Proxy question

Discussion in 'privacy general' started by Bethrezen, Apr 29, 2004.

Thread Status:
Not open for further replies.
  1. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    Hi all

    being security minded I’m always looking for ways to make my online time as quick and secure as possible now one way of doing this I’m aware of is by using a secure encrypted proxy tunnel the only problem with such programs is that to me there complicated

    in the past I have tried various proxy programs like proxomatron but have found them to be some what overwhelming and generally not very user friendly and I’m wondering is anyone knows of a simple but secure proxy program that can encrypt my traffic

    also some info on proxy's to because I’m wondering if getting and configuring a proxy program like proxomatron is enough or do I have to actually select a proxy server to send my traffic through

    and if this is the case how do I know that the proxy server is actually doing what its saying because I know that there are a lot of scam proxy servers out there that don't do what they say and are in fact just logging your connection for what ever nefarious purposes or even worse have backdoors
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Well, the key question that has to be answered first is - encrypt your traffic from who's perspective? You need to specify in some detail what you are trying to accomplish in order to scope out a solution that will do what you really want done.

    Who do you not want to see your Internet traffic?

    Now, it can't be the websites you visit because if everything you send to them is encrypted, they won't understand it and won't give you any meaningful replies. (For example, we don't offer an SSL interface into these forums, so your traffic must be unencrypted by the time it reaches us. Most websites are like us and don't offer an SSL option because of the costs involved.)

    So, it is key to define your target audience here. From whose perspective do you want your traffic encrypted? Once you know that, you can look for solutions that reach from your PC, to some point just beyond the scope of that target group.

    A good example is if you want the traffic your ISP sees to always be encrypted... For that you must run encryption on your PC, via one of the many products available (as simply as an IE based SSL session), that connects (the secure tunnel you mentioned) somewhere beyond your ISP's network. Only there can the decryption be done if you don't want your ISP to see your data. But, wherever that point/place is (say a secure proxy server somewhere out on the Internet) from there to whatever site you are visiting, your traffic is again unencrypted.


    If an encrypted tunnel can't be done fully end-to-end, (ie. from your PC into the target webserver), then your only choice is a proxy server located somewhere on the Internet beyond your ISP's network, but before you reach the target webserver. And yes, you will be trusting them completely because from the backend of their server to the sites you visit, all the traffic is unencrypted again. They can see it as can the networks from them to the target sites.


    Be aware that the more complicated you make your connection, the greater the likelihood that it'll slow down and/or break along the way. (The more moving parts, the more chance for failure.) Encryption can slow things down a lot depending upon how it's done, as well as how busy "the other end" is (ie. that secure proxy server we mentioned above).

    Here is an oldie but a goodie regarding the "who do you trust" concept behind using some remote proxy service. It talks mainly about being anonymous, but the same thing applies to trusting them with your encryption, as well as your access logs.

    https://www.wilderssecurity.com/showthread.php?t=3582

    But, to your original question, tell us exactly what you are thinking - what you are trying to accomplish - and then people can advise you what they've done/used for that specific result.
     
  3. JBNymble

    JBNymble Registered Member

    Joined:
    Apr 27, 2004
    Posts:
    2
    Hi "~Everyone~",
    I don't think that Complete and ultimate "Anonymity" can be achieved. For this reason, the Internet was not created with "privacy or security" in mind. The concept was that "links" could be included in documents on one machine that could access documents on another machine. File-sharing. So without some way of identifying "where" to send the data, there would be no way for the server to know where to send the data. But with that said there are high levels of anonymity and security that can be achieved.

    (1). Your actual IP can be "Cloaked" from the "Destination Site" by using anonymizing remote proxies.
    (2). Active content can be disabled to stop IP retrieval "Scripts", Tracking Cookies, and "nosey temp files".
    (3). You can use Proxomitron/JakxPack to "Spoof" header fields to obscure Your Traffic and make it appear You are chained through Remote proxies that are "Spilling" Your host.
    "Click Here"
    (4). You can use an "http tunneler" and a Remote proxy to encrypt or make "transparent" Your data through Your ISP.
    (5). Host files, Firewalls ("Outpost" Firewall has DNS Caching)"Click Here", port-blockers and a host of other proggies can help.
    "J.A.P" was a really great program to chain with "~Proxomitron~" until it was "back-doored".
    "Just My two dracmas worth" :)
    Best Wishes,
    "~JaK~" =:)
     
    Last edited: Apr 30, 2004
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Bethrezen,

    JAP would be the best answer - it is a Java application that runs as a local proxy on your machine. You configure your browser to use this proxy which then encrypts all your web traffic and sends it to a server in Dresden (there are a few other servers available also). This server decrypts the data before sending it to the website concerned, and encrypts the response back to your PC. So websites do not see your IP address (they all think you are based in the Fatherland which can give some odd results for some sites :) ) and your ISP cannot see what URLs you are accessing.

    JAP did have a backdoor added (due to a court order from the Frankfurt District Court) but this was discovered (due to the client being open source) and the order has been overturned and the backdoor removed (see my previous post on this for more details).

    Proxomitron is a great web filter but it cannot provide anonymity or cloak your IP address in the fashion that JBNymble suggests.
     
Loading...
Thread Status:
Not open for further replies.