Forum About Proxy
November 23, 2024, 09:48:10 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Bust the myth: SOCKS better than HTTP proxy. Go back to FreeProxyList.org or Proxy-List.org
 
   Home   Help Search GoogleTagged Login Register  
Hide My IP VPN - Access Sites You Love When Abroad! Hide Your Identity and Surf Privately!
Pages: [1]
  Print  
Author Topic: Tor versus Public Proxy Servers  (Read 449799 times)
Vladimir999
Newbie
*
Posts: 5


View Profile
« on: May 20, 2010, 06:35:32 PM »

I have some Vietnamese friends who work to change things in their country, even if the situation in Vietnam regarding Human Rights and pro-Democratic movements is not as bad as in China, yet it really does matter for them to take care. So, whenever I can, and with my limited means (I am not a PhD holder in Computer Science, so…), like teaching them the use of TrueCrypt, etc. Yet, your light on some issues would be greatly appreciated.

There have been very demonstrating hacking experiments on Tor exit nodes showing their weaknesses, Tor has somewhat lost its credibility for free speech and freedom lovers, some starts to see it as the tool of devils, mainly run by L.E.A. and other obscure and suspicious entities, and even prefer to avoid its use.

When guys do use Tor for anonymously surfing porn sites from their office, that is not really a big thing for them even if their were caught, but there are people living in some very nice countries (China, Burma, Vietnam, etc.) where it really does matter to cover your traces and do remain invisible, because in those cases their freedom or even their live is at stake, so this is no more a little game for boys scouts.

Consequently, some prefer to return to the old way, that is to say the use of those so-called 'public' proxies.
 
Yet, some vital questions remain as for the use of those public proxies, and my searches on the Web did not bring any answer:

1-Can not we consider that each of those proxies has, potentially, the same weaknesses as Tor exit nodes? That is to say, those who do run them could have the capacity of monitoring and recording all the activities that occur on their servers (like getting login data of emails, boards, etc.)?

2-If no, then why is it not technically possible? But if yes, would do they need special skills (hacking) in order to achieve this, or does it requires just no special tools, settings or skills?

3-In those lists of free public proxies, it seems always provided by companies, corporations, etc., but are ordinary citizens able or allowed to run their computer as a proxy server? Such an option exists for Tor, where any citizen can transform his computer into an anonymous proxy server; but what about out of this context? Does the person have to register somewhere in order to run his computer as a proxy? To his ISP?

4-If one easily understands why some citizens does need anonymity for surfing, the question of those who run those public proxies is less clear. The advantages for the citizens are obvious, but what about for those who do run proxies? Starting with the fundamental question : why do they run them? For money? But they are free, so…? To increase internet traffic? There are certainly far better ways to increase internet traffic than providing services that will make your connection run as fast as a snail…. (most of the time). For the love of freedom? Yeah, sure, lol. Honestly, what good reasons have those people to be so generous?

More seriously, should not we consider any proxy as suspicious in nature? Who use proxies? Basically guys that need to hide their activities (spammers, hackers, spying agencies, military, mafia, political activists, etc.), proxies behaves like a magnet, and will attract all those guys. So, it costs really peanuts to run those proxies compared with all the potentially interesting information that could be (or can be?) harvested, provided it can be collected (hence the above question).

5-This also raises the question about the real identity of those who do run public proxies. Do we have the capacity to truly know them? A simple 'whois' research always, or most of the time, do return information, but how far this information can be trusted? Anyone knows that even those opening name sites can register under false identities, how much more for proxies? Quite strange (or totally expected indeed), that we will never find any proxies registered to very nice agencies like the F/B/I, N/S/A, C/I/A, etc. They do not run proxies of course; they are far too respectful of citizens’ privacy, lol.

6-Likely, it is advised to select proxies not from your own country, but, again, a pro-Democratic Chinese activist may think he is safe while deciding to use a Japanese proxy, but that proxy, while really based in Japan could be run by China through its agents…

7-And what about those paid proxies? Are they safer? Probably not a wise idea to always use the same proxy as proposed by those paid ones. Besides you can be traced/identified through your payment. And these guys know all your surfing habits, may (and probably do) keep your logs, etc. In a word, they know too much about you.

8-What is your opinion about the hidden services of Tor? That allows for instance people to run a board or to share files from their computer, without, apparently, the possibility of being located/identified? Do you see any weakness, real or potential, in that system?

9-There has been some kind of hysteria about the use or not of JavaScript in the browser. As far as I understand, Java could reveal your real IP if turned on. But this would not be the case for JavaScript. And since contradictory claims are found all over, it is hard to have an opinion. I noticed, for instance, that the default settings of Tor (+Privoxy, etc.) do have JavaScript on, so one presumes those people are not idiots and provide a default setting that would jeopardize all what Tor is aimed at : providing anonymous surfing and hiding real IP. Please bring us your light of expert.     

10-All of us have heard about those stories of hackers penetrating the computers of famous agencies or companies, then publishing their findings. But they were also some of those guys who got busted. Here too it raises some questions. One can suppose that smart guys like hackers never surf 'naked', without protection, but always via proxies while attacking computers, it must be a rule, a sticky. Then, how is it that some were yet tracked and busted? Or proxies protect you or they don’t, right? There is no middle way. Could it be possible that the authorities do have tools to trace back anyone when they decide to, when you become for them a top priority target they could always find you, wherever you are and whatever you use to surf safe? But if so, then using proxies or not does not make any difference in terms of protection, just delaying the time for the authorities to find you. Myth or reality?

11-So, finally, what would you advise? Tor, free anonymous public proxies, paid proxies, else? Heard of JAP for instance, but seems to have a backdoor…

As Shakespeare would say: Tor be or not Tor be, that is the question. ;-)

Thanks for your replies.
« Last Edit: June 21, 2010, 06:27:17 AM by HIF » Logged
HIF
Administrator
Full Member
*****
Posts: 211


277767
View Profile WWW
« Reply #1 on: May 22, 2010, 10:38:24 AM »

First of all thank you very much for your interesting questions. Let me answer and I am sure all your doubts about public proxy servers will disappear. I have over 6 years experience working especially with proxy servers and I know almost everything about them... even more our team developed brand new proxy servers zProxy2, which work similar to Squid but has much more advantage function. Very soon it will be available for our public users Wink

1-Can not we consider that each of those proxies has, potentially, the same weaknesses as Tor exit nodes? That is to say, those who do run them could have the capacity of monitoring and recording all the activities that occur on their servers (like getting login data of emails, boards, etc.)?

Ok, you are theoretically right. Anyone, who is the owner of proxy server, could monitor user activity based on logs. That is why I always warning all users that they should not use any dedicated IP or Tor like projects (sorry, nothing personal). Here is the simple explanation why:

How many users will use dedicated proxy server or Tor project in compare to public proxy servers? You are absolutely right, public proxy server is used by thousand and thousand new users from the entire world per day. That is the main advantage of public proxy server Wink

It is almost impossible to find your activity (requests) among gigabytes of others traffic... there is no server who can keep so much user activity and monitor them, the logs are very soon deleted or overflowed. So after max 24 hours nobody will be able, even theoretically to find your activity Wink It is absolutely the same to search a needle in haystack Wink
« Last Edit: June 29, 2010, 07:34:27 PM by HIF » Logged

HIF
Administrator
Full Member
*****
Posts: 211


277767
View Profile WWW
« Reply #2 on: May 22, 2010, 10:43:53 AM »

2-If no, then why is it not technically possible? But if yes, would do they need special skills (hacking) in order to achieve this, or does it requires just no special tools, settings or skills?

Of course it is possible; even more many users have no idea that their PC is already used as a proxy server. This type of proxy servers is so called BotNets. I guess it is useless to say that they are prohibited by the low. You could have big problems if you will simply use them for browsing. Mainly they are created by spammers for sending millions of emails every day.

So that is why I strongly recommend that a person who is not qualified in IT will setup anything similar to proxy server on his PC. Just imagine: if he will not block CONNECT commands to some particular ports, which means that anyone could use his PC for tunneling data to any protocol!!! That in turn means his PC could be used to make a brute force or DoS attack to any bank service. Very soon his IP will be identified and I guess you know who will be his guests at the evening time Wink

For example: in case if everything was done via BotNet proxy, user have right to say that everything was done against his will and he has no idea about it. BUT with TOR project for example HE DID EVERYTHING BY HIS OWN and their for HE IS IN CHARGE OF ALL ACTIVITY FROM HIS PC Wink

If you are looking for extra problems feel free to setup proxy server or similar software on your PC, very soon (I guess within couple of days) you will have them Smiley
« Last Edit: June 29, 2010, 07:34:32 PM by HIF » Logged

HIF
Administrator
Full Member
*****
Posts: 211


277767
View Profile WWW
« Reply #3 on: May 22, 2010, 10:50:27 AM »

3-In those lists of free public proxies, it seems always provided by companies, corporations, etc., but are ordinary citizens able or allowed to run their computer as a proxy server? Such an option exists for Tor, where any citizen can transform his computer into an anonymous proxy server; but what about out of this context? Does the person have to register somewhere in order to run his computer as a proxy? To his ISP?

I guess no need to answer that question; everything is said within second answer Wink I will repeat once again: if you are connected to the internet, you have your own IP address. And you are responsible for all operations which will be done via that IP. If you have proxy server on your PC that means that all other users activity (operations) is done like you are doing them by you own. So no way to say ‘I have not done that’ later Wink
« Last Edit: June 29, 2010, 07:34:36 PM by HIF » Logged

HIF
Administrator
Full Member
*****
Posts: 211


277767
View Profile WWW
« Reply #4 on: May 22, 2010, 11:05:43 AM »

4-If one easily understands why some citizens does need anonymity for surfing, the question of those who run those public proxies is less clear. The advantages for the citizens are obvious, but what about for those who do run proxies? Starting with the fundamental question : why do they run them? For money? But they are free, so…? To increase internet traffic? There are certainly far better ways to increase internet traffic than providing services that will make your connection run as fast as a snail…. (most of the time). For the love of freedom? Yeah, sure, lol. Honestly, what good reasons have those people to be so generous?

More seriously, should not we consider any proxy as suspicious in nature? Who use proxies? Basically guys that need to hide their activities (spammers, hackers, spying agencies, military, mafia, political activists, etc.), proxies behaves like a magnet, and will attract all those guys. So, it costs really peanuts to run those proxies compared with all the potentially interesting information that could be (or can be?) harvested, provided it can be collected (hence the above question).


Unfortunately I could not fully answer your question. Our forum is publicly available and anyone could read it. But since too many users ask me the similar question: why someone runs proxy server for free? Smiley I have decided to give you a tip Wink

Do you know that when anyone setup squid proxy servers (it is most wide spread proxy server on the earth) it is does not have any restrictions? Smiley It looks strange but by default anyone who knows IP and port could use it. If you want to add authentication (access proxy only via user name and password) you have to have good knowledge in *nux based OS + some experience in networking.

So most beginner administrators left defaults settings or change just a port, from default 3128 to 80 or 8080 Smiley which are standards for proxy servers. If you know that proxy is open (does not require user or pass), you know possible port what else do you need to find it? Smiley Just a software and couple of hours Wink I am sure you came across with situation when one day proxy was public but next day it asks you user name and password Wink so know you know why Smiley

p.s. Please never do port scan! They are also prohibited by the law Smiley there are other ways to find proxy server without doing anything illegal. Of course I am not going to share such valuable information; otherwise anyone will be able to create a web site similar to freeproxylist.org
« Last Edit: October 06, 2011, 02:39:17 PM by HIF » Logged

HIF
Administrator
Full Member
*****
Posts: 211


277767
View Profile WWW
« Reply #5 on: May 22, 2010, 11:12:26 AM »

5-This also raises the question about the real identity of those who do run public proxies. Do we have the capacity to truly know them? A simple 'whois' research always, or most of the time, do return information, but how far this information can be trusted? Anyone knows that even those opening name sites can register under false identities, how much more for proxies? Quite strange (or totally expected indeed), that we will never find any proxies registered to very nice agencies like the F/B/I, N/S/A, C/I/A, etc. They do not run proxies of course; they are far too respectful of citizens’ privacy, lol.

6-Likely, it is advised to select proxies not from your own country, but, again, a pro-Democratic Chinese activist may think he is safe while deciding to use a Japanese proxy, but that proxy, while really based in Japan could be run by China through its agents…


I am sure if you read everything above you already know who is in charge of public proxy servers. Also you know why you can select any country, including China without any worries. Even more, for me Tor project looks more suspicious and dangerous than any public proxy servers!

I remember similar project CoDeeN which claims to be free and independent organization but I am 100% sure they are collecting information about each and every users who uses their service. They do not hack you email or steal you money from your CC. They simple collect US people preferences in music, movies, goods and so on... to sells all those stats to some manufacturer.

In 21th century information is much more expansive than gold or even oil Wink
« Last Edit: June 29, 2010, 07:34:50 PM by HIF » Logged

HIF
Administrator
Full Member
*****
Posts: 211


277767
View Profile WWW
« Reply #6 on: May 22, 2010, 11:21:43 AM »

7-And what about those paid proxies? Are they safer? Probably not a wise idea to always use the same proxy as proposed by those paid ones. Besides you can be traced/identified through your payment. And these guys know all your surfing habits, may (and probably do) keep your logs, etc. In a word, they know too much about you.

It is absolutely safe to use our public proxy servers. Do you know why? Just check our real time stats for last 24 hours and you will see that we have almost 20.000 different proxy servers during 24 hours.

Just couple of days ago we finished our brand new product Premium Proxy Switcher (PPS) for Firefox. It will be available on our web site within couple of days. It is absolutely free to anyone and could be used not only with our VIP service but with any other proxy provider. Now even beginner user, without any knowledge in IT field could use advantage of proxy servers. PPS downloads proxy list and changes proxy setting in Firefox automatically based on user preferences.

If it is impossible to find user activity in one public proxy server’s log file then it is ABSOLUTELY impossible to monitor their activity if they used Premium Proxy Switcher. Since their logs are split among different proxy servers.
« Last Edit: June 29, 2010, 07:34:54 PM by HIF » Logged

HIF
Administrator
Full Member
*****
Posts: 211


277767
View Profile WWW
« Reply #7 on: May 22, 2010, 11:53:12 AM »

8-What is your opinion about the hidden services of Tor? That allows for instance people to run a board or to share files from their computer, without, apparently, the possibility of being located/identified? Do you see any weakness, real or potential, in that system?

Really interesting question let me answer it. Do you know that the best way to hack user’a PC and install BotNets (please read about them above) is a torrent or similar hidden file shearing? Smiley Hacker downloads new game, adds virus and shares it via torrent... thousands users will download and install it on their PC.

Their antivirus will never fine a BotNet! In best situation if user is IT qualified, he could block outgoing traffic for BotNet but there is just few % of users who could do that. In most cases such user’s PC will be used as illegal proxy for sending spam.

That is why I strongly recommend use only trusted web sites. There is a good file hosting rapidshare, you could find almost anything uploaded their Wink
« Last Edit: June 29, 2010, 07:34:59 PM by HIF » Logged

HIF
Administrator
Full Member
*****
Posts: 211


277767
View Profile WWW
« Reply #8 on: May 22, 2010, 12:03:43 PM »

9-There has been some kind of hysteria about the use or not of JavaScript in the browser. As far as I understand, Java could reveal your real IP if turned on. But this would not be the case for JavaScript. And since contradictory claims are found all over, it is hard to have an opinion. I noticed, for instance, that the default settings of Tor (+Privoxy, etc.) do have JavaScript on, so one presumes those people are not idiots and provide a default setting that would jeopardize all what Tor is aimed at : providing anonymous surfing and hiding real IP. Please bring us your light of expert.

I have never seen any web site that is doing such difficult manipulations to identify your IP. Even more the user’s IP via JS could NOT be identified, they use similar to pronounce Java Applets. So please do not frighten users if you do not know the difference between them Wink

Java Applets are separated programs, which could be run inside your browser (your mobile games are mostly java applets). They never use browser’s proxy settings. BUT browser will ALWAYS ask user to allow or disable such Java Applets if they exist on the page. So it is up to the user show or not to show his real IP Wink

This question looks more like a myth which was created by several groups of people to make users buy their product or software Wink Anonymous public proxy server is more than enough to hide your IP. BUT if you are going to hack bank account and steal 1.000.000 USD, you will be 100% found even if you will use super-mega-proxy server Cheesy
« Last Edit: June 29, 2010, 07:35:04 PM by HIF » Logged

HIF
Administrator
Full Member
*****
Posts: 211


277767
View Profile WWW
« Reply #9 on: May 22, 2010, 12:32:27 PM »

10-All of us have heard about those stories of hackers penetrating the computers of famous agencies or companies, then publishing their findings. But they were also some of those guys who got busted. Here too it raises some questions. One can suppose that smart guys like hackers never surf 'naked', without protection, but always via proxies while attacking computers, it must be a rule, a sticky. Then, how is it that some were yet tracked and busted? Or proxies protect you or they don’t, right? There is no middle way. Could it be possible that the authorities do have tools to trace back anyone when they decide to, when you become for them a top priority target they could always find you, wherever you are and whatever you use to surf safe? But if so, then using proxies or not does not make any difference in terms of protection, just delaying the time for the authorities to find you. Myth or reality?

That was really nice attempt to prove that anonymous proxy servers are worse Smiley but you made a mistake once again. First of all I could show you a forum with hundred of users who did even SPAM from their own PC without a proxy Cheesy I call them kamikaze... So there is a high chance that you heard exactly about such, so called hacker Smiley That kamikazes are sure that nobody will find them Smiley and they are partly right. Let me explain why:

Very often I see users who ask me a question if public proxy servers are 100% anonymous. The answer is yes of course, they are 100% anonymous BUT there is a rule which ‘TOP’ guys are using to select which hacker they are going to punish. The rule is simple, if time and money spent on finding a hacker is less than a profit from finding him they will 100% find such hacker, no matter if he will use proxy chains or any other hard to analyze methods.

There is another situation when they could start searching: if one abuses someone too much and he is ready to cover all expenses just to punish hacker then again nobody will help him Smiley The punisher will keep searching hacker for ages until he will not die or forget about you. It is similar to the bear: if you shoot bear but it is still alive he will continue running after you until death Wink

So you should not worry about everything described above, since you are not going to steal 1.000.000 USD from bank or hack NASA’s web site Cheesy Nobody will start searching you just because you check facebook or youtube in school where such sites are blocked by admin or for watching porn sites instead of doing your job Cheesy
« Last Edit: October 20, 2010, 09:43:53 AM by HIF » Logged

HIF
Administrator
Full Member
*****
Posts: 211


277767
View Profile WWW
« Reply #10 on: May 22, 2010, 12:42:01 PM »

11-So, finally, what would you advise? Tor, free anonymous public proxies, paid proxies, else? Heard of JAP for instance, but seems to have a backdoor…

Unfortunately you are 90% wrong with public proxy servers Wink You need to read a bit more theory and articles (they are publicly available). If you are IT qualified and you know the basics you should know that there are no better way to make yourself private than to use public proxy server.[/b]

As Shakespeare would say: Tor be or not Tor be, that is the question.  ;-)

Of course TO BE my friend! That is why we have created that forum and our web site. We are all here to help users keep their privacy rights. IMHO no one in this world have right to read other person’s emails or monitor their activity, each person has his own PERSONAL life.

If anyone will need a help please never hesitate to contact me. I am always ready to help each and very online surfer!

Good bless you.
« Last Edit: June 29, 2010, 07:35:40 PM by HIF » Logged

Vladimir999
Newbie
*
Posts: 5


View Profile
« Reply #11 on: May 22, 2010, 01:16:52 PM »

Thank you very much for taking the time to reply in details to all those questions. Not being an IT PhD holder, I prefer to ask, instead of pretending or guessing.  Things are clear now, and be sure I will spread your holy words. 

When using emails service like Gmail, users have the possibility to see the last 9 IP automatically recorded + the one currently used; that way you can see if your email is illegally used/visited. I did a little experiment, one using an account used without proxies, which was never visited by alien identities, one account which was reached through public proxies and one account which was reached through Tor, but, alas, must confess that the two accounts reached via public proxies & Tor where visited (several times in a period of a few months). Of course, nothing to worry, but that is something people should be aware of.
« Last Edit: June 21, 2010, 06:27:41 AM by HIF » Logged
Vladimir999
Newbie
*
Posts: 5


View Profile
« Reply #12 on: May 22, 2010, 02:01:54 PM »

In the reply to question 10:

"That was really nice attempt to prove that anonymous proxy servers are worse Smiley but you made a
mistake once again."


There was no attempt at all, read the sentence again. I have nothing against them or nothing for them, I just came with a set of questions, nothing less nothing more.

Same here with the answer to question 11:

"Unfortunately you are 90% wrong with public proxy servers"

Again, not right, not wrong about them, it was just simple questions. If they work, good, if they don't good too.

I have no worry about that. Wink
« Last Edit: June 21, 2010, 06:28:08 AM by HIF » Logged
HIF
Administrator
Full Member
*****
Posts: 211


277767
View Profile WWW
« Reply #13 on: May 22, 2010, 02:04:15 PM »

When using emails service like Gmail, users have the possibility to see the last 9 IP automatically recorded + the one currently used; that way you can see if your email is illegally used/visited. I did a little experiment, one using an account used without proxies, which was never visited by alien identities, one account which was reached through public proxies and one account which was reached through Tor, but, alas, must confess that the two accounts reached via public proxies & Tor where visited (several times in a period of a few months). Of course, nothing to worry, but that is something people should be aware of.

Most strange fact in your story is that someone possibly hack your email because you have used public proxy servers. I cannot say anything about Tor but it is ABSOLUTELY impossible to do with public proxy server. Nobody, even the owner of proxy server could steal your email’s or even bank account’s password if you used his proxy. I will try to avoid theory and explain it as simple as possible:

All services like email, online banking or check out (when you make a payment via credit card) are done via HTTP protocol over SSL. To say it more user friendly that is https:// like URLs. If you can see that extra S symbol after http that means: connection between you and the server (web site) is secure.

Secure, means absolutely secure! Nobody between your PC and server (web site) could read information you are sending or receiving. They could identify to which web site you opened a secure connection BUT after this point all information is encoded with special, so called public keys.

What does it means? It means that information encoded by sender (your PC if you are sending password for example) could be decoded only by server (web site where you are trying to login). Nobody in the middle could decode it!

You could think that key which is used to decode data, could be generated BUT please take in an account that the size of the key is 1024 bit that means if you will use even 10.000 computers connected with each other. It will takes much more than 1000 years none stop working to check all possible variations Wink

That is why: if you are opening https:// like URLs via public proxy servers (which could be under monitor) still, nobody could see your personal information (including passwords) Wink.

Thank you once again for sharing information you got. You did a great job by asking so much interesting and frequently asked question in one topic.
« Last Edit: June 29, 2010, 07:35:45 PM by HIF » Logged

Pages: [1]
  Print  

 
Jump to:  

Скройте свой IP-адрес в два клика. 72 страны, 17 штатов США и множество городов. Смена IP-адреса для всего компьютера сразу.
Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!