PDA

View Full Version : WARNING! Is your proxy spying on you?



Blacksheep
07-14-2001, 04:41 PM
For the last few days I've been testing A4Proxy, a nifty proxy manager that even let's me edit info my browser normally sends to Web sites, like my OS, progs installed in my PC, language, etc., which is none of their damn business, and can spoof IPs.

http://www.inetprivacy.com/a4proxy/index.htm

Yesterday I stumbled upon a proxy operated by a porn site. Hmmm... Are these porners such nice guys they offer the public free proxies? I think not.

It occurred to me that anyone could set up a free public anon proxy for the sole purpose of sniffing traffic to gather passwords, ****** card numbers, monitor illegal activity etc. Who would do such a thing? How about governments, law enforcement agencies, hackers...? There are many sting operations done on the Net using dummy Web sites. You think proxies have been overlooked?

Your favorite proxy may be worse than the Web site you're trying to prevent *****ing you or the "untraceable" email you're sending. Next time you find a nice anon proxy with no domain name, think about it.

I'm gonna be more careful which proxies I use in future. Maybe I'll go for .edu, .gov, .mil...? What's a paranoid netizen to do?

Cheers. :)

blackball
07-15-2001, 01:13 AM
Can anyone direct me to a serial/crack for a4proxy.

Thanks,
Blackball

MrByte
07-15-2001, 07:15 AM
Blackball,

No serial/crack requests here. Please find another place for such postings. This is the first and the last warning.

Thank you.

Mr.Byte


Originally posted by blackball
Can anyone direct me to a serial/crack for a4proxy.

Thanks,
Blackball

chaoz
07-15-2001, 12:17 PM
I agree Blacksheep. I personally don't trust or take too seriously the
internet as a whole.
I've read a little about the A4proxy.
It appears to do more than proxomitron.
But proxomitron is free. It blocks cookies and web-bugs and has the option
of writing new rules and filters. I've
actually wrote a couple myself. I like the ability to view the headers being
sent back and forth.
If there is someone watching my surfing, then they are wasting alot of
time for nothing.(lol)
While I want to be informed and knowledgable, I have no intention of doing anything illegal and don't even
have a ****** card. I find if I have to
make payments on something,it's usually
wore out before I ever get it paid for.
Just my pov,
chaoz

johnny
07-15-2001, 12:59 PM
I would think proxies resolving to gov and mil would be the last ones to use, Blacksheep. After all, that's "government" and "military" (read Carnivore, NSA, LEA and other comforting possibilities). Would you want those guys discovering you back*****ing you to your IP address?

Personally I prefer proxies that resolve to colleges and benign institutions like that (the sysadmins there are usually the least competent :-)

johnny
07-15-2001, 01:17 PM
"While I want to be informed and knowledgable, I have no intention of doing anything illegal and don't even..."

Ya gotta love guys who visit forums like this and feel the need to publicly announce, "I don't do anything illegal."

Nosiree, not me. Maybe some of these criminals here, officer, but not me!

Sounds a little like whistling past the graveyard, if you get my drift :-)

(no offense, chaoz)

[Edited by johnny on 07-*5-200* at 05:2* PM]

Blacksheep
07-15-2001, 03:58 PM
By johnny:
Ya gotta love guys who visit forums like this and feel the need to publicly announce, "I don't do anything illegal."
Did it ever occur to you johnny that maybe there are people who don't engage in illegal activities, pay for the software they use, tell the truth, etc...? :)

Blacksheep
07-15-2001, 11:44 PM
By chaoz
I agree Blacksheep. I personally don't trust or take too seriously the
internet as a whole.
I've read a little about the A4proxy.
It appears to do more than proxomitron.
But proxomitron is free. It blocks cookies and web-bugs and has the option
of writing new rules and filters. I've
actually wrote a couple myself. I like the ability to view the headers being
sent back and forth.
I don't take anything too seriously.:)
Haven't tried proxomitron yet but have read good things about it. A4Proxy also blocks cookies, allows you to view and set rules to edit headers even in direct mode, can use on a LAN, set filters for and sort proxies, import proxy lists and test them- takes all the sweat outa finding the types of proxies you like. I think the web bugs will get the remote proxy IP, not the local host's. A new version will be released in near future. You can do a lot with free A4Proxy demo- it's not crippled very much.

blackball
07-16-2001, 05:42 AM
Thank you Mr.Byte for your 'polite' reply... but just because you plop a Thank-you at the end of a sentence does not make it kind. There are other forums for that question and anwser, and I will use them in the future. I just find it stange that everyone here does not use an mp* finder (was napster :) from time to time, burn a game or two... nope, they just use proxys for legal reasons...sure, no prob.

Oh people find excuses to listen to downloaded Mp*'s..."the record companys are rich and they dont need any more *****..." blah blah blah. But as soon as someone asks for a crack, there is hell to pay.

Hey Mr.Byte, any of this apply to you?

You will either boot me, or say this does not apply to the ***rd, or play the angel and deny everything... will see

Regards,
Blackball

MrByte
07-16-2001, 07:27 AM
Originally posted by blackball
Thank you Mr.Byte for your 'polite' reply... but just because you plop a Thank-you at the end of a sentence does not make it kind. There are other forums for that question and anwser, and I will use them in the future. I just find it stange that everyone here does not use an mp* finder (was napster :) from time to time, burn a game or two... nope, they just use proxys for legal reasons...sure, no prob.

I think that some people here use proxies for illegal purposes, which is sad. I definitely disapprove of such usage, and I made my position public many times (see, for example, http://www.all-nettools.com/privacy/anon.htm ) But I still think that anonymity and privacy are great things. You see, one can use a public payphone to make threats anonymously, but most people use it for legal purposes.



Oh people find excuses to listen to downloaded Mp*'s..."the record companys are rich and they dont need any more *****..." blah blah blah. But as soon as someone asks for a crack, there is hell to pay.

Hey Mr.Byte, any of this apply to you?


I'll disappoint you, it doesn't apply to me. I believe it's a huge waste of time to spend hours looking for and downloading MP* if you can walk into a store and buy all what you need. My time costs much more than the ***** I could save. The same applies to pirated software.



You will either boot me, or say this does not apply to the ***rd, or play the angel and deny everything... will see


Well, I'm too old and busy to play the angel or anyone else :-) As for booting you -- no, as long as you don't do things that are not acceptable to me. This server is a private property, and I'm authorized to set the rules here. If you want to participate in the discussion, you're most welcome. If you're looking for cracks, please find another place. I believe it's logical.

Mr.Byte

johnny
07-16-2001, 11:10 AM
Blacksheep
quote:
------------------------------------------------------------------------
By johnny:
Ya gotta love guys who visit forums like this and feel the need to publicly announce, "I don't do anything illegal."
------------------------------------------------------------------------
Did it ever occur to you johnny that maybe there are people who don't engage in illegal activities, pay for the software they use, tell the truth, etc...?

===
Hi Blacksheep. I think you missed my point. It's feeling the need to publicly announce it... but I'm repeating myself.

Blacksheep
07-16-2001, 12:40 PM
"Hi Blacksheep. I think you missed my point. It's feeling the need to publicly announce it... but I'm repeating myself."

Hmmm... I feel the need to publicly announce this:

Remote psychoanalysis is a can of worms, e.g. why do you feel the need to repeat yourself?

To justify this post by saying something on topic, how about this, in regard to .gov and .mil proxies:

Only the guilty fear exposure.

No innuendo intended.

johnny
07-16-2001, 04:19 PM
Blacksheep wrote:

"...why do you feel the need to repeat yourself?"

It was a polite way of saying you missed my point. Twice now.

"To justify this post by saying something on topic, how about this, in regard to .gov and .mil proxies:

That was intended to be a helpful reminder to you in the interest of security, which is what this forum is about. Apparently you misconstrued that too.

"Only the guilty fear exposure."

Guilty of being a paranoid netizen, perhaps. That is all.

[Edited by johnny on 07-*6-200* at 08:*7 PM]

Blacksheep
07-16-2001, 06:08 PM
Life is short. How about a truce? :)

DATA
07-17-2001, 02:04 AM
hi,

i beleive that microsoft products and many other are heavily overpriced.what a comman man would prefer is windows rather that linux and has to spent *000 's of bucks buying original software cd's?

johnny
07-17-2001, 09:23 AM
Blacksheep wrote: "Life is short. How about a truce?"

Peace. Thanks for all your helpful posts here.

Blacksheep
07-17-2001, 11:49 AM
Originally posted by johnny
Blacksheep wrote: "Life is short. How about a truce?"

Peace. Thanks for all your helpful posts here.
There have been many helpful posts on this forum, including yours. I know I have learned much by participating and am sure others have also.

The reason I think using a .edu, .gov or .mil proxy sometimes might be a good idea is this:

Prerequisite: One is not engaged in nefarious Internet activities.

Given: Proxy sysadmin can read cleartext traffic, i.e. yours.

Example: If a US netizen was surfing in Iran, Iraq, or other countries hostile to US through a US .mil proxy and query was made to .mil sysadmin for your IP, log files, etc., that could be identified as coming from hostile country, I doubt any info on you would be divulged.

Sysadmin competency: I think a competent sysadmin would be less likely to be "social engineered" (conned) into giving info to "unknown" sources.

.edu sysadmins?: MIT and others of similar caliber can handle their networks.

.gov?: I dunno about that one, maybe I'll avoid it.