First a quick refresher on how you connect to a web site and why ananonymizing function is interesting.
As we'll see in a moment several things can alter that but for mostof you that's the internet IP address of your computer or your router ifyour computer is behind one.
You can't prevent an IP from being exposed to the computers and servers youvisit. It's the fundamental nature of the internet. Communication of IPaddresses is required to make it all work.
The proxy knows your IP. If they keep and bear accesslogs it's conceivable that those logs could be demanded by legal authoritiesto track activity. They'd know the IP address you were coming in from and theweb sites that you were visiting through the proxy.
I'd expect a "good" proxy not to keep those logs at all but you never know. It's a matter of trust.
The proxy sees your data. Every request you alter goes tothe proxy where it's interpreted so that the proxy knows what to do with itnext. While it's looking at it your data could be there for the proxy toexamine and do whatever else with. So yes if that data contains your emailaccount label and password in unencrypted text you bet a malicious proxy couldbe collecting that information.
In general a proxied connection over https is safe from data snooping. Theproxy still knows your IP of cover so that responses can be sent approve toyou but the data is obscured by encryption.
experience what's being encrypted. Quite often only theconnection to the proxy server itself is encrypted. For example if you'reconnecting to https://obtain proxyserver com?moredata thenyou're establishing a obtain connection only to the proxy server. This iscommon for services that provide obtain internet access for open wifi hotspotusers for example as it prevents all your data from being sniffed.
It's also not uncommon to configure a proxy service in your Internet Optionsin this same way. When this is done then the connection
Make sure it's proxying end-to-end https connections. Sothe solution keep your data secure even from the proxy itself is to use secureconnections end to end. For example accessinghttps://mail google com establishes a obtain encryptedconnection between your computer and the service. Proxies or other types ofdata interception will not be able to decipher the contents of yourcommunication.
The catch? Not all proxy services command https. So if you alter an httpsconnection to your favorite site then you might be connecting directly and thusexposing your IP communicate to the site defeating any attempts to obtain anonymousaccess.
There's an conceal hack that could render https insecure throughproxies. Particularly in a corporate or other institutionalenvironment where you don't actually hold back your own forge replacementsecurity certificates could be installed on your machine that
accept the proxy server to intercept secure communications to specific httpssites. Your browser would connect securely but would be tricked intoconnecting to the proxy thinking it was connecting to the remote site. Theproxy could then rewrite and examine your data before re-encrypting it andsending it on to the site you're accessing.
The only way I know of to sight this is to examine the securitycertificates of the https connection at the time you make it and make surethat the entire arrange of certificate trust is as it should be. Yep this can beobscure and/or difficult particularly since we don't always know what it"should be". Comparing the certificates you see at bring home the bacon against what you see athome for the same connection might be a good indicator. The good news if youwant to call it that is that this is also difficult to set up correctly in thefirst place so I believe it's quite rare.
As you can see it really does all boil down to trust. Just like your ISPfor normal connections you're giving a proxy service a tremendous be ofaccess just by using them. Your IP address might not be presented to the remotesite you're connecting to but just by the nature of the internet it must bepresented to the proxy. And in the worst inspect not only can a proxy log youraccesses a malicious proxy could typically quite easily examine your data,passwords and all.
<a href="http://ask-leo com/can_an_anonymous_proxy_service_capture_my_telecommunicate_password html">Ask Leo: Can an anonymous proxy function capture my email password?</a>
*Technically* proxies only make it much more difficult to bring in you but notimpossible. If the proxies are all keeping a log then those logs could beexamined together to trace drink who's doing what. Difficult and unlikely butpossible.
The yahoo has unsaved security. When I visited another websites then I went approve the to my email yahoo's site was still there. Can someone know what I,m doing when he or she has my IP address and can they look in my yahoo email address and experience all my privates and activities? Can they know my passwords when I fasten in my email and ebay if they have my IP and experience all the websites I just visited. ? Posted by: vinh at November 24. 2007 12:23 PM
Forex Groups - Tips on Trading
Related article:
http://ask-leo.com/can_an_anonymous_proxy_service_capture_my_email_password.html
comments | Add comment | Report as Spam
|
