Public Proxy Servers – so who owns them?

The Truth About Public Proxy Servers

It is a sad fact that many like minded people who value their privacy like me insist instead on sending all their data down so-called public proxy servers.   They may seem to represent an inexpensive (or free) way to protect your privacy but in fact the truth is that they’re the exact opposite.  Now the technology behind using anonymous proxy servers is fine if properly and correctly implemented but it is important to remember what you are actually doing when sending data through a proxy server.

Public Proxy Servers are a Risk

If you configure your web client to use a public proxy server, you are instantly trusting all your traffic to the administrator of that server. Most web traffic is by default in clear text but even the SSl encrypted traffic can actually be intercepted by a proxy server administrator.

Public Proxy Servers

So, all your login names, accounts, passwords plus a full list of every web server you visit is accessible to the owner of this proxy server.

And do you know what?

Most people don’t even know anything about the public proxy server they are using – not a good idea!!! Remember this very simple point, running an anonymous proxy server is very expensive – there are server costs, support and bandwidth charges. Why would the owner of the server let it out for free to everyone and incur huge costs. There’s usually a simple explanation, the owners of these public proxy servers don’t even know they are being used until they get the bill. They are left open by accident or not secured and opened up by hacking groups. Of course, often the hackers will use these public proxy servers to install malware or viruses to users, or simply steal their details as the traffic flows through the proxies.

Can Proxies Steal Passwords?

No, proxies themselves cannot steal passwords. Proxies act as intermediaries between the user and the internet, allowing users to access websites while keeping their real IP address and location hidden. However, it is important to note that malicious individuals or hackers can use proxies to carry out attacks such as man-in-the-middle attacks, where they intercept and modify data transmitted between the user and the website.

In such cases, passwords can be stolen, but it is not the proxy itself that is responsible. It is always crucial to use trusted and secure proxies, as well as ensure that websites you visit use secure HTTPS connections to protect your passwords and sensitive information.

To Stay Safe Think like a Cyber criminal

Now let’s forget about all the open and residential proxies that have been accidentally left open for anyone to use.  Imagine you’re involved in cyber-crime; your primary purpose is to steal user credentials like passwords and email accounts.  Sure, you could run around hacking into individual systems or infecting computers through dodgy websites, infected media files or emails.   However, what if you could take control of a server and let people come to you?  Just sit at a server and let people route all their traffic through its interface cards.  You could just wait and watch and steal any credentials that thousands of users routed through that computer.

Which is exactly what they do.  Having control of an open proxy used by thousand is basically like having a sniffer installed in thousands of home computers.  Even if people are careful, they will always divulge credentials in some context if they use the web normally through these proxies.  If they don’t then it’s much easier to infect that PC if it’s connected directly to a computer that they have administrative access to.

Hacked proxies are a money-making machine.  A harvester of passwords and IDs of the unsuspecting who think that using a proxy makes them more secure.  Sure, the temptation of using a proxy server free of charge is tempting, but all those who are old enough realize that you rarely get something for nothing.  The price of using a hacked proxy server can be substantial.

 

Facebooktwitterlinkedininstagramflickrfoursquaremail

Leave a comment