2008-04-19

Web filter evasion part 3: Anonymous Web Proxy

View entire series: Web Filter Evasion

A lot of times, you kind of want access to your favorite content, even if it's just to read it, while at work or school. Some places with more draconian Internet access policies block pretty much everything "cool" and paint their restrictions with a very wide brush. In this series, we'll uncover a few ways around these restrictions.

With each article, I will delve into techniques that are progressively more advanced and difficult to implement. Keep in mind that this is a thought exercise in evasion. Implementing this stuff could get you expelled from school, fired from your job, or banned from public-access computers in a library or coffee shop. With a little bit of wisdom, you can often get around the restrictions set in place without getting yourself into hot water.

In Part 3, I am going to discuss using web "privacy" or "anonymizer" proxies. It's number three on the list because it is simple to use and often free -- risks be damned. These often free (but occasionally subscription-based) web sites provide you with a special URL that you visit, whereupon you enter the URL you wish to visit. These sites often claim to keep rogue websites from storing cookies or executing scripts on your computer, while others focus on evading web filters or blocking ads.

Risk of getting punished if caught
Regardless, you will have a difficult time weaseling your way out of this stunt if you're caught. The only reason you'd want to use proxies such as these one while in a web-restricted environment is to evade the restrictions. There's no innocent sweet-talking that will save you here. Also, many web filtering companies specifically play cat-and-mouse with these kinds of services, often blocking them shortly after they appear. Users who trigger this rule on a web filter are almost certainly going to get a visit from a higher-up.

Security risk of using proxies
Any time you use a proxy, you are routing traffic through someone else's network. While it's true that all Internet traffic hits various networks, the operators of proxies KNOW that people are using their services either for privacy or filter evasion. As such, not all proxy providers are guaranteed to be trustworthy, including those listed below.

Managed Web Proxies
Megaproxy offers a free trial. It was one of the first web-based anonymous proxies, with the intended purpose of keeping cookies and ads at bay, making it more difficult for site owners to gather data about you. The (perhaps unintentional) side effect was that people who could access the it from behind a web filter service could often use it to access blocked content. The paid version has a much more obscure and innocuous URL that isn't likely to make netadmins question it, but its URLs are most likely blocked on commercial filtering software because they go to great lengths to find most of the high-profile ways to evade. I actually did subscribe to this service many years ago, but I've since let it lapse. I was generally happy with it while I used it.

Privax offers an extensive list of (what appear to be free) Anonymous Web Proxies. The catch being here that there are many different URLs you can visit, with the hopes one or more won't be filtered. Some addresses blatantly announce that it's a proxy service while others are less obvious. Like other web proxies, Privax places a secondary navigation bar at the top of every page, making it easy to tell if the stuff you're looking at is, in fact, being proxied. I haven't extensively used Privax before, but it looks like a decent solution as I sit here now and try some sites through it.


Set up your own
For a while, I ran my own CGI Proxy on a hosted server that I could access from anywhere. If you have web space, this is a way to set up your own proxy under the radar, especially if you access it via SSL. The down-side is that many web-based anonymizers that you can host yourself (there are others, written in PHP, Perl, etc) lack some of the more advanced functionality of the commercial "anonymizer" providers. If setting one up yourself, be sure to use a method of password protecting your proxy so that it can't be abused by others who stumble across it.

Tomorrow on Sysadmin Sunday, I'll discuss setting up Squid, a caching HTTP proxy. This is different than a Web or CGI proxy, but it can be used to evade web filters as well. On Monday, I'll pick up the series again and discuss how to bypass web filters with your new Squid server.

Read the whole series: Web Filter Evasion

blog comments powered by Disqus