Here we will review most common solutions allowing you to
hide IP address and to encrypt your data transfers. There are three general
categories of anonymizing technologies: web-based redirectors, protocol
dependent proxies, and VPN tunneling.
1. Web-based redirector
Internet services protected: web browsing only, excluding
secure (SSL) sites.
Protection from data interception: redirectors with SSL
encrypted access only.
Redirectors work only for web browsing. This service works according
to the following scenario: you go to the redirector web page, enter the
site URL you wish to browse anonymously and press “go” button. The redirecting
software will request the page using its own server IP and redirect the
output to your browser window. The main disadvantage is that not all sites
can be accessed through a redirector. Redirector will not work with secure
sites (https) so you cannot use redirector for banking, shopping and other
secure sites where SSL encryption is required. Some services allow working
with secure sites, although it is not recommended to use this feature
since data can be intercepted by persons running redirector service. Also,
redirectors usually block java, cookies, and some other features required
for browsing most of the sites. Actually all dangerous content can be
blocked or allowed by yourself depending on the site, without using any
third party services (e.g. you can allow java while browsing e-bay.com
and disallow it on any other site). This will be described in details
in our "Anonymous Surfing" page. Many free redirectors will block pop-ups
only to show you their own pop-ups. Some redirectors can use SSL encryption
to encrypt web traffic, although connection will be encrypted between
your browser and the redirector web page only, not to the destination
Conclusion: Redirectors are not convenient; they are
ok if you are browsing from time to time, but they are not suitable for
active Internet users. Not suitable for banking, online shopping and accessing
any other SSL protected sites.
Using a proxy is the most common method of anonymizing Internet activities.
In most cases people are using protocol dependent proxies. Different types
of proxies should be used for different activities: web proxy for browsing;
remailer for emailing (well, remailer is NOT a proxy, but it functions
in a very similar way). Also there are proxies for IRC and some other
protocols. Some proxy types (like Socks proxy) are more universal and
will allow working with several Internet protocols.
Main drawback of proxies is that they are protocol dependent. Example:
you have configured your browser to use http proxy. When you click on
“http://” link, connection will be passed through the proxy, and your
IP will not be visible. But when you are visiting secure site (https://
link) your real IP will appear in the server logs. To anonymize secure
connections you will need to use additional https proxy.
Another problem with proxies of any type is that your software should
have proxy support.
If your software cannot be configured to use proxy, you will not be able
to use it.
Also, not all protocols can be used through a proxy, for example you never
find a proxy solution for some online games or peer-to-peer file sharing
2.1 web proxy
Internet services protected: web browsing only
Anonymity: Not all proxies provide anonymity. This should
be checked before you use proxy
Protection from data interception: No
Using web proxy is easy. Find the open proxy IP address and set it in
your browser settings. All web traffic will be passed through the proxy,
hiding your real IP. But not all proxies are anonymous, e.g. some of them
can reveal your real IP. You should always check the proxy for the anonymity
before using it. You can find URL to proxy checkers at our “Links” page.
Avoid using so called “free open proxy” lists, or “open proxy scanning
software”. Free proxy (in many cases simply misconfigured by system administrators),
should be used with care. It is a common method for hackers to setup proxy
with open access, place it in the “Free proxy lists” and wait for the
victims. Everything that you do through a proxy and every password that
you use can be logged and used by persons running free open proxy in their
interests. And there is no guarantee that these proxies do not have user
activity logs. Additionally, proxies in this list can be under the special
attention of government agencies hunting terrorists and hackers.
Most commercial services providing web proxies are offering proxies from
“open proxy” lists, checked for anonymity in best case. These companies
do not have control over the proxy and cannot guarantee that there is
no user activity logging. They cannot guarantee that there are no hacker
proxies or proxies operated by government in this list.
Important note: a web proxy does not provide data encryption, e.g. your
browsing can be intercepted easily.
Conclusion: Avoid using proxies from “open proxy“ lists,
it is the same as providing all your passwords, email accounts to hackers
or government agencies. Also, proxy connections are vulnerable to data
interception. Commercial services can be used in case they provide access
to their own proxies, and the proxies are operated by company staff.
2.2 Socks proxy
Internet services protected: depends on proxy type
Protection from data interception: No
There are two types of Socks proxy protocols: Socks 4 and Socks 5. Socks
4 proxy will allow working with TCP protocols only, like HTTP (web browsing),
NNTP newsgroup access, IRC. Socks 5 is more advanced, allowing to anonymize
UDP protocols as well (ICQ for example). Only the applications having
an appropriate Socks protocol support can be used with Socks proxy. For
example, Internet Explorer has Socks 4 protocol support, and it cannot
be used with Socks 5 proxies. If your application does not support Socks
at all, or has only partial support, you will need the Socks client. Socks
client is a special software residing in between the application you are
using and the network. Socks client allows your application using Socks
proxy. Most Socks client software is commercial, i.e. not free. The problem
with Socks proxies is that Socks implementations do not support encryption
(except for some commercial software) to protect data traffic. If you
have set up to use Socks proxy in your browser or IRC client the connection
will remain unencrypted.
Conclusion: Socks proxy provides anonymity for most
of the Internet services. Applications you would like to use with Socks
should have support for Socks protocol. Main disadvantage is lack of encryption
making data transfers vulnerable to interception.
2.3 SSH tunneling
Internet services protected: depends on the proxy type
Protection from data interception: Yes
Some companies provide additional service for the data security - SSH
connection to the proxy. Using SSH will make your connection to the proxy
encrypted thus making it impossible to intercept. Both web proxy and Socks
proxy connections can be passed through the SSH encrypted tunnel. SSH
cannot be used without the proxy for anonymizing.
Conclusion: SSH can be used with proxy only. It adds
encryption for the proxy connection.
3. VPN Tunneling
Internet services protected: Any
Protection from data interception: Yes
VPN stands for Virtual Private Network. Actually it is the most comprehensive
anonymity solution available on the market. VPN technology is widely used
by large corporations, financial institutions and government agencies
to secure data communications. VPN allows not only to secure communications
with high-grade encryption algorithms, but also to anonymize all types
of Internet traffic. VPN connection can be compared to anonymous "virtual"
dialup service through the existing Internet connection. The scenario
is as follows: you connect to the Internet through the ISP (Internet Service
Provider) and launch the special VPN application (or built-in VPN adapter
for Windows and MacOS operating systems). VPN application will establish
an encrypted connection to the service provider. Once connected through
the VPN all Internet traffic will be encrypted and a new IP will be allocated
so that any Internet application installed on your computer will be using
this new anonymous IP address. There are three VPN protocols used: PPTP,
IPSec and L2TP. All of them use high encryption, and allow anonymizing
any Internet activity. Quite often SSH used for proxy connection is considered
as VPN although it is not the same. SSH allows to encrypt data connection
and can be used in conjunction with a proxy to secure data transfers between
your PC and proxy.
Conclusion: Most advanced anonymizing solution. Gives
full anonymity and protection from data interception. Allows anonymizing
any Internet activity.
What you should be aware of when choosing anonymizing service.
Service provider jurisdiction.
Always check where the servers used for anonymizing are located. Use WHOIS
tool to find out the anonymizing servers location country behind the IP
address. Avoid using the servers located in your home country since law
enforcement or intelligence agency monitoring your activities will be
able to monitor your anonymizing service provider traffic as well, or
it can legally force them to give the information about your activities.
It is recommended to use a service located outside your country, then
the traffic monitoring would be impossible and law enforcement procedure
would be much more complicated or even impossible (in some offshore jurisdictions).
Avoid using anonymizing services located in countries with low Internet
privacy standards like US or Australia. Remember, that in jurisdiction
where data interception is used by government agencies “anonymous” services
are monitored in a first place.
Anonymous payment options.
If you are considering using commercial anonymizing service, check if
anonymous payment options are available. Most popular anonymous payment
options are: e-gold (see www.e-gold.com for details), traveler’s checks,
etc. If there are no anonymous payment options, avoid this service.
Protocol dependent services.
Since all Internet activities are related with each other, protocol dependent
anonymizing services should be used with care. For example, you are using
anonymous socks proxy for ICQ. You have received the message with a link
to the web page from your chat mate. When you follow the link, your real
IP address will appear in web log, and your chat mate will be able to
track you if he/she has access to the web server logs. Another example:
you are using anonymous email service, you have received HTML encoded
message with linked images. After you open the message, your email software
will automatically download linked images form a corresponding web site.
This means that the message sender will be able to determine your real
IP address. You should always remember the services you have had anonymized
and the services you have had not anonymized to avoid the situation mentioned
above, or consider using VPN tunneling services to anonymize all your
The reverse side of any anonymizing technology is slowdown in traffic
transfer. Any anonymizing service makes the data packets travel two times
the same distance at least. The encryption (if any) adds the delay as
well. There is no way to avoid this. In case you have decided to use some
anonymizing service you should be prepared to get much slower data transfer
Paid versus Free anonymizing services
Running an anonymizing service (web proxy, Socks or VPN) is an expensive
venture. It requires expensive network equipment (computers, routers)
and lot of bandwidth resources. As you know there are no free lunches,
so if somebody offers it for free it would be wise to think about the
reasons for such generosity. Moreover one would not be in a position to
require any privacy guarantee from a free service; usually there is no
A reminder - always ask for anonymous payment options when purchasing