I've been reading a lot lately about how marketing companies gather all kinds of information on me while I browse websites and I've read that a good way to bypass all that is to connect to a proxy and then browse the internet through that.
But I've got a question. Even though my ISP won't be able to see what I do past connecting to the proxy, the proxy server will still keep that information in some kind of logs, won't it? So doesn't that kind of defeat the purpose? I'll just be trading giving my browsing information to ISP with giving the information to whoever is the owner of the proxy server. How do I know I can trust the proxy server with my personal information?
Are there any high-profile, respectable and secure websites that offer proxies that I could trust?
I've never used a proxy before, so thanks in advance for any help or advice you can give me.
Yep, that's a problem. Anytime you're using a proxy/VPN, you're assuming the provider can be trusted. But we don't have any trust model, auditing, etc., on the Internet for these services/providers. You're simply basing your trust on blind faith!
That's why I'm ***very*** leery of all proxies. In fact, you're sometimes better off just dumping your data on the greater internet and hoping it gets lost in the mass of other traffic. When you use a proxy, you actually make it far easier to snoop should the provider have evil intent.
However, that doesn’t mean I never use these services. I just have to decide what’s at risk. If I’m simply browsing say, news sites, I probably don’t care. Or if I’m using SSL, I don’t care either since all the data is encrypted (then again, if I’m using SSL, I probably don’t need a proxy anyway). But I might still use a proxy w/ SSL if say I’m trying to use MLB TV, and my favorite team is blacked out (and let’s assume that’s based on my public IP) So I use a proxy to change the public IP presented to the MLB TV’s server to avoid the restriction.
Anyway, as I said before, it’s nothing but blind faith. I suppose you have to trust someone at times and just hope for the best. But anyone who tells you “that proxy/VPN provider is the best” has no real justification for that statement when it comes to privacy/security.
Thanks for your reply, it is what I was afraid of.
Could you tell me a bit more about SSL? I haven't read much about it, but what I know is that it's some method of encrypting data that gets sent over network? Does it require me connecting to a server?
SSL (Secure Sockets Layer) is a protocol that supports authentication and encryption. It guarantees the party you're connecting to *is* who they claim to be, and encrypts your data. It’s become a defacto standard for all secure transactions on the internet. Virtually any activity that needs to protect your data from prying eyes uses it (online banking, shopping, some email systems, etc.). Yes, you connect to a server, but you’re always connecting to a server, whether you’re using SSL or not.
SSL can be used across a broad spectrum of applications (including VPNs), but the most common is your browser. Any commercial browser these days supports SSL (aka, SSL client). To establish an SSL connection, the SSL client needs to connect to a server which likewise supports SSL. You can easily recognize an SSL capable server by the fact it responds to the https protocol (rather than the more common non-secured http protocol). The SSL client and SSL server use the SSL protocol to authenticate and establish the secured (encrypted) session.
That’s why as long as what you’re passing is using SSL, it doesn’t really matter if the VPN provider can or can’t be trusted, they can’t read it anyway!
Ah, so only sites that have the SSL protocol running on their server can be connected to through SSL. Hm, won't help me much to keep my privacy while browsing the net, will it? I don't think a lot of sites use SSL, do they?
You're only going to see SSL used when necessary. And necessary these days is defined as when you need to protect your login, credit card, etc. So you will see it on the checkout portion of a shopping site when personal information is being gathered, but perhaps not while shopping and placing things in your cart.
In the early days of SSL, it was claimed that SSL added a lot of processing overhead to the SSL server, so it was not implemented broadly. But that's no longer the case w/ modern systems. Combine that with the ever increasing concern for privacy, and I think you will start to see more and more sites (perhaps most) gravitate to SSL. But there remain a few obstacles. One is just laziness (a lot of ppl just don’t care if you’re privacy is at stake, that’s your problem). Another is cost. SSL is additional cost to a running business, one they just assume avoid if it’s not in their own interest to do so. And finally, the government would obviously have concerns if the entire internet went “black” w/ the widespread use of SSL (not to mention anyone else interested in what you’re doing, like the ISP). But eventually, I suspect you’ll see more and more use of SSL (or whatever replaces it) in the years to come. We’re already seeing webmail sites make SSL the default (e.g., Gmail) when they used to only protect their logons (Yahoo is an example of the latter).