Anonymity test „IP Check“ shows general insecurity of web proxies

Sept. 3, 2011 - PRLog -- Regensburg, 2011-09-01. Web proxies like „Anonymouse“, „Hide my Ass!“ or „Proxify“ are not suitable for anonymous surfing - while this fact should already have become general knowledge, still ten thousands of users think they are anonymous on the Internet by using these services. The website „IP Check“ now shows their privacy issues clearly to the public: Besides other sophisticated privacy tests, the site is now able to break the security all existing web proxies.

Details of the attacks
If JavaScript is allowed, attacks on web proxies are quite easy: a website may simply override the JavaScript methods that should actually protect the proxy from any attacks. There is no way on how a web proxy may prevent this. After this basic protection has been removed, the proxy may get easily bypassed by loading „unproxified“ web resources over a direct IP connection from the user's browser. This leads to the user's IP address and browser data being uncovered to the visited website.

Breaking web proxies is moreover possible by introducing invalid or unusal HTML code. As web proxies interpret HTML code differently from a normal web browser, this may confuse their replacement logic: if they omit only one of the original website links, e.g. to an image or style resource, their protection will get bypassed. If moreover JavaScript is enabled, this causes some web proxies, e.g. „Anonymouse“ or „Hide my Ass!“, to not even reach the real test site without being de-anonymized completely.

Only if all plugins and scripts are filtered by the web proxy or switched off in the browser, a few web proxies are able to resist these attacks. However, this disqualifies web proxies for general web surfing, as sooner or later you will need JavaScript in order to use the sites you want. You might moreover keep in mind that web proxies break the browser's SSL encryption to secure sites, as their principle is to act as man-in-the-middle site: They can see any data that you transfer, and your browser will not even be able to check the visited site's SSL certificate. So you should avoid web proxies anyway if you would like to transfer private data.

What is the „IP Check“?
„IP check“ is a free and easy understandable anonymity test. The test shows at a glance which attacks a website may launch on your privacy. Moreover, you get recommendations for possible counter measures.


URL1: Description of the attacks
http://ip-check.info/description.php#WebProxyDeanonymization

URL2: Main site
http://ip-check.info?lang=en


Press contact
Christian Vogl
JonDos Marketing
press@jondos.de

# # #

JonDos develops and provides free open source software for running and using the JonDonym IP anonymization service. We do this in cooperation with researchers of the german universities TU Dresden and University of Regensburg.