For many people, privacy and security are becoming one of the primary concerns of being online. It’s not surprising really, over the years the internet has become more and more important to people’s daily lives. We pay most of our bills, browse for insurance, research holidays and do our online banking. Lots of people even pay and submit their taxes online too particularly in many European countries. However despite how the role of the internet has changed, the fundamental security underlying the internet has not changed at all.
The problem was that HTTP – Hyper Transfer Transport Protocol, was never really designed with security in mind. Everything is transferred in clear text and ultimately traffic can be intercepted and read by anyone who makes the effort. HTPPS makes think a little better, however it is little more than a security add on to an unsecure protocol. It does add a level of encryption but it’s often badly implemented and open to various attacks. There have been increasing problems with relying on SSL (Secure socket Layer) particularly as it’s especially simple to break via client side attacks. The company Lenovo actually installed malware called superfish on it’s laptops by default which could intercept SSL transmissions and insert it’s own adverts, it’s that easy to break if you can access the client.
So what have people been doing? Well one of the options is to use a proxy service, however this again is fraught with difficulties. Using an insecure proxy for example is much worse for your privacy than not using one at all, and trying to use a free service will inevitably leave your data exposed to others. There are good implementations from companies who specialise in secure technology, this for example is from a company called Identity Cloaker who supply a UK proxy service to many thousands of people.
The key here is that the servers are secure, configured correctly and supported 24/7. Also it is is imperative that the proxies don’t keep extensive logs of connections and transactions, if they do – you are simply creating another source of personal details which can potentially be exploited.
The reasons that free proxies are so dangerous is simply because of their very nature. The vast majority of free proxies are simply servers that have been accidentally left open. For example they may be an application servers used by a college or company to perform some function, with an installation of IIS accidentally left on the server. The administrators will probably have no idea that the server is capable of operating as a proxy service and that people are using it. This obviously means that as you are using a server without the owners permission, you can be assured that others are using them as well and it is often a simple task to steal the data being transported via this server and remember SSL is not a defence in many situations.
Another popular use of these proxies is to access content that is not normally available from a specific location. You can actually use proxies to bypass these blocks to change computer ip address by hiding your real location behind the proxy server. It’s often used for example to watch the BBC iPlayer from outside the UK, or stream videos from Hulu to non-US residents.