proxy stuff again

Discussion in 'privacy general' started by eyespy, Sep 10, 2002.

Thread Status:
Not open for further replies.
  1. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Yet another question about proxies...
    Forgive me for being "thick headed" but I'm still unclear about some of the properties of using a Proxy.
    The main question on my mind is as follows......
    Using a Proxy server or a Web Based Anonymizer is supposed to protect the users privacy. It protects your privacy from the web sites you visit, BUT the anonymizer service knows your IP. So your Privacy is in the hands of the Anonymizing web site.
    Having said that, when a user uses Jap (or any proxy server), he/she uses a proxy server in Germany. Is your privacy protected from the proxy server in Germany (JAP) ? It would keep logs also ?
    I'm not sure I understand the concept of being "anonymous" if your "proxy servers" or "Web based Anonymizers" know who you are, where you are, where you've been, and at what time, even though your privacy is protected from the web sites you visit !!

    food for thought ??

    thanks,
    bill ;)
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Here's my simplistic view on this subject...

    In order to communicate on the Internet, the network packets have to be able to travel from end to end (i.e. from a client machine, with a valid IP address, to a server at the far end, with its address, and then back again). Without that ability, the Internet just won't work and people won't be able to use whatever it is that attracted them to going out there in the first place.

    So, how can someone get privacy if the end to end connection points must be known? Well, they can add levels of abstraction and complexity to the connection, which can make it more difficult for a specific site and its operators, to know who is connecting to them. Proxying sites are simply a level of abstraction. A third party who holds a piece of "missing information" as to who exactly is communicating.

    What use is this? If a person is visiting a place that they aren't sure about, especially if it's a matter of trust and privacy ("I don't want that specific website to see my IP address, but I still want to go there."), then a proxy site adds that level of abstraction and makes it all the more difficult for that site to track the person. They never see the true source IP address, they only see the address of the proxy site.

    In most cases, this is good enough to keep a person's visit secret. I mean, the server operators would need a good reason to go to the trouble to find out who a specific visitor was, right? Unless they can contact the proxy site's administrators and somehow talk them into relaying the actual source address, they won't ever know who it was that connected to them. So far, so good.

    So, the proxy site knows the real source address? Yeah, they do, of course. Can they be trusted? Who can say. But, if a person uses a large one, what are the chances that they are going to go looking for a particular person's connection data? Again, they'd need a good reason.

    For normal "private" surfing, the above probably "works as designed." A person can sail through an average connection in relative secrecy. I'd guess this would be of most value to people who have static IP addresses if they don't want a site to have easy access to who they are for fear of some sort of assault coming back at them. (What, maybe a denial of service attack because of some incident that occurred during the session? Who knows.)

    But, if something of importance occurred during the connected session, say something illegal transpired, then, yes, it'd be worth the effort for those involved to piece together the necessary records, which would identify the source system.

    Again, I think it really just comes down to adding the level of abstraction by giving some third party a piece of the needed information. Private and secret? No, not really. Just a little harder to track.

    Just my opinions. And, no, I don't use an form of proxy agent to help hide my address.
     
  3. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Hi LowWaterMark,
    And welcome to the Forum !
    Your comments are pretty much equal to what I was thinking. Your privacy is protected through proxies and anonymizers, but at the same token, your privacy is always accessible by the above noted.
    So...are the use of proxies really providing privacy ?


    Very good post by the way !!

    thanks,
    bill :)
     
  4. controler

    controler Guest

    It is a matter of who do we trust. The general public or the site hosting the service. Yes any evil person could host the server to gather all your info for whatever purposes. Selling would be the temptation...

    We have to trust someone though or maybe that isn't possiable to those that frequent these kinds of sites.. LOL

    I checked.. yup, I do trust myself today..
     
  5. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Hi Bill!


    Excellent post by LowWaterMark. I think he/she hit the nail on the head as far as the proxy just being a middleman and you are only being protected from your final destination.

    Just a couple of thoughts. After having read that post - now go back and read my replies (# 8 and #9) in the thread you started on the first of the month:

    https://www.wilderssecurity.com/showthread.php?t=3391

    It is as Controller said -- it comes down to who do you trust?

    I know this: If I am visiting FreeTheWhales.com through an anonymous proxy picked from a list, it is easy for the Whale people to find out where you really are. They pick up the phone, call and ask! The proxy server admin has no reason not to give him the information on who the originating IP was that visited this callers Whale site. Now, use the same scenario but let's say you went through The Anonymizer. The whale guy calls them and guess what? He's going to get a "Sorry, pal." Because you are paying for them to say that. That's where my reply #9 in the above linked thread comes in, and it's very important to all of this.

    Anyway, I thought that was a good post from LowWaterMark and I hope that if you combine that post with mine from the other thread -- it will all come into a little more focus for you.

    One other thing that deserves a thread of its own: the difference between privacy and anonymity. We use the terms like they are one and the same and, in fact, they are apples and oranges. The "Anonymizer" is not really anonymous. It's a misnomer. It's a "privacy" service. There used to be a service that was about as anonymous as one could ever want - and that was the original "Freedom" from Zero Knowledge back in the days of the nyms. Don't confuse it with the software they now sell which is just privacy software. But, as I said, while related -- it's a whole different thread.

    Good Luck!
    John
    Luv2BSecure
     
  6. Proxo Lady

    Proxo Lady Guest

    John:

    As always, very good. Since I first wrote you by email months ago, you have taught me more about computer privacy than anybody else I know. Eric Howes, here at school, is really good on many things but when it comes to privacy, you are IT. Thank you!!!!!

    I also appreciate your wife being so good to help me understand a lot while convalesing from my cheerleading accident. To be out for good with something I loved so much was a complete bummer of an experience. I don't know what I would have done had I not had my baby, my computer :) She really did help spark some new interests. You are both good people.

    MELISSA
    University of Illinois U/C
     
  7. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    You da' man...John !
    You da' man ! ;)

    regards as usual,
    bill :D
     
  8. Looks like you have this all covered.

    I just wanted to say howdy to LowWaterMark :) :) :). It was about time you came over to join us. Welcome and enjoy.


    Regards,
    John
     
  9. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Thank you, Melissa. You are a sweetheart. Glad to see you posting!

    Thank you for the nice comments. I know Tracy was more than happy to be of help when you wrote. The long email about your cheerleading accident which landed you in a wheelchair temporarily tore Tracy up. She knows a bit about that. I'm glad she could be of some support.

    Take Care,

    John
    Luv2BSecure
     
Thread Status:
Not open for further replies.