Open Proxy Servers
Open Proxy Servers, which allow any internet user to connect to them, typically for web browsing or for sending emails, are sometimes deliberate, and sometimes the result of mistakes or incompetence by systems administrators and software programmers.
There is a further sub-division, namely those which forward on your client PC's real IP address, and those which do not.
Typically the real IP address of your computer's internet connection is revealed by your web browser through the REMOTE_ADDR environment variable, to each and every web server you connect to.
If you are connecting via a proxy server, then it may very well reveal this IP address in the HTTP_X_FORWARDED_FOR or the HTTP_VIA environment variables.
If you visit a website, via a Proxy server, it will be the IP address of the proxy server which appears in the standard web server logfiles, however,it is often easy for a website to check and log the HTTP_VIA and HTTP_X_FORWARDED environment variables, especially if , for example, you are filling in a form with a server side script for email or account registration, for e-commerce, or to post a blog comment or discussion forum article.
Where such proxy servers have been configured not to forward the original IP address information through such environment variables, they are said to be Anonymous Proxy servers.
Although some proxy connections can be chained together, manually, many cannot, and so their use is much more error prone and more likely to betray your real IP address than using a commercial VPN service or the free Tor onion routing technique.
Various websites, e.g. http://www.freeproxy.ru, and even some commercial "anonymity" services, list or make use of any Open Proxy which they can find,often as a result of scanning lots of IP address ranges, to probe for such potential security weaknesses. Such lists of open proxies are constantly changing.
Some very badly configured proxy servers may actually allow access into supposedly private corporate or government intranet networks via the internet.
Some open proxies are created by privacy activists, and some are created by criminals e.g. open email proxies can be set up illegally by computer viruses to help with commercial email spam.
Many open proxies end up getting blocked by , say, the Great Firewall of China, or potentially, by the United Kingdom's British Telecom Cleanfeed system , which currently targets alleged child porn websites, at the behest of the Government, but which could, after a simple target list update, also be used for political censorship.
Other content blocking censorware systems e.g. Websense, typically installed on corporate or educational personal computers, may also block access to some open proxy servers, commercial privacy or anonymity services, and Tor exit nodes.
Tor exit nodes,which are also a form of more sophisticated open proxy, and other reported open proxies, are currently blocked by Wikipedia, not for reading, but for user registration and for editing or submission of articles - see the a href="http://en.wikipedia.org/wiki/Wikipedia:WikiProject_on_open_proxies" target="_wpopp" title="Wikipedia:WikiProject on open proxies -new window">Wikipedia:WikiProject on open proxies
Given the massive amount of web traffic, trying to keep logfiles of proxy usage is a big, and often uneconomical task.
However, the European Union has been bounced into passing an EU Data Retention directive, which comes into force in the United Kingdom, after an 18 month delay, on 6th April 2009, after which the major upstream internet service providers will be forced to keep such lgfiles, even though they have no use for them, for at least a year, for the benefit of law enforcement and intelligence agencies, and potentially also for use in civil copyright or libel lawsuits as well.
Open proxies are a technique which can help preserve the anonymity of whistleblower sources, when communicating with investigative journalists, bloggers, and political activists, but there are risks, which you need to evaluate.
A few tips:
- http://www.freeproxy.ru explains the various kinds of open proxy server, and publishes lists of open proxies, which are forever changing. Make your own mind up about how trustworthy any particular proxy is. Some of them on these lists are undoubtedly honeypots, designed to snoop on the possibly illegal traffic and to try to identify the users. Foreign computer crime fighters may very well not be interested in UK whistleblowers, but you cannot tell for sure.
- You should avoid searching for open proxy servers, if you are on a corporate or government intranet, as this may flag you up as a potential whistleblower.
- Not every open proxy server allows, encrypted SSL/TLS sessions,but those that do usually simply pass the encrypted session through unchanged (except where there is a sneaky man-in-the-middle attack in place). Therefore many open proxies do not provide any anonymity for https:// connections. Snoopers may not be able to read what content your are viewing or uploading, but they will still be able to log which websites you have visited, at what times and dates, and how much data you have uploaded or downloaded. If that amount of data is approximately the same as the size of the whistleblower document posted to a blog or forum, or sent via web email etc., then that may be sufficient circumstantial evidence to betray the identity of a whistleblower source.
- Tor exit nodes do not always allow SSL/TLS encrypted sessions either, but since these are vital for e-commerce, many do, even behind otherwise restrictive firewalls and censorware. The Tor system will, after a short delay, find a reasonably randomly chosen exit node, which does accept SSL/TLS connection, statistically, this will usually be located outside of the United Kingdom.
- Remember that using any SSL/TLS https:// encrypted proxy server session, or the mostly encrypted Tor proxy cloud, may protect the contents of your traffic from local snoopers, but if you have to login or otherwise authenticate to a web server or email system etc., then those details (including your real IP address) will still probably be logged by the target server, regardless of the link or session encryption, and so your whistleblower details may still be exposed, if that server is physically seized as evidence by the police or is sneakily compromised by intelligence agencies etc., either through technical hacking or bugging or by putting pressure on the systems administrators.
- You may actually get more anonymity when using the Tor cloud by not using the https:// version of a web page (if there is an alternative, unencrypted version available), since all the Tor traffic is encrypted anyway between your PC and the final exit node in the Tor cloud, which will probably not be physically in the United Kingdom.
- This applies especially to websites like the reasonably anonymous whistleblowing website wikileaks.org (based in Sweden) , which offer both http://, https:/and Tor Hidden Service methods of uploading whistleblower leak documents, but who tend to, mistakenly, insist on using https:// encryption for when someone comments on their wiki discussion pages. IWhen (not if) the wikileaks.org servers, or a blog or a discussion forum like the activist news site Indymedia UK are physically seized (this happened to IndyMedia UK at least 3 times now) , this may, in some circumstances, betray the real IP addresses of commentators with inside knowledge of a whistleblower leak i.e. suspects for a leak investigation. N.B. both wikileaks.org and IndyMedia UK claim not to log IP addresses to files, but ,inevitably, some of the recent IP address information will be available in the working memory of the machines, and their co-location hosts and upstream ISPs, will probably have some logfiles.
- Once you have identified,or been told about, a few open web proxies, it is often fiddly and inconvenient to change your web browser settings manually. This task can be automated through the use of Firefox browser add ons such as FoxyProxy or, Torbutton
- You can check if your open proxy server configuration is actually hiding your real IP address, via websites like Network-Tools.com