Is it safe to use free web proxy services?

As governments and tech giants around the world continue their attempt to weaken online privacy through strict surveillance laws and porous privacy policies, users are also increasingly getting drawn to anonymous web browsing as a means of boosting privacy, evading censorship,  and accessing websites that aren’t available in their country or workplace network.

How web proxies work

Most Internet users have found solace in the use of web proxies as a means to accessing the Internet anonymously. The majority of these web proxies are offered for free under the term open proxies – this has partly contributed to its soaring popularity. Think of a web proxy is a computer that acts as an intermediary between yours and a website, allowing you to anonymously browse the Web.

Whenever a user connects to a web proxy server and makes a request for a web page such as www.themaiguard.com residing in a remote server say abc.com. The proxy responds by reaching out to the website and pulling the requested web page, and sends it back to you as shown in the diagram below. The advantage is that the website you go to through the proxy only sees the proxies’ internet address and not yours.  A proxy is therefore a good way to safely navigate the web without revealing your real internet address to the sites you visit.

Image credit: Wikipedia

However, the major problems with using free web proxies are the fact that you may not know who is operating them. They could be cyber criminals, intelligence agencies’ honeypot, or a legitimate company with sinister business practices.  Although a proxy server hides your identity and activities from the sites you visit. Nevertheless, it can potentially see everything you are doing online. This raises concerns about trust. The question you should ask yourself is: why would someone spend so much money setting up a web proxy only to offer it for free? Can such a business entity be trusted with your data?

Free Web proxies are not secure

According to an analysis by a security researcher Christian Haschek, majority of the free web proxies out there are not secure and trustworthy.  In his initial analysis, Haschek wrote a computer program to check 443 free web proxies to see if a given proxy allows encrypted (HTTPS) web traffic, and whether the proxy attempts to modify website content or inject ads into the user’s browser session.  His findings show that only 21 percent of the tested proxies were not into sinister practices. The rest of the 79 percent of surveyed web proxies forced users to load web pages in unencrypted (HTTP) form. Furthermore, Haschek also found that about 16 percent of the analysed web proxies modified HTML codes and another 8 percent modified JavaScript codes on the visited websites in order to inject ads and steal cookies. A further analysis of over twenty thousand proxies bolstered his initial findings. What all this means is that majority of the operators of those proxies cannot be trusted.

With the rising trend in global mass surveillance and theft of sensitive personal information, the use of HTTPS protocol to encrypt web traffic is becoming increasingly important. HTTPS signals the web browser to use an added encryption layer known as SSL/TLS, to protect web traffic. By deliberately preventing customers from using the Web securely, Haschek warns these open proxies can potentially analyze your traffic, force you to participate in distributed denial-of-service (DDoS) attacks on websites and steal your sensitive information such as credit card or logins details.

Are there better alternatives?

For those already using or insists on using web proxies, Haschek created a free tool to help you confirm if a given proxy is not manipulating web content or forcing users to load unencrypted web pages. He however recommends avoiding free proxies completely. In his words, “tell your friends never to use free proxies…” As the saying goes, “if you are not paying for a product, you are most likely the product”.

But it’s not all gloomy though, secure alternatives do exist. One good example of such is Virtual Private Network (VPN). Subscribing to a premium VPN service is a good place to begin. The fact that  most VPN providers rely on earnings from monthly or yearly service subscriptions to sustain their operations, they are less likely to resort to manipulating web content or traffic in order to injecting ads– this is not to say that all paid VPN services give adequate consideration to their customer’s privacy.  To be on the safe side, avoid those that keep logs of your web browsing activities as they are more likely to engage in obnoxious practices.

A version of this article appeared on vpnMentor


Categories: Digital Privacy, Uncategorized

Tags: , , ,

Leave a Reply

%d bloggers like this: