RE: proxy questions

Discussion in 'privacy technology' started by Uitlander, Mar 12, 2019.

  1. Uitlander

    Uitlander Registered Member

    Joined:
    May 16, 2010
    Posts:
    156
    Location:
    Albany, CA
    1. Do proxies in any way hide or obscure ones activities from your ISP? I keep finding conflicting answers on this, so hoping someone here can give a definite one.

    2. Will an 'HTTP proxy' really strip the SSL from all HTTPS connections, and allow one to access those URLs as an HTTP connection? How about a SOCKS4 proxy?

    3. Is configuring use of a proxy a 'set-it-and-forget-it' sort of deal, or does it require occasional adjustment to maintain?

    Thanks for any info!
     
  2. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    636
    Altought Tor and VPN could be loosely be defined as "proxy" I presume here that you mean those traditional HTTP/HTTPS/Socks4/Socks5 proxies that are floating around the net out there for free.

    First rule is this: Don't use only traditional proxy. If you need/want to use one chain it with Tor and/or VPN
    (I made a sort tutorial howto do that, unfortunately, it's mostly Linux only: https://www.orwell1984.today/ProxyBlues.pdf)

    And now for answers:

    1. No. Traditional proxies are unencrypted. So any data and metadata (like HTTP-headers) are passed in clear unless you
    also use some additional encryption in addition to proxy. All that traditional proxies do is hide your IP address.
    That's all (and in plain, unencrypted HTTP-proxy case even that is not 100% certain)

    2. HTTP-proxy does not actually "strip" the SSL/TLS-encryption.

    It's just the nature of those ordinary HTTP-proxies to not forward traffic that is SSL/TLS (aka starting with https:// ) encrypted. And even in cases of HTTPS-proxies you could very well be blocked to access certain website (for example: if you use proxy located in China good luck trying to access facebook).

    So it all depends how the owner of the proxy configured it (does it allow HTTPS connection to only certain sites? does it allow HTTPS connection at all?)

    But if by stripping you mean downgrade attack of HTTPS traffic to HTTP, yes, that's possible to certain degree (take a look of: https://moxie.org/software/sslstrip/)

    Socks4 is older version of Socks5. So I recommend that you use Socks5 instead (Socks5 for example, supports remote DNS-lookups which is a nice feature). But again, it does only hide your IP, it does not offer any built-in encryption and
    you have to handle and make sure that of yourself (like ordinary https:// or SSH tunnel or VPN or Tor)

    3. If you own your own proxy out there (like maybe one setup in a rented VPS-server) then sure, it's set-and-forget.
    But if you use proxies set by others then you have no control when they disappear and your connection breaks.
     
  3. Uitlander

    Uitlander Registered Member

    Joined:
    May 16, 2010
    Posts:
    156
    Location:
    Albany, CA
    Many thanks for taking the time to give so much info. The end goal I am aiming for is to have a VPN installed on my router, setup in some way to only handle traffic when I use MX Linux (installed) or TAILS (via LiveCD). I read somewhere this is doable. For XP Pro, I want traffic to go through a proxy (I assume the HTTP sort) that will 'strip' or circumvent the SSL/TLS-encryption. The only problem I have with XP Pro is the embedded CA certificates store is blockading me from about half the internet, when I use Chrome/Chromium based browsers. I've looked into several solutions (Odysseus proxy, ZapProxy, etc.), and it looks like just using the right sort of proxy is the best and simplest solution to converting HTTPS to HTTP. Since I only use XP Pro to surf, the security of SSL/TLS-encryption is a non-issue for me....I'm only interested in restoring functionality.

    I'm still undecided as to which proxy service to use, but if I had to decide right now, it would be bestproxyandvpn.com, as their $5 monthly fee is affordable, and they seem to offer what I need, though I've no clue "how the owner of the proxy configured it". Site appears to offer:

    "The working mode of your private proxies can be set from within member area to either HTTP(S) or SOCKS. Used in HTTP(S) proxy mode, our proxies accept HTTP and HTTPS traffic while in SOCKS proxy mode they can accept 4, 4a and 5 traffic."

    I assume that is what I need. I've never fooled with this stuff before, so clear idea if I'm on the right track. I guess my first priority is to get the VPN installed on a router. Been told that my present one (mikrotik hex rb750gr3) will not support OpenVPN, even though it claims to (https://wiki.mikrotik.com/wiki/OpenVPN). Been told to get another router as a sort of standalone VPN. Unfortunately all the advice goes to Tomato, OpenWrt, etc., and so far as I can tell, that stuff only works on wireless routers. I don't use anything with wi-fi capability. Never did, never will. Wired-only router is the only option here, probably one of the Ubiquiti EdgeRouter models. Their site seems to say it works with OpenVPN, but I'm not fluent in techtalk (https://help.ubnt.com/hc/en-us/articles/115015971688-EdgeRouter-OpenVPN-Server). Note that this is not one of the models I'm considering. This is the cheapie model that's getting bad reviews. I'm assuming if one model works with OpenVPN, their others do.

    I've whittled down the VPN choices to:
    AirVPN
    Anonine VPN
    Express VPN
    FrootVPN
    IBVPN
    IVPN
    VPNArea
    I need to research them more individually (devil always hides in the details, especially the fine print). Any advice is appreciated!
     
  4. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    636
    No problem :)

    Yea, wired connection is always best choice if possible. Unfortunately, when traveling that can be little difficult. :(

    When visiting hotels, airport or any public wireless place (they are hackers wet dream),
    I often bring with myself a small raspberry pi 3 router that I power from my laptop USB 3 port and
    that will then first join me to public wireless network and then establish an encrypted SSH tunnel, outside to my rented Virtual Private Server.

    Firewall in that small pocket router is configured to accept only incoming/outgoing SSH so there is no chance at all that anyone will A) sniff my traffic B) get into my laptop while I use the public network.

    Kinda like a poor man's VPN but with added bonus that for the roughtly same monthly price I can do more with my VPS server than just with ordinary VPN subscription (like hosting www-pages, e-mail, torrent seedbox etc...)

    Downside is that if I started to fooling around ( :isay: ), the datacenter manager that hosts my VPS-server would very quickly find it out.

    I could have of course choose some off-the-self router and put custom firmware (OpenWRT seems to be the most flexible one) to it and then install the needed software to it and configure but when I looked the best high-grade routers out there, their specs and price, the small raspberry pi was a winner in my case.

    In addition to UK raspberry there are plenty of Chinese clones nowadays (like BananaPi) that offer same or more stuff than raspberry ever did.

    One more advice is that go throught the privacy policies of those VPN candinates, and also keep in mind that some VPN providers grossly overstate their number of server locations.

    If you see VPN provider claims like "absolute zero logs, 6000+ servers globally, just $5 per month" then alarm bells should start ringin.
    Even if they really had 6000 servers globally available the most are probably fake servers (aka virtual servers). Hosting a dedicated, high-end server starts from about $35 per month and up, depending of specs
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.