Proxies and Privacy

1081213570000

There is an alarming trend in south asia (and possibly other parts of the world) - more and more internet service providers use transparent proxies. While there is nothing wrong in using a proxy to save their bandwidth transparent proxying is certainly unethical and has serius privacy implecations.

Transparent proxies usually means redirecting all traffic on port 80 (standard http port) to a proxy server that is owned by the ISP. If the page that you are requesting has been recently accessed by another user it will be delivered from the proxy's cache thus saving bandwidth for the ISP.

Unfortunately many users are unaware that they are browsing through such a proxy which may log every single page that they access. It may be argued that web servers will log your visit anyway but the difference with a proxy is that every single page you access is logged and sometimes cached in a central location.

The authors of the HTTP RFC don't think much of proxies, here is what (RFC 2616) says on the subject:

By their very nature, HTTP proxies are men-in-the-middle, and represent an opportunity for man-in-the-middle attacks. Compromise of the systems on which the proxies run can result in serious security and privacy problems. Proxies have access to security-related information, personal information about individual users and organizations, and proprietary information belonging to users and content providers. A compromised proxy, or a proxy implemented or configured without regard to security and privacy considerations, might be used in the commission of a wide range of potential attacks.

comments powered by Disqus