Project

General

Profile

How insecure is using a public http proxy ?

Added by ask low about 1 year ago

Do public http proxies like https://proxyscrape.com/free-proxy-list provide anonymity ? Is it possible to setup one of those proxies & operate them through HTTP over TLS considered secure ?


Replies (2)

RE: How insecure is using a public http proxy ? - Added by Soren Stoutner about 1 year ago

It really depends on who you are trying to protect your privacy from. Let me give you three possible entities.

1. Your ISP
Yes, using a proxy that is not controlled by your ISP will provide you with protection from them being able to see the IP addresses and domain names of the servers you visit. Because of Server Name Indication, the unencrypted domain name is included in plain text at the beginning of every encrypted HTTPS request. For more information on that subject, see:

https://www.stoutner.com/dns-over-https/

If you use an HTTP proxy (or a VPN, which is a type of proxy), then your ISP will only see that all your traffic goes between you and the proxy. They won't know anything else about the destination of your traffic.

2. The proxy (or the VPN, which is the same thing)
Basically, the proxy or the VPN becomes your new ISP from a data monitoring perspective. So now, the proxy or the VPN can analyze and sell information about all your traffic. Almost all of them do, and you have no way of verifying that they don't.

3. Websites
Large websites specifically designed their tracking systems to be able to track you across different IP addresses, so a proxy provides no protection. They mostly use JavaScript to do this. Using a proxy will have no measurable effect on the ability of companies like Google and Facebook (or anyone who uses their monitoring systems, like Google Analytics) to track you across the internet as long as you have JavaScript enabled.

RE: How insecure is using a public http proxy ? - Added by ask low about 1 year ago

It's possible to put both proxy & VPN in the same basket then.
The fact that these proxies and often "free" & "public" makes them very suspicious. I've also found that there are even proxy scrapers that can scrape the ongoing traffic.

I did try one from Netherlands. It's performance was actually quite good. Pings within 500 ms & 20/2 down/up speeds. Wonder how that maintainer is even sustaining hosting that.

    (1-2/2)