Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
The moose likes Meaningless Drivel and the fly likes Web based free anonymous proxy services - how safe? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Other » Meaningless Drivel
Bookmark "Web based free anonymous proxy services - how safe?" Watch "Web based free anonymous proxy services - how safe?" New topic
Author

Web based free anonymous proxy services - how safe?

Sonny Gill
Ranch Hand

Joined: Feb 02, 2002
Posts: 1211

In terms of privacy, how safe is it to use such services.
For example - http://proxify.com

Any good or bad experiences? Does anybody know of any good services like this (preferably free)


The future is here. It's just not evenly distributed yet. - William Gibson
Consultant @ Xebia. Sonny Gill Tweets
Jeroen Wenting
Ranch Hand

Joined: Oct 12, 2000
Posts: 5093
So instead of storing the cookies with your password and username on your own computer they're now stored on their computer.
Same with your creditcard number, address, and all your other personal data.

Instead of protecting yourself you've just given someone you've never met everything they need to do all the things you wanted to be protected from in the first place...

Edit:
Why add another step in the process of transmitting data to your bank?
Normally only your bank can see the data, when you use their service they too can see it. Do you want that?

Sites like this play on people's paranoia about them being monitored (usually by the CIA or NSA, always popular as Big Bad Evil) to get them to spill their guts to some total stranger.
Then they find themselves victims of identity theft or have their bankaccounts cleared out, charges made against their creditcards they never ordered, etc. etc.
[ June 23, 2004: Message edited by: Jeroen Wenting ]

42
Ernest Friedman-Hill
author and iconoclast
Marshal

Joined: Jul 08, 2003
Posts: 24183
    
  34

Well, the purpose of such a service, generally, is so that your boss can't see where you're surfing, or perhaps so that your browser history doesn't show the sites you visited.

But note that the address you give is an http: URL, so that communications between your browser and the Proxify site are unencrypted. That means your company can see all the communications on the wire, so they would be able to know where you are surfing anyway. And futhermore, if you type "http://www.javaranch.com" into the text box and hit enter, you and up looking at the Saloon with a bunch of adverts along the top of the window (most of them for porn!) and this URL showing in the address bar:

http://proxify.com/p/011110A0000110/http/saloon.javaranch.com/cgi-bin/ubb/ultimatebb.cgi

So in other words, JavaRanch will show up in both your browser history and your company's normal HTTP proxy logs. This is a severe problem with this particular implementation; I can certainly imagine a much more discreet "proxifier" than this one!

Now, finally, if you use Proxify to access a secure site, note that they have the opportunity to decrypt the communications before establishing a new https link with your browser; therefore although all the Internet traffic is encrypted, the good folks at Proxify.com would have access to all your banking, credit card, and other information.

So it's up to you whether you think that a company whose main interest seems to be selling ad space to pornographers should be trusted with all your sensitive data.


[Jess in Action][AskingGoodQuestions]
Sonny Gill
Ranch Hand

Joined: Feb 02, 2002
Posts: 1211

Yup, I agree totally. I was just checking out what other people had to say on this!
At my company, login.yahoo.com is blocked to prevent people from chatting on yahoo messenger (I believe) but that also prevents me from using Yahoo mail.
I wonder how difficult it would be to write a servlet or jsp, and host it at a site like myjavaserver.com, which lets you login to yahoo, and then you can continue checking mail from your pc. To use Yahoo mail, you need to have javascript and cookies enabled, so maybe this can be done using some classes in HttpUnit. Any thoughts on this?
Of course, I could push my boss to remove the firewall restriction on yahoo, but that is no fun

ps. Jeroen, Ernest thanks for the replies
Jack Daniel
Ranch Hand

Joined: Jun 15, 2002
Posts: 163
nice discussion..

hey guys, what do you say about PAID services like http://www.iprivacytools.com , which hides your IP and creates a proxy server for you...

Do you think, they too would be stealing your personal data??


I request you people to give your ideas about such available PAID services like the one I mentioned above; it would be great..

Thanks and cheers
Jeroen Wenting
Ranch Hand

Joined: Oct 12, 2000
Posts: 5093
same thing.
Who do you want to keep your precious data from more than some total stranger?

Are you so paranoid about someone breaking into your PC and getting all your personal data that you'd rather have it stored on someone else's computer instead?

Tell your browser to reject cookies and you're there...
With IE you can even tell it to reject only persistent cookies so logins etc still work.
 
wood burning stoves
 
subject: Web based free anonymous proxy services - how safe?
 
Similar Threads
Good Book on Web Services
Are JSPs Thread Safe ?
Creating web services and web services client using Eclipse
Web Services Fast Learn
Will Oracle 10g App Server serve me in learning for SCJWS exam?