At Smoothwall we have long speculated why anyone would choose to host a proxy anonymiser. For those who don't know, these are services which allow a web user to browse anonymously, and often bypass any local network filters. You can see why the service may be in demand, but inevitably there are going to be bandwidth costs associated with making that extra hop between user and target website - and these costs could be non trivial. So why do people do this? Let's talk about three possibilities...
1. They're studying at a School with a URL list web filter which catches the majority of well known anonymisers. They think that running an anonymiser (which isn't on the filter's URL list, and unlikely to hit their radar) and sharing it with their friends will make them popular and seem cool. Neither of these benefits actually come to pass, however, but that doesn't stop them trying.
Motivation: Realistic
Incidence: Low - most schoolkids have neither the aptitude nor inclination
Usage/Impact: Very low - only a handful of people know it exists
2. They're hoping to help oppressed people get access to the web, in countries where you can get locked up for posting on Twitter (like Britain ;)). This shows a fair level of altruism, so naturally, i'm sceptical
Motivation: Unlikely
Incidence: Low - the costs put off all but the most hardened altruist
Usage/Impact: Low
3. To make money. Now we're talking. This is the reason 90% of proxy anonymisers exist.
Motivation: Universal
Incidence: High, there is little barrier to entry
Usage/Impact: Widespread and varied, often distributed through lists of 0-day proxies
So... how do these make money for their host? Well, advertising is a first port of call, and this is also extremely common. Advertising is made slightly harder by the fact that Google - whose ads are most lucrative - forbid their ads from being shown on proxies (though the homepage is generally exempt).
For this reason, we have long believed that some proxy anonymisers could be run by folks with much more nefarious intentions. Specifically, those with no visible means of support. No ads, no revenue... so who is paying for your bandwidth? Either it's an altruist or a student, and those are rare, so what is it? Well, we think either your browsing history is sold to the highest bidder, or you're getting a few bits of malware served in the mix.
Finally - we have proof of this long held suspicion:
http://threatpost.com/en_us/blogs/proxy-service-front-malware-distribution-100812
Moral of the story: Don't use anonymizer services, and don't let your users use them. Even ad supported variants could be looking to make a few extra coins on the side.
We all work in the internet security industry, and as such we're involved with a wide range of technologies, markets and people.
Our collective blog is a space for our insights, observations and interests...
(N.B. The opinions expressed here are those of the individual authors, and not those of Smoothwall ltd or Smoothwall inc.)
No comments:
Post a Comment