Tuesday

Searching for Free Proxies to Protect Your Privacy

Many people concerned about their privacy spend hours every month searching for free proxies online.  It's not that hard to do, there are thousands of lists, websites and forums chock full of proxy lists.  You'll usually find them listed under - transparent, anonymous or highly anonymous but I suggest taking these descriptions with a huge pinch of salt.

If you want to see the number of lists just put in a simple google search like this -

+”:8080? +”:3128? +”:80? filetype:txt

Here we are searching for exact matches for 8080, 3128 and 80 which are commonly used port numbers for proxies plus a text file type (but you can also search for html and you'll get just as many).  Or you can look for specific proxy types using the inurl query -

inurl: "nph-proxy.cgi" "start browsing"



In fact it's not finding the proxies that is the problem, the issues are -
  • They don't last very long
  • Where exactly are these proxies?
  • Who runs these proxies and why? 
So let's have a look at a sample list obtained using the top query.



Wohoo, a big text file packed full of proxies for me to use.   Now obviously I don't want transparent because they provide no protection at all, nope only the high anonymity ones will do for me.  So let's have a little look at a couple of these super secure anonymous proxies.  But these are quite old so, perhaps lets check out another proxy resource - Xroxy who update their lists every few hours and provide details on speed, latency etc.

So picking an anonymous proxy at random from the list we get 204.62.208.22, so lets try it out and see if it works.  This is the proxy configuration screen in Chrome - which you'll find in the options menu - so I've inserted the proxy in so my browser will route all web traffic through this server.


Just to check it works, we'll look up our IP address and see if it matches (our real IP address will be masked).


As you can see it matches which demonstrates that it is working.   So let's see who is kindly providing this Open proxy - by looking up the registration information and see who owns the server.

This is returned as

Air Liquide America
3535 W. 12th Street
Houston
TX
77008
United States

A French company who specialize in the manufacture of gases and liquids.  So why are they providing an open proxy for anyone to use?

Well of course the answer is that they probably have no idea that they are.  Firstly to be fair from their registration data they will have outsourced their IT and communications to another firm and secondly it's almost certainly not supposed to be available as it's a big security risk.   The two most likely scenarios are either their IT guy accidently left one of their web servers wide open to the internet or someone has hacked one of their machines and enabled the proxy on it.  It's difficult to say for sure the motivation for leaving this server online like this (I emailed the administrator to let them know in any case)

Either way it's hardly the high anonymity proxy that it's labelled in the list and you would be mad to trust any of your data through it.   Even if you did it would be overloaded in days or switched off when someone noticed the horrendous amount of bandwidth it was using.

Let's have a look at another from our old proxy list above - 209.129.192.52 is listed as a high anonymity proxy as well.   Checking the IP address range again - we find it is owned by -

Peralta Community College District
Oakland
CA
94606
United States

Educational establishments are a very common source of proxies, they typically have very fast connections and many web facing servers.   As such they are often mis-configured, hacked by students or just accidently left open to everyone on the internet.   If you look through any list of proxies you'll always find a few Universities, schools or colleges.

Again it is unlikely that this college has any idea it is providing a free proxy server for people to use.  The legality of using these servers without consent is of course also highly dubious and remember your real IP address is logged on the proxies you use.

There is of course another option why you should be equally wary of the high number of open proxies left available by some of the top Universities like MIT.  Some of these are left open on purpose for analysis, research etc, by using them your data is likely to become part of some sort of data analysis class!

So it's simply not worth using these free proxies, you simply have no way of conclusively knowing why they are there and who is controlling them.  By all means use the Ad supported web proxies where you browse through a frame or window for non-secure browsing (i.e not checking your bank balance!). Also be wary of the Proxy Scraper programs that you can buy online, these simply scan lists or scrape mis-configured servers to, they certainly don't provide lists of legitimate proxy servers.

Note: the above proxy list was quite old so the proxies listed have long been shut down.

0 comments: