Anonymity test „IP Check“ shows general insecurity of web proxies

Web proxies like Anonymouse.org, Hide my Ass! or Proxify are not suitable for anonymous surfing - while this fact should already have become general knowledge, still ten thousands of users think they are anonymous on the Internet by using these services. The website IP Check now shows their privacy issues clearly to the public: Besides other sophisticated privacy tests, the site is now able to break the security all existing web proxies.

Details of the attacks

If JavaScript is allowed, attacks on web proxies are quite easy: a website may simply override the JavaScript methods that should actually protect the proxy from any attacks. There is no way on how a web proxy may prevent this. After this basic protection has been removed, the proxy may get easily bypassed by loading "unproxified" web resources over a direct IP connection from the user's browser. This leads to the user's IP address and browser data being uncovered to the visited website.

Breaking web proxies is moreover possible by introducing invalid or unusal HTML code. As web proxies interpret HTML code differently from a normal web browser, this may confuse their replacement logic: if they omit only one of the original website links, e.g. to an image or style resource, their protection will get bypassed. If moreover JavaScript is enabled, this causes some web proxies, e.g."Anonymouse" or "Hide my Ass!", to not even reach the real test site without being de-anonymized completely.

Only if all plugins and scripts are filtered by the web proxy or switched off in the browser, a few web proxies are able to resist these attacks. However, this disqualifies web proxies for general web surfing, as sooner or later you will need JavaScript in order to use the sites you want. You might moreover keep in mind that web proxies break the browser's SSL encryption to secure sites, as their principle is to act as man-in-the-middle site: They can see any data that you transfer, and your browser will not even be able to check the visited site's SSL certificate. So you should avoid web proxies anyway if you would like to transfer private data.

More Informations you may find in the description of the attacks.

What is the "IP Check"?

IP Check is a free and easy understandable anonymity test. The test shows at a glance which attacks a website may launch on your privacy. Moreover, you get recommendations for possible counter measures.

Trackbacks

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

  1. iphone 5 att says:

    Wonderful wordpress website right here.. It is tough to locate good quality composing like yours today. I actually recognize men and women like you! consider treatment


The author does not allow comments to this entry