Millions of people across the world use free proxy services to bypass censorship filters, improve online security, and access websites that aren’t available in their country. But an analysis has found those free services come at an unexpected cost for users: their privacy and security. Christian Haschek, an Austria-based security researcher, wrote a script that analyzed 443 open proxies, which route web traffic through an alternate, often pseudo-anonymous, computer network. The script tested the proxies to see if they modified site content or allowed users to browse sites while using encryption. According to Haschek’s research, just 21 percent of the tested proxies weren’t “shady.”
Haschek found that the other 79 percent of surveyed proxy services forbid secure, HTTPS traffic.
HTTPS is commonly used to encrypt Web traffic, allowing users to enter credit cards, passwords, and other sensitive information in a manner that makes it difficult for hackers and intermediaries to intercept. By preventing customers from using the Web securely, Haschek warns these open proxies “can analyze your traffic and steal your logins.”
Free proxies are also manipulating websites directly. Haschek reports that 16.6 percent of proxies change HTML and 8.5 percent modified websites’ JavaScript. In most cases, this was done merely to inject advertising into websites. However, Haschek speculates that these services are “probably also cookie stealing.”
Popularity Surge
Proxy usage has been growing over the years along with the rise of content streaming services and growing fears of government surveillance of internet activity. Virtual Private Networks (VPNs), which encrypts all your traffic and routes it through another server to mask your location, are commonly used by people looking to bypass geolocation restrictions on services such as Netflix, Hulu, and BBC iPlayer. And by masking user’s locations, software and media pirates have also flocked to VPNs to make it more difficult for content owners to sue them in court.
VPN services are also popular in countries with strict Internet laws. They have been used in China, particularly by foreigners looking to access Western websites blocked by the Great Firewall, until the Chinese government moved to block VPN access earlier this year. In April, many Australians started using VPNs after the government passed a mandatory data retention law. As a result, CNET reported that one VPN provider’s Australian business increased 500 percent between early March and mid-April.
At the same time, in the past few months free VPN services have been tied to deceptive business practices. Hola, an Israeli VPN service that boasts over 48 million users, was widely criticized last month for selling its free-tier users’ idle bandwidth. This meant Hola’s millions of free users were unknowingly turned into a botnet that was utilized for criminal activities, including repeated denial-of-service attacks against the message board 8chan.
Haschek’s analysis didn’t uncover anything quite so sinister, but noted some of the reviewed services were “definitely bad adware.” A previous report from the security researcher noted that many of these free proxies exist because establishing the service serves as “an easy way to infect thousands of users and collect their data.”
According to that report, Haschek observed that controlling a VPN services makes it is easy to manipulate websites to steal login information, banking and credit card accounts, turn users into a distributed denial-of-service attack botnet, and monitor all their Web activities.
Finding Safe Alternatives
To help combat the security vulnerabilities users expose themselves to when using free proxies, Haschek released a tool called Proxy Checker, which performs a cursory evaluation on any proxy service in use to ensure it isn’t manipulating content or forcing users to forgo encryption.
But Haschek recommends avoiding free proxies altogether. Fortunately, secure alternatives exist.
Source of this news: https://www.wired.com/2015/07/proxy-services-totally-unsecure-alternatives/
Related posts:
Police forces around the world are arresting more suspects of organized crime. They’re unsealing evidence gathered over the past two to three years via a private-messaging app, Anom (styled ΛNØM).Age...
Fran Finnegan was on vacation in New York just before the Fourth of July weekend when he received a disturbing text message from one of his customers: How come his website was down?Finnegan quickly s...
This post covers different workaround to try to get rid of various Google Backup and Sync errors. Google introduced the Backup and Sync Tool to add files, images, and videos to both Google Drive and ...
On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involvin...
Over the last four years, additional than 1, 500 business days, Cisco ’s strategic collaboration has helped Expo 2020 Dubai establish a secure, intelligent foundation for connectivity. The...
The goal is to enhance the developer experience wherever they work, the company said. Image: Canonical More about open source Canonical rolled out Ubuntu 21.10 Thursday, touting it as "the most...
When it comes to internet security, proxies are some of the most commonly used avancées techniques on a global scale. They are pretty fantastic, but different proxies are formulated for different ...
The definition of Kickass new site is a website that has been created to be used as a complete marketing platform. What does this mean? In order to make an analogy, think about how you would create y...
Second Quarter 2021 Net Revenues Increased 35% to $97 Million Year-Over-Year with Adjusted EBITDA Up 28% Year-Over-Year Company Reaffirms Revenue and Adjusted EBITDA Growth Trajectory for Full Year 2...
PROFESSIONALCOMMUNITY To configure Firefox so that you can use it for testing with Burp, you need to perform the following configuration steps. In Firefox, go to the Firefox Menu and select "Prefer...
Friday, June 18, 2021 Street artist Alessia Babrow has sued the Vatican, alleging that the Philatelic and Numismatic Office of the Vatican City State copied her artwork without her permission ...
The Biden administration has formally accused hackers affiliated with China’s Ministry of State Security (MSS) of exploiting Microsoft Exchange Server vulnerabilities in a massive cyberattack. The U...
Adam Bannister 27 The month of september 2021 at 13: 29 UTC Transformed: 27 September 2021 available on 14: 36 UTC Large scanning detected after RCE exploits surface online Attackers are...
Not bad, NordVPN. We were hopping around proxy servers on Chrome without any drops in speed. This is what using a virtual private network (VPN) should feel like. We noticed a similar experience on an...
Mutual TLS: Vital for Securing Microservices in a Service Meshbrooke.crothersThu, 04/28/2022 – 16:10 Why do you need mTLS? While TLS is being used to secure traffic between clients and servers on t...
As public online data acquisition becomes increasingly important to decision-making, AI, web scraping and proxies will continue to find their way into business activities. While the inclusion of AI i...
JAXenter: Considering recent security breaches, now more than ever, enterprises need to be focused on making security their first priority. What is the first action that companies should take when re...
Photo by Ed Webster from Pexels The internet is vast, and it connects millions of devices. Regardless of who you are and what you do, using a private proxy is beneficial. In recent years, private pro...
