I have some Vietnamese friends who work to change things in their country, even if the situation in Vietnam regarding Human Rights and pro-Democratic movements is not as bad as in China, yet it really does matter for them to take care. So, whenever I can, and with my limited means (I am not a PhD holder in Computer Science, so…), like teaching them the use of TrueCrypt, etc. Yet, your light on some issues would be greatly appreciated.
There have been very demonstrating hacking experiments on Tor exit nodes showing their weaknesses, Tor has somewhat lost its credibility for free speech and freedom lovers, some starts to see it as the tool of devils, mainly run by L.E.A. and other obscure and suspicious entities, and even prefer to avoid its use.
When guys do use Tor for anonymously surfing porn sites from their office, that is not really a big thing for them even if their were caught, but there are people living in some very nice countries (China, Burma, Vietnam, etc.) where it really does matter to cover your traces and do remain invisible, because in those cases their freedom or even their live is at stake, so this is no more a little game for boys scouts.
Consequently, some prefer to return to the old way, that is to say the use of those so-called 'public' proxies. Yet, some vital questions remain as for the use of those public proxies, and my searches on the Web did not bring any answer:
1-Can not we consider that each of those proxies has, potentially, the same weaknesses as Tor exit nodes? That is to say, those who do run them could have the capacity of monitoring and recording all the activities that occur on their servers (like getting login data of emails, boards, etc.)?
2-If no, then why is it not technically possible? But if yes, would do they need special skills (hacking) in order to achieve this, or does it requires just no special tools, settings or skills?
3-In those lists of free public proxies, it seems always provided by companies, corporations, etc., but are ordinary citizens able or allowed to run their computer as a proxy server? Such an option exists for Tor, where any citizen can transform his computer into an anonymous proxy server; but what about out of this context? Does the person have to register somewhere in order to run his computer as a proxy? To his ISP?
4-If one easily understands why some citizens does need anonymity for surfing, the question of those who run those public proxies is less clear. The advantages for the citizens are obvious, but what about for those who do run proxies? Starting with the fundamental question : why do they run them? For money? But they are free, so…? To increase internet traffic? There are certainly far better ways to increase internet traffic than providing services that will make your connection run as fast as a snail…. (most of the time). For the love of freedom? Yeah, sure, lol. Honestly, what good reasons have those people to be so generous?
More seriously, should not we consider any proxy as suspicious in nature? Who use proxies? Basically guys that need to hide their activities (spammers, hackers, spying agencies, military, mafia, political activists, etc.), proxies behaves like a magnet, and will attract all those guys. So, it costs really peanuts to run those proxies compared with all the potentially interesting information that could be (or can be?) harvested, provided it can be collected (hence the above question).
5-This also raises the question about the real identity of those who do run public proxies. Do we have the capacity to truly know them? A simple 'whois' research always, or most of the time, do return information, but how far this information can be trusted? Anyone knows that even those opening name sites can register under false identities, how much more for proxies? Quite strange (or totally expected indeed), that we will never find any proxies registered to very nice agencies like the F/B/I, N/S/A, C/I/A, etc. They do not run proxies of course; they are far too respectful of citizens’ privacy, lol.
6-Likely, it is advised to select proxies not from your own country, but, again, a pro-Democratic Chinese activist may think he is safe while deciding to use a Japanese proxy, but that proxy, while really based in Japan could be run by China through its agents…
7-And what about those paid proxies? Are they safer? Probably not a wise idea to always use the same proxy as proposed by those paid ones. Besides you can be traced/identified through your payment. And these guys know all your surfing habits, may (and probably do) keep your logs, etc. In a word, they know too much about you.
8-What is your opinion about the hidden services of Tor? That allows for instance people to run a board or to share files from their computer, without, apparently, the possibility of being located/identified? Do you see any weakness, real or potential, in that system?
9-There has been some kind of hysteria about the use or not of JavaScript in the browser. As far as I understand, Java could reveal your real IP if turned on. But this would not be the case for JavaScript. And since contradictory claims are found all over, it is hard to have an opinion. I noticed, for instance, that the default settings of Tor (+Privoxy, etc.) do have JavaScript on, so one presumes those people are not idiots and provide a default setting that would jeopardize all what Tor is aimed at : providing anonymous surfing and hiding real IP. Please bring us your light of expert.
10-All of us have heard about those stories of hackers penetrating the computers of famous agencies or companies, then publishing their findings. But they were also some of those guys who got busted. Here too it raises some questions. One can suppose that smart guys like hackers never surf 'naked', without protection, but always via proxies while attacking computers, it must be a rule, a sticky. Then, how is it that some were yet tracked and busted? Or proxies protect you or they don’t, right? There is no middle way. Could it be possible that the authorities do have tools to trace back anyone when they decide to, when you become for them a top priority target they could always find you, wherever you are and whatever you use to surf safe? But if so, then using proxies or not does not make any difference in terms of protection, just delaying the time for the authorities to find you. Myth or reality?
11-So, finally, what would you advise? Tor, free anonymous public proxies, paid proxies, else? Heard of JAP for instance, but seems to have a backdoor…
As Shakespeare would say: Tor be or not Tor be, that is the question. ;-)
Thanks for your replies.
|