Dev probes bad proxies, writes white hat checker, black hat DIY guide
We munch your cookies and inject ads but look HERE'S YOUR NETFLIX!
Developer Christian Haschek is building an online tool to allow users to check whethre their free proxy is potentially harvesting their details, or is one of the few to be relatively secure.
The ProxyChecker service allows users to enter the IP address and port of their favourite free proxy service, to see if it is messing with traffic, or is genuine about trying to be secure.
"Free proxy servers on the web tend to be offline, no surprise there but I didn't expect so many proxies to ban HTTPS traffic," Haschek says.
"It could be because they want you to use HTTP so they can analyse your traffic and steal your logins.
"Only 17 of 199 of the proxies modified JS and most of them were to inject ads to the client."
Those found to have not attempted to modify user content are not safe. He says free proxy services should be avoided and only considered if it uses HTTPS and the user sticks to HTTPS-enforced websites.
"Free" is a word that raises universal skepticism across the security and privacy realms, since it often entails a trade-off for personal information.
Proxy services made popular due to region-locked entities like Netflix have the opportunity to sniff unencrypted user traffic, or as in the case of the Hola service turn their users into cogs for a corporate botnet. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust