Sunday, October 26, 2008

Usable CGI proxies

The only usable proxies are TOR, JonDo and some CGI proxies. Still, they all have weakness, but much less than a single proxy that you don't know anything about the server.

I have a browser extension that can download large free proxy lists automatically in any reasonable format, test which one works, check if there's any IP list, test the level of anonymity, rank the fastest ones, connect, use, and keep checking the rest for fastest ones in case the current proxy stalls. It's pretty good, but the more you test, the less likely the proxy will work when you switch to it. The other proxy approach provide more features than this. So I gave it up until I resurrected it when dealing with Wikipedia - they ban any proxies, including TOR, as soon as someone deface their pages. So I have the only effective weapon against Wikipedia. I have fresh proxies faster than they can ban.

So called CGI proxies are web based, like using gmail instead of outlook. Basically most of the free CGI proxies are copies of the software by one guy. There's no point to use other software because it's well tested, unless for commercial use that have to pay. You can google CGIproxy for examples, but there should be a more specific keyword to search for these proxies easily.

The main difference between CGI proxies and port based proxies is that CGI proxies want to be found, while port proxies are usually exposed by ignorant or accident. Or, since CGI proxies are web based, it's not difficult to find the web page. Why? Because anybody can download the software into some cheap hosting company. You can use it yourself, sell subscription to others, or sell advertising. Even if it's for personal use and you don't sell anything, you want others to use it to increase security.

The main advantage of CGI proxy is that they are reliably chainable. Instead of entering the URL of your desired website, you enter the URL of another CGI proxy. You get yourself a two proxy chain, and you can do more times.

The main disadvantage, or main advantage at the same time, is that the website content can't get to your browser directly, as in port proxies. So exotic contents don't always work, but most do. But since the content cannot get through otherwise, you can easily determine visually that the proxy or proxy chain is working.

With TOR and JonDo, CGI proxies are not really very useful, except for the encrypted ones. The free CGIProxy includes SSL encryption, but most servers don't allow it because of load. Though I have found a few commercial operators that allow free trials. If you chain a SSL CGI proxy at the end of TOR or JonDo, certainly it will increase your security unless the proxy is compromised.

It's very worthwhile to setup your own CGI proxy as part of your total chain. You can setup a few around the world with different juridision, paying for it with anonymous money if possible, and allow other people to use for deniablity.

If you connect to your own CGIproxy directly, nobody can sniff your traffic, as in wiretapping. Not even your ISP.

If your CGI proxy is at the end of the chain, nobody else know what is the target website. But the target website can trace back to your proxy server, and hence you, if the account need your ID to register.

No comments: