Networking

The basics of using a proxy server for privacy and security

Patrick Lambert goes over the basics of how proxy servers work and why they are used to add security and privacy.

If you work remotely, or have to handle corporate files on the road, then chances are you've used a specific type of proxy and may not even be aware of it. In fact, proxies are used by workers all over the world in the form of a VPN. A virtual private network is one specific type of proxy which provides you with the ability to work remotely and securely. But what is a proxy exactly, how does it work, and what are some of the advantages it can give not only a remote worker, but anyone who wants an extra layer of privacy? Here's a look at the various types of proxies and a review of one particular service which provides you with proxies on steroids.

How proxies work

Basically, a proxy is a point to point connection between you and a remote location on the Internet. If you're in a hotel in Seattle and you work for a large corporation down in Dallas, then opening a VPN to your corporate office means your computer will create a permanent connection between your own system and a dedicated device at the corporate office called the VPN server. This connection provides you with a tunnel through which all further communication will pass. This is the first and most well known quality of a VPN. All of your traffic, whatever it is, will be encrypted inside that tunnel, going from your current location to the VPN server, and then be resent on your behalf to the wider Internet. What this means is that anyone listening nearby, or trying to see the packets going from your own system, will see nothing but static. In fact, they won't even know which websites you visit, because everything is encrypted. This is an even stronger security mechanism than SSL, since with SSL people can still see the headers and know which sites you surf to.

But a VPN, or any other type of proxy, provides quite a few more benefits. Whether you use a VPN, which relies on a protocol like PPTP to encapsulate your packets securely, an SSL proxy, a Socks proxy, or even a simple web gateway (which doesn't actually provide you with any encryption) they all have a couple of features  that are similar. The basic principle is that the server is relaying those packets for you, and stripping the originating address. Instead of your own IP address, they only see the proxy server's. That also means if you connect using the previous example, instead of thinking you're in Seattle, every site you connect to will think you're sitting right there in the Dallas corporate office.

Of course, people use proxies for other reasons as well. One example is trying to access region-restricted content. For example, someone in Canada trying to see Hulu content won't be able to, because Hulu restricts videos to U.S. users only. But if they connect to a U.S. based proxy first, they can bypass that restriction. The same thing applies if you live in the U.S. and want to see BBC content through their iPlayer. You would need to connect to a UK proxy to do it.

Criminals also make heavy use of proxies to obscure their actual locations. They can even chain proxy servers together to increase the difficulty of being tracked. But proxies are used for a lot more than just to watch the latest Family Guy, or commit crimes. A lot of people use them simply for safety. If you have a slow Internet connection, you could use a proxy server with a lot of bandwidth, and malware threats roaming the net trying to find unpatched systems, or launch potential denial of service attacks, would find only the proxy. Security researchers also love proxies. When you're trying to infiltrate the criminal underground, the last thing you want is to give them your home address.

One such service: HMA

As you can see, proxies provide security and anonymity that can be very handy. If you don't have a corporate VPN you can use, there are a lot of services that offer some alternatives. One of the most popular right now, and the one I've used, is called Hide My Ass. While the name may sound strange, I've had some good success with it. One of the things I like about it is that, first, it provides a very easy-to-use client software. Instead of having to configure the proxy settings manually, you simply install the client, and it keeps track of your connection status, allowing you to set preferences. Then, it also has a massive amount of 36,000+ IP addresses all over the world. This means you can connect to any of those servers and appear to be from that location. The service isn't free, but at around $10 a month, it's not bad.

Proxies still require trust

Finally, there are some things you need to keep in mind when using proxies. First, remember that while a proxy server will provide you with security and anonymity, the proxy itself has to decode your traffic to send it through. This means it can see everything you're doing, unless you use SSL connections. So you need to trust it. A lot of people use TOR, which is a free anonymity network run by volunteers, or some go to underground channels to get so-called "private" proxies, but the problem is you never know if you can trust those servers. It may end up being worse than not using a proxy at all. Popular commercial services like Hide My Ass base their business on providing this service, so personally I have more faith in them. Don't think of using them for criminal acts however, since they do state clearly that they cooperate with law enforcement. Because again, the proxy server is the one party that knows what your real IP address is. Also, using proxies will typically slow your connection down, since you're basically transferring all your data to another location around the world before it goes out to the Internet. As you attempt to connect to various proxy servers, you may find very big differences in speed, so it's a good idea to try them out. Whether you want security, anonymity, or both, proxies provide a good way to surf the net.

Do you have any tips to share about using a proxy server?

About

Patrick Lambert has been working in the tech industry for over 15 years, both as an online freelancer and in companies around Montreal, Canada. A fan of Star Wars, gaming, technology, and art, he writes for several sites including the art news commun...

28 comments
chrisprive
chrisprive

HMA is sharing the ips along their users, their soft is well created and nice, but the quality of the ips is very low, you can not register any gmail account, on many of them you can not search google cause the ips are banned and so on.

I recommend to take a look at http://www.sslprivateproxy.com for real 100% dedicated and virgin proxies, also for virgin dedicated vpns.

voluspa0volva
voluspa0volva

I know this is an ignorant question, but what does it mean to provide a proxy to a certain website? For example, on this link http://www.proxybunker.co.uk/proxy-links.html a person asks to provide a proxy to solarmovie, as it is blocked in the UK. The guy gave this link http://solarmovie.unblocked2.bz


You are then redirected to http://solarmovie.uk.to/


What does it mean? And how is one able to do that? Why most of the proxy websites are ''from'' the UK? 


Would be glad if I got answers.

misterzoomer
misterzoomer

Do websites visited know a proxy server was used to connect? This is important for me to know. 

andrijd
andrijd

@misterzoomer No. Most web servers (Apache and IIS being the most common) only see a source IP. There's no way to tell if that source is a proxy or not. Consumer routers also tend to mask machine IPs by means of creating private internal networks, and expose a virtual IP to the outside world instead. So while your machine's IP might be designated as say 192.168.1.2 and your phone's IP is 192.168.1.3, if both are going through the same router a web server will see requests coming from your router's public IP address instead (say 216.128.3.42 for example).

AamiB
AamiB

A proxy and a VPN are the most effective tools we use today to fight with geo-restrictions and cope with censorship implementations. A few people mistakenly consider a proxy as an alternative for a VPN though. This is terribly wrong. A VPN is a step ahead than proxy and there are many characteristics that contrast a VPN and proxy from each other. Source: http://www.vpnranks.com/vpn-vs-proxy-advantages-and-disadvantages/

AmmarNaeem
AmmarNaeem

A proxy and a VPN are the most effective tools we use today to fight with geo-restrictions and cope with censorship implementations. A few people mistakenly consider a proxy as an alternative for a VPN though. This is terribly wrong. A VPN is a step ahead than proxy and there are many characteristics that contrast a VPN and proxy from each other. Source: http://www.vpnranks.com/vpn-vs-proxy-advantages-and-disadvantages/

vivekr.565
vivekr.565

what is the use of proxy address?

carla7766
carla7766

i use waselpro since one year now and to be honset i couldnt change it , and i dont want actually . here you go https://www.waselpro.com/en/ its a very good vpn service for me at least :)

tonieste
tonieste

tonjobs.com:8080 and instaneo.net:3128 , two very fast http proxies

man_of_steel
man_of_steel

here's a very good proxy i found to be very easy to use and quite cheap. it has a wide range of proxy servers around the would for you to choose from all over the world http://bit.ly/139vIdZ

herrstiefel
herrstiefel

I use Hamachi to connect to a home server that's also running Hamachi and Privoxy. I've had good luck with this setup, after I got over having to punch a hole through the server's firewall to allow the proxy connections in. This helps with coffeeshop and campus connections quite a bit. I don't proxy to torrent or do anything like that; I really just want people to keep their mitts off my traffic.

Tony Hopkinson
Tony Hopkinson

A device requests a page from the proxy, the proxy decides whether it has to fetch it, or can return it from the cache. So it has know what it has. Blocking is a simple step after that. Most proxy servers come with various tools for doing that. Unless you are planning on banning them by url, no more you tube ever boys.. Not to mention telling a say the video for a modern dance tune and a porn film apart would beyond any automatic blocking system I've ever heard of... Course stopping boys being boys is a different thing all together, perhaps you could start with something more achievable like cold fusion, or curing world hunger?

HAL 9000
HAL 9000

Try reposting this in the 'Q&A' forum. The 'Discussion' forum is for matters of general discussion, not specific problems in search of a solution. The 'Water Cooler' is for non-technical discussions. You can submit a question to 'Q&A' here: http://www.techrepublic.com/forum/questions/post?tag=mantle_skin;content There are TR members who specifically seek out problems in need of a solution. Although there is some overlap between the forums, you'll find more of those members in 'Q&A' than in 'Discussions' or 'Water Cooler'. Be sure to use the voting buttons to provide your feedback. Voting a '+' does not necessarily mean that a given response contained the complete solution to your problem, but that it served to guide you toward it. This is intended to serve as an aid to those who may in the future have a problem similar to yours. If they have a ready source of reference available, perhaps won't need to repeat questions previously asked and answered. If a post did contain the solution to your problem, you can also close the question by marking the helpful post as "The Answer". .

rhulmer
rhulmer

Hopefully someone can provide some insight... I have young teenagers who just love to surf the u-tube world from their iPod touch / Kindles / iPhones and, to the best of my knowledge, there are NO parental control type programs available for these devices due, in part, to Apple's 'every application lives in it's own world' policy. I've considered using some sort of proxy server to act as a 'gateway' to the web with some application to restrict access to objectionalble / inappropriate web content for these devices - i.e., parental controls. Am I mis-understanding what a proxy server is / does? If not, I would certianly appreciate any input as to how to accomplish this. Teenage boys can find a lot of content through sites like u-tube, whether intentionally or not, that puberty prevents them from bypassing on their own.

Editor's Picks