Is your anonymous proxy server anonymous?
We have in the past (ÆGIS November 2002, December 2002, July 2003) discussed use of anonymous proxy servers. Anonymous proxy servers allow you to surf the web under the guise of the proxy server’s IP address, rather than your own. Why would you want to do this? One reason might be that you are participating in public forums that display the IP address with which you signed in, and you don’t want to give hackers a leg up on finding you. Another is that you may be visiting web sites where you want to obscure your visit. As an example, we often visit websites that are believed to be run by terrorist organizations in order to get a better feel for certain threats, and would prefer, for obvious reasons, to make our presence as little known as possible to all participants. So we use an anonymous proxy server, so that it is the server’s IP address that is left, not ours.
Recently, the manufacturer of the software we use for this (Anonymity 4 Proxy http://www.inetprivacy.com/a4proxy/index.htm?a4) released a beta version, which we installed. Now, we don’t wish to appear to be mistrustful, but a beta is, by definition, less reliable than production code, so after re- calculating the anonymity of possible servers, we used Reveal Your IP (http://www.computercops.biz/modules.php?name=Reveal_IP) to verify that our IP address showed up as that of the proxy server.
To our surprise, Reveal Your IP showed that in the beta software (not the production software) a number of the proxies listed both our proxy IP address and our real IP address. We notified the software manufacturer of the bug – this is the purpose of beta testing – and removed the non- anonymous servers from our list of desired choices.
If you use anonymous proxy servers, and want to re-assure yourself of your anonymity, we suggest that you take the few minutes to verify whether your IP address is really invisible, just to be sure.