I am anonymous - only that my personal information remains secure between my computer and the website I wish to use.

Of all the things that have been mentioned, so far, TOR appears to be the winner, and some other people I know have also recommended it. TOR routes your request all over the place to achieve anonymity. More importantly, for my purposes, a separate utility called "Blossom" allows specifying an "exit country" - that is, the country of the last connection in the chain before allowing the signal to go to the intended destination site. In addition, TOR is also supposed to work with SSL (HTTPS pages). Thus, since there would be SSL encryption between me and the site, regardless of the route taken, my data should be pretty safe.

Right now, my problem is to figure out how to use Blossom. It is not very well documented, and I'm trying to do all of this on a Windows-based computer (I'm sure this would be a LOT easier on Linux, but that is just not available to me right now).

So, now, the REAL question has shifted from data security to getting Blossom to work. If any of you have experience with it (or figure it out after deciding to use it for yourself), please let me know. All I need to do is to make sure that TOR will exit from the U.S., so the website will think I'm in the U.S. and allow me to access my account.

Thanks again!
Agent ME
Doesn't the https protocol protect all the data in transit by encrypting it? Then it wouldn't matter if the proxy or anyone else is recording what goes through because of the layers of encryption.
alexdude
i wouldn't access a banking website through a proxy. Unless, you pay for it and it is a popular company.
friuser
I think the whole point of https is to secure your connection so a proxy doesn't really do much but hide your location and since that's not your intent there's no reason to use a proxy for https.

I always considered a proxy to be used to bypass blocked sites or prevent some sites from knowing where you accessed it from (by ip). it's nothing that can't be solved from installing your own phpproxy at home or a friend's broadband connection.

a http proxy isn't really mean to secure anything. that's what vpns and stuff are for.
Vrythramax
The virtue of a proxy, either by http or https, is that whatever site you go to after connectig to the proxy can't get accurate IP information...but the proxy site itself does have your IP, and possibly your browsing history that can be sold to any number of Internet marketing companies. A free proxy has to make it's money somewhere...it's kind of a stretch of the imagination to think they are providing the service for free or simply by placing ads on thier index page.
Traveller
friuser wrote:
I think the whole point of https is to secure your connection so a proxy doesn't really do much but hide your location and since that's not your intent there's no reason to use a proxy for https.


There is if the site you wish to access will not allow connections from your country, as stated in my original question.
friuser
right. but your question is whether it is secure or not. which I've answered as well as others. it's not secure.

actually to clarify. it can be somewhat secure if you connect to the proxy service through https but you need something like a vpn ssl service to be really secure.
Liu
friuser wrote:

actually to clarify. it can be somewhat secure if you connect to the proxy service through https but you need something like a vpn ssl service to be really secure.

I don't really think connecting to the proxy via https will really make it anymore secure aside from third party eaves droppers ie man in the middle attacks. The whole point was that the proxy is the one in question about whether you can trust it or not.
Agent ME
HTTPS is a protocol based off of HTTP which uses strong encryption and authentication schemes - even if the proxy recorded every piece of data that went through it, and published it to the world to see, the most anyone would probably be able to make of it would be what website you connected to.
Related topics
FTP program
Why use IE?
How To : Secure Your PHP Website
FTP problem
How do i set up a secure socket layer SSL?
Anonymous FTP...
You can find new proxy address at here
Scripts for Fri$'s
alternatives to adsense
FTP help [RESOLVED]
Non-US Web Proxy
Tutorial on Anonymous Surfing
Software for anonymous IP address
youtube - Video not available in your country
Reply to topic    Frihost Forum Index -> General -> General Chat

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.