Friday, 2 March 2012

Why I Don't Use a Proxy Server

Did you know that Shaw has proxy servers that it makes available to its customers to use? That surprised me.

I refuse to use proxy servers. For one, they break the Internet. To use a proxy server, you configure your web browser to direct all traffic to the proxy. So when you go to a website, that request is sent to the proxy server. The proxy server connects to the desired site and pretends to be you. It then sends the information back to your computer and your browser displays the results. This extra step in the middle is not a normal activity, and can cause many internet services to not function as they should. For those sites to work, the proxy is configured to go into bypass mode when one of those sites is visited, effectively bypassing any value the proxy might add. Instead of impersonating the connection for you, it just logs it.

Proxy servers are a legitimate implementation of a man-in-the-middle attack. Since all communications are handled by the proxy, it is a very effective means for the proxy administrator to log all your data, and if they are malicious enough, to impersonate you online. Because you already authorized the proxy server to impersonate you online.

Another reason to use a proxy server that people cite, is that it anonymises you behind a common IP address. I'll illustrate why that is a bad idea:

You are a hard working Canadian.
You are concerned about your privacy online, so you choose to use a proxy server. Since many people use the same proxy server, servers on the Internet do not see you as an individual, they see you as one of a crowd.

However in that crowd can be this guy
or this guy
or this guy
The proxy server IP, the one that identifies the crowd you are in, comes to the attention of these guys:
They go to a judge and get a warrant for the proxy server. The ISP, not wanting the police to go get a more extensive warrant that causes them to close the ISP down, hands over all the records of all users recorded in that proxy server. Remember, that proxy server looks like this
to everyone on the Internet. In order to separate the wheat from the chaff, the police need all of the logs that go with that proxy server.

Now perhaps you, the hardworking Canadian, downloaded the HBO series Game of Thrones. Which is actually illegal. So the record of that download is now included in the logs on that proxy server you are using to hide yourself on the Internet.

Which means that when the bank robber
or the terrorist
or the child pornographer
are caught and prosecuted, well you just might be joining them here
Where you can thank them for bringing the proxy server to the attention of the authorities.

Proxy servers are not for me. I'll take my chances on the internet by myself thanks.









6 comments:

Ken Breadner said...

Wow, I've been called paranoid for advancing some of what you just wrote. People laugh at me and tell me I'm missing out on half the Internet because I'm in the wrong country. Well, half the Internet is better than nothing.

Marc Bernard said...

Now perhaps you, the hardworking Canadian, downloaded the HBO series Game of Thrones

Excuse me whilst I close the blinds...

Catelli said...

ROFL. Now find the camera and the wiretap.

Anonymous said...

You should use adblocker to stop sitemeter et al, though. I'm not too worried about police (yet) for my mockery of right wingers, but I do worry about the gun nut vigilantes and general fascists with their track n' stalk blogs finding my IP number and then sending some goons.

Catelli said...

Adblocker installed. Check.

Rightwing nutjobs, uh, "Hey look my neighbour's wireless is unsecured. Sweet!"

Anonymous said...

IMHO, you are judging a technology based on a specific aspect of it.
For example, a proxy can be really useful to protect your boss from getting in jail, if one of your hard-working colleagues is acting illegally through your job network. In that case, you should identify and isolate the guy before the police has a little chat with your boss, right?? You know that they will blame the tech guy, right?