Do I just hide my IP address?

NOTE:  Below is an article by one of my friend who runs the company which produces the product Identity Cloaker .Its a decent product providing good protection. But I am reproducing this article below as it gives a good primer about what you really might be considering as anonymous surfing is not so afterall!

HAPPY READING - James

There is a perception about anonymous surfing online, it is that all you need to do is hide your IP address and you have protected your anonymity. I'm afraid this is very far from the truth, there are I'm afraid many different facets to protecting your surfing and masking your IP is just a part.

Of course it is relatively straight forward to hide your IP address from some people, for instance the web sites you are visiting. All you need to use is a proxy server which acts as a buffer between you and the web site. However there are a few points to consider about the proxy server you use.

Anonymous Surfing Online - a Proxy Checklist

• Is the proxy configured correctly? There are many different types of proxies, many of them offer no protection whatsoever and pass all your information on in their headers.
• Who runs the proxy? The normal configuration of a proxy server will mean that you are sending and trusting all your data to the proxy owner.
• How is the proxy server run - what about logs? The proxy network I use delete it's logs instantly - do you know what happens to your logs?
• How is the proxy funded? An important question, if it's a free proxy - why is it being run? Who is paying the bills and why?
• Is you data safe ? Beware many proxies are run by identity thieves, who realise if you control a proxy server you control all the data that flows through it.

These questions are important, proxies are used by employers to monitor and track internet usage of their employees. If you are using one on your home connection, make sure it's secure. If you aren't sure, then simply don't use that proxy.

Anonymous proxies can offer increased security, they can offer some anonymity on the internet - but only if chosen correctly. There are many, many programs both free and paid for that merely mask your IP address by scanning and pointing your data through free anonymous proxies on the internet. This is incredibly foolhardy, a proportion of those free proxies are run by hackers, identity thieves and even governments. They are left open merely because it is the easiest way to steal someones data by having them send it to you through an anonymous proxy !! So play safe and you can enjoy anonymous surfing online, look for a professional product and make sure that they also encrypt your data through a VPN or SSH tunnel.

Ixquik

Has anyone checked on Ixquick (www.Ixquick.com). This is a fairly new search engine created by the Dutch. They claim to be the world's most private search engine, and do not store any of the seach parameters or IP addresses.
Again in my test run, it looks like early days with respect to the quality of search results atleast. Still some way away from prime time. Check it out.
-Jd

Setting Up Transparent Proxy

This is an excellent article on setting up a transparent web proxy and Anti-virus check and URL backlisting. Republished with permission from Fulvio Ricci. Many Thanks.
-Jd

The purpose of this document is to describe the creation of a Web Proxy with antivirus check of web pages and site blacklisting/whitelisting. The document is divided into the following sections:

• Why use a web proxy with antivirus check?
•  Transparent Proxy Mode
•  Configuration and activation of the proxy service

    

Why use a web proxy with antivirus?

Web pages are more and more frequently the means by which worms and viruses are spread on the Internet. Websites, whether intentionally or because they are vulnerable and are therefore modified without the knowledge of the legitimate authors, sometimes have executable code references that can infect users' computers. Moreover, the situation has worsened since a number of vulnerabilities in the image display system has allowed viruses to be carried in JPEG files. Lastly, the growing use of Java applets is increasing the number of multiplatform viruses spread via http and operating regardless of the platform (PC, palmtop, mobile phone) or operating system on which they work.

The best solution for this type of problem is to provide all client devices that connect to the internet with a good antivirus program with real-time protection, checking every single incoming file. However, this may not be enough for two reasons: no antivirus program, even those having signature self-updating mechanisms, can provide a 100% guarantee against every virus; real-time check of content entering is considerably burdensome in computational terms and particularly on devices whose performance is not too good, it can slow down the system to the point of making users disable antivirus real-time protection.

For these reasons, virus check is increasingly done upstream, before potential viruses are able to reach the user's client. In other words, centralized antivirus systems are used on servers offering a particular service. The most widespread example is that of e-mail servers, which have a system that analyze incoming and outgoing messages via SMTP and scan attachments for viruses. In this case, application of antivirus check on an SMTP gateway is quite natural, since e-mails are obliged to pass through it, before reaching the user's inbox.
For the http service, this is not so insignificant, since a LAN client may potentially connect directly to any of the web servers available on the Internet. The solution to this problem involves introducing an application-level gateway to the LAN to collect client http requests and forward them to the relevant web servers. This application gateway is called a Web Proxy and since it is capable of interpreting the http protocol, it not only filters on the basis of URLs, but also breaks down the content being carried (HTML, JavaScript, Java Applet, images, ...) and scans it for viruses.

One of the most common functions of proxies so far has been web caches, that is, the archiving on disk of web pages that have already been visited, in order to accelerate display of the same URLs for later requests. The purpose of this is also to reduce bandwidth consumption on the Internet and one of the best-known proxy systems, capable of performing web cache functions is Squid, distributed with Open Source license.

Transparent Proxy Mode

One of the biggest problems when using a proxy server is that of configuring all web browsers to use it. It is therefore necessary to specify its IP address or host name and the TCP port on which it responds (usually port 8080). This could be burdensome in the case of LANs with numerous users, but even worse, it might not guarantee against users removing this configuration to gain direct access to the web, thus avoiding antivirus check, access logging and blacklists.

To solve this problem, you can use a Transparent Proxy mode which involves automatically capturing the client requests on TCP 80 port. Obviously, to be able to capture these web requests, it must be configured as a network gateway, so that client Internet traffic goes through it. It will automatically capture http requests whether this is a level 2 gateway (bridge between Ethernet, WIFI or VPN interface) or layer 3 gateway (router). It is nevertheless important to specify on which network interfaces or IP subnets these requests are to be redirected. This is done by adding so-called HTTP Capturing Rules

 There may be several reasons why it is necessary to exclude the intervention of the transparent proxy on some clients and some web servers. For example, one web server may restrict access only to clients with a certain IP on its ACLs. In this case, if the proxy captured requests to the above server, it would be reached via its IP and this would prevent access. On the other hand, it would not be possible to authorize the IP address of the proxy on the web server's ACLs, since this would mean allowing indiscriminate access to all clients using the proxy. It is clear, then, that the only solution is to avoid the capture of requests by the transparent proxy.

Configuration and activation of the proxy service


Configuration of the proxy service with antivirus check is very simple. After configuring the  box to act as a router and after configuring it on the clients as the default gateway, or configuring it as a bridge and interposing it on a point of the LAN at which traffic flows to and from the Internet, simply enable the flag [Enabled] so that the proxy can start working. As mentioned in the previous paragraph, the web requests that are actually intercepted and submitted to the proxy are those specified through configuration of the [HTTP Capturing Rules].


Proxy configuration web interface

Note that, start-up of the proxy service is very slow compared to other services, and on hardware that is not very fast it can take up to 30-40 seconds. This is due to the need of the ClamAV antivirus libraries to load and decrypt a large number of virus signatures in their memory. To prevent this from blocking the web configuration interface and start-up scripts for long intervals, the service is started asynchronously.

Acess log and privacy
Being an application gateway capable of interpreting http requests, in order to work correctly, a web proxy decrypts the URLs visited by users. By default, this information is not  sent to  the system logs, which, if associated with the IP address of the clients requesting web pages, can help to trace the content visited from the users.

Moreover, it is important to be aware that, as enabling the NAT on an Internet access router, each client external request is made by the router itself, in the same way http requests passing through a proxy appear to be made from the IP address of the proxy server. This may cause difficulties in tracing the identity of a user who has performed illicit actions on remote servers. A possible solution to this problem, which is less invasive in privacy terms, could be to activate logging of the Connection Tracking. In this way, any TCP/UDP connection is recorded in the logs showing the source IP, source port, destination IP and destination port. Hence, it will not be possible to track the content of user activity, but a trace will be kept of connections made. Again, in this case it is necessary to consult local legislation before enabling connection tracking.

Antivirus check of images

For a long time it was thought that a file containing a JPEG or GIF image could not contain a virus, because it is simply made up of data formatted in a preset format, interpretable by the viewing system of the operating system. Recently, however, some image rendering components have shown that they are vulnerable if they are not updated with patches. A suitably constructed image could create a Buffer Overrun and execute arbitrary code on the system. It is easy to understand the seriousness of this, given that most hypertext content on the WWW is in image form.

Website blacklisting and whitelisting

It is often necessary to block the display of a number of websites since their content is considered unsuitable for the users of the web service. An example is adult-only material, which should not be displayed on computers to which children have access. One very effective solution for this problem is forcing web clients to access the Internet through a proxy, which, through Content Filtering software such as DansGuardian, examines the content of html pages blocking those thought to belong to an undesired category. The mechanisms of these filters can be compared to those of antispamming systems. Unfortunately, however, it is not clear whether the DansGuardian release licence is compatible for integration within a system  and, hence, it was not used in order avoid the risk of licence violation.

Configuration of the web proxy blacklist


Blacklists and whitelists consist of a sequence of URLs arranged on distinct lines. Each line may correspond to several web pages when the * character is used. To block the site http://www.example.com place www.example.com/* on the blacklist, whereas the line www.example.com, without *, would only block the home page of that site.
The whitelist has priority over the blacklist. In other words, if a web page corresponds to a blacklist item and, at the same time, is found on the whitelist, access is allowed to the page.
Moreover, note that the purpose of the whitelist is not only to allow access to pages that would otherwise be prohibited by the blacklist, but also to bypass antivirus check. Please take careful note of this.
If the LAN administrator wants to adopt the policy of providing access to a limited number of sites, s/he can specify the */* line in the blacklist, which will prevent access to all pages except those included on the whitelist.

Testing proxy and antivirus function

There are basically be two reasons why the proxy might not work correctly. First of all, it is necessary to ensure whether the  box is configured as a router or a bridge, and also that traffic to and from Internet actually goes through it. Secondly, you must be certain of the correct configuration of the [HTTP Capturing Rules], which determine which http requests are actually redirected towards the proxy process (havp listens on 127.0.0.1:8080). In particular, if http request capture is imposed on a network interface that is part of a bridge, you must be sure that at least one IP address has been defined on the latter.
The easiest way to check whether the proxy is working correctly is to temporarily enable logging of all accesses and display the proxy log after requesting the web pages of a client.
Once certain that the proxy captures the web requests as expected, check that the ClamAV antivirus software is working correctly. To do this, first check on the freshclam logs that the signatures are updated regularly. Then, go to the URL http://www.eicar.org/anti_virus_test_file.htm to check whether the EICAR-AV-Test test virus (said to be harmless by the authors) is captured and blocked.
Lastly, note that the proxy cannot serve https requests (http encrypted with SSL/TLS) given that, not having the private key of the web server, it cannot decrypt the content and the URLs of this request encapsulated in encrypted tunnels.

List of some current Players in the market

Hi All,

Below is a list off some players in the market who currently offer either the capability to surf anonymously or Proxy Server capability. I have not verified all of them or tested them in detail either. So, please don't take my work for any of these.

-Jd

Anonymous proxy servers: Necessary or evil?

Hi There,

I recently came across this very good and well researched article on the use of Anonymous proxy servers. The author argues both side of the debate: Are anonymous proxy servers Good or Evil?
Enjoy this article from Techworld here
Cheers till next time.
-Jd

Proxify

As part of looking around for tools and services I came across Proxify (www.proxify.com). I ran some tests and generally poked around. Looks like a pretty good service, not too expensive for those who are really looking around for a reliable proxy service. Don't take my word for it, neither is a recommendation, but definitely worth a try if you are interested. - www.proxify.com

-JD

How does a Proxy Server manage different Protocols?

You can find a proxy server in many forms on the internet,but they all face similar challenges in how to handle the different protocols that are being used on the internet.

A proxy server typically operates at the Application layer of the OSI model and typically has two ways of handling protocols - either be proxied or tunneled.

A proxy operating at the Application we basically means that the proxy server actually understands what is happening. At this point we can do neat things like filter the protocol, perform logging and operate access control.

If a proxy doesn't understand a protocol however it will generally just tunnel this information between the client and the server. This relaying happens generally with any protocol that the proxy doesn't have specific support for it, examples are things like SSL protocols which are normally just tunneled by most proxies (but many don't support SSL at all) including many of the web based proxies you'll find on the internet.

Examples of protocols that do operate at the application level and which are truly proxied are things like HTTP and FTP, also Gopher

From http://www.codeghost.com/gopher_history.html

"Gopher is a protocol system, which in advance of the World Wide Web, allowed server based text files to be hierarchically organised and easily viewed by end users who accessed the server using Gopher applications on remote computers. Initially Gopher browsers could only display text-based files before developments such as HyperGopher, which were able to handle simple graphic formats though they were never used on a widespread basis as by this time the World Wide Web and its Hypertext Transfer Protocol (HTTP) were gaining in popularity, and had similar and more extensive functions"

So, the important thing to remember for privacy is that ever piece of data you send through the web browser while using a proxy, goes through that proxy server. Please ensure that it is secure and managed properly

Can I encrypt connections to the Internet myself?

Well, this is a interesting topic and yes, well within the realms of possibility for one who is reasonably technical.Using a commercial service will cost you some money and if you do it other wise you are going to sacrifice in speed.

Now lets talk about a nifty little tool that can be used on either windows or linux to encrypt your communications.

Typically, the problem with most protocols is that they are simply not designed to be secure and many do not have a good idea of encryption or SSL. This tool called "Stunnel" actually allows you to encrypt TCP connections within an encrypted SSL tunnel
You can then use it to encrypt unsecure protocols. So this works by either receiving unencrypted data and sending it on to an SSL server or receiving encrypted data and sending the decrypted data to a port on another machine.

Almost all connections can be secured using stunnel. Below is an example of making a VPN over PPP using Stunnel, which is part of the functionality you'll find in Identity cloaker, introduced in a earlier post

Setting up VPN ove PPP

Give it a Whirl!

Yauba - Search Engine

Yauba is an search engine letting you search the internet safely and anonymously. While major search engines (e.g. Google, Yahoo) collect information on browsing habits of their users, Yauba supposedly ensures absolute privacy and doesn’t collect any personally identifiable information (visited websites, search history, IP address, physical location… etc.) on its users. All records are automatically deleted from their servers.

Features:

    * Provides you with anonymous searching.
    * No user records are stored on the servers, all information is deleted.
    * Search the whole Internet or search only blogs, images, PDF files, social networks etc.
    * Visit external sites anonymously through Yauba’s proxy servers.
    * Similar tools: CTunnel and Prime Proxies.

I tried their search engine, though the "anonymou" implementation seems reasonable, the search results are not up to scratch. Maybe things will improve over time. Take a drive and check it yourself if  you feel so inclined at :www.yauba.com

So, what is a secure anonymous proxy?

There is nothing exactly like that or find one for free on the internet. But you can keep these in mind when looking for a proxy server.


You cannot simply add a tag like say, Elite or High Anonymity to the description of a proxy server and expect it to be secure. This probably sounds obvious but I have personally checked a huge list of supposedly 'Elite proxy servers' and to be honest no one could have configured them more securely.

Lets consider one of the very basic premises of running a secure,anonymous proxy server, what context is the proxy service running in. Do you know this about on proxy servers you have used?

The absolute worse thing you can do is run the proxy service as root, yet many are configured in just this way. The problem is that any bug or vulnerability with the proxy server could lead to the compromise of the whole machine. The root account gives complete control of the server, and with it all your browsing, all your logs and any traffic you send through that proxy. This sounds simple knowledge, but you can find that many 'free anonymous proxies' that appear in the net are configured exactly like this.

There is a common alternative which runs in the context of the user 'nobody". This is much better as the account has no special privileges which could put the server at risk. But neither is it a suitable configuration for a high anonymous proxy and the reason for this is that the account will still have some read and write privileges over public areas and directories. It will also have some rights over all logs created in the context of the 'nobody' user meaning potentially all users of the proxy have potential access to all the proxy logs and files created by this user.

The most secure alternative is where you can expect to see on any highly anonymous proxy,also where each user has a specific user ID for using the proxy server. This user account should have no other access rights whatsoever, each proxy session would run in the context of this individual user. This protects the security, anonymity of every user of the proxy and secures their files and logs from other surfers using the proxy service.

Configuring an anonymous proxy is extremely important and one should be really careful. A badly configured and insecure proxy server puts all of it's users and their information at risk. Remember whenever you use a proxy server, you are creating a single log of all your browsing in addition to your ISP logs - if it is not secure you can be putting your security at great risk, in fact much more than not using a proxy at all. So, if you really want a high anonymous proxy make sure you get one.

Anonymous searching through proxy servers

Hi Friends,

Today i want to post about surfing anonymously behind a proxy server, the most common method used to hide searches

They are three basic approaches for anonymous surfing through the Net:They are: Web, Direct and Client. How do these differ?

Web proxy work through the Web (i.e cgi proxy or php proxy). You just need to visit server and surf through Web based proxy.
Your Ip address is anonymous and invisible to any site that you visit because you surf through web proxy that is located on certain server. Web proxy act as anonymous proxy server. You don't need to install or configure anything.Some server are slow and other are very fast. It is self-explanatory that you are anonymous.

Direct require the surfer to modify settings in the browser so that the browser specifically accesses the proxy server providing the anonymous services. Some of these proxies require that the surfer make the changes manually to the browser while others will modify the settings with the expressed permission of the surfer.

Client based applications software that must be installed on user PC.They act as a local proxy server on your PC and allow you to surf the Web anonymous protecting your privacy. There are many appz that allow you to surf anonymously i.e JAP, Tor, GhostSurf, Rutschomat, A4proxy, Multiproxy, ProxyRama... But remember that if you would to be anonymous while you visit website then you still need to retest and find anonymous proxy server inside your proxy list (exceptions are only JAP, Tor, GhostSurf, because they provide own servers for surfing).

Misinterpretation about proxy level:

The word levels has become unavoidable inside the proxy world but is there a reason to care about proxy levels? NO from me!
Proxy levels have been established from using a very popular proxy judge- environment tester that rates your proxy. We gonna to explain you the difference between the 5 proxy levels.

Proxy levels are graded so that 1 is the best level and 5 is worst. Proxyjudges judge proxies on the basis of the variables that the proxy server sends. The Variables that the proxies may send are:

• HTTP_VIA - parameter tells the web server that you are accessing it via a proxy server. The information contained in it tells the website something about the proxy itself, not about your machine.
• HTTP_FORWARDED - Shows the proxy address and port through which the request was made.
• HTTP_USER_AGENT_VIA - This is similar to the previous. In some cases this variable shows via what proxy the request was made.
• HTTP_CACHE_CONTROL ; HTTP_CACHE_INFO - The presence of either of these two variables can also tell the website that you are accessing it via a proxy. These variables contain information about the cache of the proxy server.
• HTTP_CONNECTION: Close - in most cases, connection type "close" demonstrates that a proxy server is being used (browsers use connection type "Keep-Alive")

Their is almost no difference between a proxy that is level 1 or 2 (1 and 2 also known as elite proxy) and the proxy levels other than level 1 and 2. Only difference is that other levels spill more and more variables. Here is an example of what a level 1 proxy shows to a web server :

REMOTE_ADDR = proxy IP
HTTP connection: keep alive

Other variable as:
HTTP_VIA , HTTP_FORWARDED_FOR, HTTP_CACHE_CONTROL are not determined

So very little info about other variables.. So from the point of a web surfer proxy levels means absolutly nothing if the proxy does not spills/show your real IP. Only rarely, in 5%, you may find problems if you use proxies that are level 3,4 or 5 and that's only if the website is configured to detect proxy server and prevent access to their site to anyone who use proxy.

The reasonsbehind it may be very different but in these cases scripts to detecting proxy variables have been installed and using any level 3, 4 or 5 may stop you from accessing their services. Because they check for variables HTTP_VIA , HTTP_FORWARDED_FOR, HTTP_CACHE_CONTROL and if they are detected they think that you use proxy and block you access. Only in this situation is the level of a proxy useful. 

So, do let me know what you think and whether you agree with me above. Will soon post on a different topic in this interesting area.