Whonix versus Proxies

From Whonix
Jump to navigation Jump to search

Summary[edit]

  • Missing leak shield: Proxies don't have a leak shield. Configuration an application such as a web browser to reliably use a proxy for all connections is very difficult. Web browser are notoriously known to leak the user's real IP address through WebRTC, browser plugins and a number of other techniques. Proxies are usually used without a leak shield. A leak shield is required to make sure all applications are used by a tunnel such as a proxy, VPN or Tor. In case of Tor, projects such as Tor Browser and Whonix are entirely focused to provide a leak shield. There is no project that is actively working on implementing a leak shield for proxies. Whonix is a leak shield to force all connections to use the Tor anonymity network. Nothing comparable exists for proxies.
  • Browser fingerprinting: Even if proxies had a leak shield, due to browser fingerprinting, proxies are not suitable for being anonymous when browsing the internet. Even if the user's IP address was replaced by a proxy without any leaks, proxies do not ensure that users have an uniform appearance on the Internet; see Data Collection Techniques. By merging the data, this means users are distinguishable and easily identifiable.
  • No legitimate proxy providers: There are no known legitimate and free public HTTP(S) or SOCKS4(a)/5 proxies.
  • Missing encryption: There are no known HTTP(S) or SOCKS4(a)/5 proxies that offer an encrypted connection between itself and the user. Therefore, the internet service provider (ISP) or any man-in-the-middlearchive.org can see connection details, including the destination IP address. If the destination server is not using SSL/TLS, then the entire content of traffic is vulnerable as well.

Proxies Comparison[edit]

Proxies Introduction[edit]

Proxies are famous for "anonymity on demand". Acting as an intermediary, proxy servers relay your traffic to the destination and send the answer back to you so that the destination server potentially only sees the proxy and not your IP address: [1]

Instead of connecting directly to a server that can fulfill a requested resource, such as a file or web page for example, the client directs the request to the proxy server, which evaluates the request and performs the required network transactions. This serves as a method to simplify or control the complexity of the request, or provide additional benefits such as load balancing, privacy, or security. Proxies were devised to add structure and encapsulation to distributed systems.

There are two basic types of proxy server: [1]

  • Open proxies: these forward requests from and to anywhere on the Internet and are accessible by any Internet user. [2]
    • Anonymous proxies reveal their identity as a proxy server but do not disclose the client's originating IP address.
    • Transparent proxies also reveal their identity as a proxy server, but the originating IP address is accessible due to factors such as the X-Forwarded-For HTTP header. The benefit of these proxies is the ability to cache websites for faster retrieval.
  • Reverse proxies: these connect the Internet to an internal network. Therefore, users making requests connect to the proxy and may not be aware of the internal network as the response is returned as if it came from the original server.

As noted above, some open HTTP(S) proxies send the "HTTP forwarded for" header which discloses a user's IP address. HTTP(S) proxies that do not send this header are sometimes called "elite" or "anonymous" proxies.

Proxies Comparison Tables[edit]

The tables below briefly compare the features offered by proxies found on many proxy sharing websites with various anonymization services.

Proxy Type Feature Comparison[edit]

Table: Proxy Type Feature Comparison

Proxy Type Comment HTTP [3] HTTPS [3] TransPort [4] UDP Remote DNS Hides IP [5] User-to-proxy Encryption
HTTP [6] Yes No No No Yes [7] Depends [8] No
HTTPS [9] Yes Yes No No Yes [7] Depends [8] No
SOCKS4 [10] - Yes Yes No No No Yes No
SOCKS4a [11] - Yes Yes No No Yes Yes No
SOCKS5 [12] - Yes Yes No Yes Yes Yes No
CGI [13] See below Depends [8] Depends [8] No No Yes Depends [8] Depends [8]

Anonymization Service Feature Comparison[edit]

Table: Anonymization Service Feature Comparison

Anonymization Service Comment HTTP [3] HTTPS [3] TransPort [4] UDP Remote DNS Hides IP [5] User-to-proxy Encryption
I2P - Yes [14] Yes [14] No Yes [15] Yes Yes Yes
JonDo [16] Yes Yes No Premium only [17] Yes Yes Yes
Tor [18] Yes Yes Yes No [19] Yes Yes Yes

Proxies Conclusion[edit]

Proxies are highly susceptible to the misuse and theft of user data: many proxies (HTTP/HTTPS/SOCKS) are computers that have been hijacked by hackers or criminals, or are honeypots exclusively offered for the purpose of user observation. Even if they were legitimate, any single operator can decide to enable logging. In addition, some proxies automatically reveal the user's IP address to the destination server.

At best, proxies only offer weak protection against destination website logging, and they offer no protection against third party eavesdropping. For these reasons their use is strongly discouraged.

Proxy Chains Comparison[edit]

Proxy Chains Introduction[edit]

Isn't seven proxies (proxy chains) better than Tor with only three Hops?

Some readers might be familiar with the Internet meme: "Good luck, I'm behind 7 proxies", which is sarcastic retort sometimes used when somebody threatens to report you to authorities, or claims they can identify your location. [20]

In short, multiple proxies used in combination are not more secure than Tor; many people are unaware of this fact. As outlined above, proxies are not very secure.

In contrast, the Tor design ensures the first hop (Tor relay) is unable to see the IP address of the last hop because it cannot decrypt the message for the second hop. If one hop can be trusted, then the connection is secure; see Which Tor node knows what?archive.org, File:Tor-without-https.png, How Tor Worksarchive.org and the onion design to learn more.

Quote The Tor Project, Aren't 10 proxies (proxychains) better than Tor with only 3 hops?archive.org:

Proxychains is a program that sends your traffic through a series of open web proxies that you supply before sending it on to your final destination. Unlike Tor, proxychains does not encrypt the connections between each proxy server. An open proxy that wanted to monitor your connection could see all the other proxy servers you wanted to use between itself and your final destination, as well as the IP address that proxy hop received traffic from.

Because the Tor protocol requires encrypted relay-to-relay connections, not even a misbehaving relay can see the entire path of any Tor user.

While Tor relays are run by volunteers and checked periodically for suspicious behavior, many open proxies that can be found with a search engine are compromised machines, misconfigured private proxies not intended for public use, or honeypots set up to exploit users.

Proxy Chains Comparison[edit]

In comparison to Tor, proxies have serious weaknesses, even when SOCKS proxies or "elite"/"anonymous" proxies are utilized. Firstly, all connections between the user and all proxies in the chain are unencrypted. This holds true irrespective of the use of SSL/TLS. For demonstration purposes, assume a user is connecting to an SSL/TLS protected web server. In human terms, this is basic sketch of how the package for the first proxy in the proxy chain would appear:

  • Proxy1, please forward "forward to Proxy3; forward to Proxy4; forward to Proxy5; forward to https://encrypted.google.comarchive.org 'c8e8df895c2cae-some-garbage-here-(encrypted)-166bad027fdf15335b'" to Proxy2?

Notably, the actual transmission is safely encrypted and can only be decrypted by the HTTPS protected webserver, but every proxy will see its predecessor IP address and all successor IP addresses. There is simply no way to encrypt that information in an attempt to mirror Tor onion functions. The proxy protocols (HTTP(S), SOCKS4(a)/5) do not support encryption.

It is clear that proxy chains require trust to be placed in every successor proxy concerning the IP address. However, placing trust in open proxies is also misguided for the following reasons:

  • Most are a simple misconfiguration; the owners are not aware of the situation and did not intend on public access in the first place.
  • Many are compromised machines (worm infected).
  • Some are honeypots that engage in logging or active exploits (DNS spoofing, protocol spoofing, SSL/TLS spoofing).
  • Few are provided by generous people who only have good intentions in providing the best possible anonymity (similar to most Tor server administrators).

The above factors may not apply for proxy chains of SSH and/or encrypted VPN servers, but this has not been researched yet. Nevertheless, it is not possible to access numerous SSH and/or VPN servers for free (without hacking) and/or anonymous payment.

CGIproxies Comparison[edit]

CGIproxies Introduction[edit]

This section compares the use of CGIproxiesarchive.org in Mozilla Firefox on the host operating system without utilizing a platform like Whonix or Tails. A CGI web proxy: [21]

... accepts target URLs using a Web form in the user's browser window, processes the request, and returns the results to the user's browser. Consequently, it can be used on a device or network that does not allow "true" proxy settings to be changed.

This means CGIproxies provide Internet pages with a form field in which the user can input the target address they wish to visit anonymously. The web proxy subsequently delivers the content of the requested website and automatically patches all links to use the web proxy when clicked. When using web proxy services the browser configuration does not need to be changed.

In comparison to network proxies, CGIproxies have the disadvantage of not being able to replace each link correctly, in particular on websites with JavaScript code. This makes it easier for the user's IP address to "leak" to the web server, which the proxy should actually prevent. The https://ip-check.infoarchive.org anonymity test displays the weakness of some web proxies in the comparison table below.

It is also important to note that CGIproxies can potentially only anonymize browser traffic and not the traffic of other applications; but to be fair, they do not claim more than anonymizing browser traffic.

CGIproxies Comparison Tables[edit]

To interpret the table below, refer the Wikipedia CGIProxy entryarchive.org and the following legend.

Legend

  • Broken: The real IP address is revealed.
  • *: The highlighted service does not reach the test site if JavaScript is activated. It parses so poorly that the browser may leave the service silently in some cases.
  • OK: no leak found.
  • ?: Untested and therefore unknown.
  • NI: Not installed by default.
  • DE: Deactivated even if installed.
  • RA: Recommended against by maintainers.
  • 1 Encrypted connection to the CGI proxy (SSL/TLS) 2 or Tor exit relay.
  • 2 Uses a proper SSL/TLS certificate recognized by certificate authorities.

CGIproxies vs. Anonymization Software/Platforms[edit]

Table: CGIproxies vs. Anonymization Software/Platforms

Software / Provider HTML/CSS/FTP JavaScript Java Encrypted 1
Whonix OK OK NI DE RA OK Yes
Tails OK OK NI DE RA ? Yes
Tor Browser OK OK NI DE RA (Broken) Yes
Anonymouse Broken Broken* Broken Premium only
WebProxy.to OK Broken Broken No
Megaproxy Broken Premium only Premium only Yes
Proxify Premium only ? ? ?

Links to Software / Provider and Tests[edit]

In the following table, "(check manually)" means enter the test link manually in the browser.

Project Link
Whonix clickarchive.org (check manually)
Tailsarchive.org clickarchive.org (check manually)
Tor Browserarchive.org clickarchive.org (check manually)
Anonymousearchive.org clickarchive.org
Megaproxyarchive.org clickarchive.org (check manually)
Proxifyarchive.org clickarchive.org (check manually)

CGIproxies Conclusion[edit]

In comparison to Tor, CGIproxies are only one hop proxies. This means they know who is connecting and the details of the requested destination server resource. This makes CGIproxies far inferior to Tor because they could potentially read all transmissions, even if entering SSL/TLS protected domain names.

Due to these serious disadvantages, it is not worthwhile discussing other security features which have been canvassed in other wiki chapters comparing Whonix, Tails and Tor Browser (such as UTC timezone and fingerprinting).

Tor and VPN Services Comparison[edit]

Moved to Whonix versus VPNs.

License[edit]

Tor and Proxies Comparison

This was originally posted by adrelanos (proper) to the TorifyHOWTO/proxyarchive.org (licensearchive.org). Adrelanos didn't surrender any copyrights and can therefore re-use it here. It is under the same license as the rest of the page.

Gratitude is expressed to JonDosarchive.org for permissionarchive.org to use material from their website. The "Tor and Proxies Comparison" chapter of the "Tor vs. Proxies, Proxy Chains" wiki page contains content from the JonDonym Other Servicesarchive.org documentation page.


Whonix, Tails, Tor Browser and CGIproxies Comparison

Appreciation is expressed to JonDosarchive.org (Permissionarchive.org). The "Whonix, Tails, Tor Browser and CGIproxies Comparison" chapter of the "Tor vs. Proxies, Proxy Chains" wiki page contains content from the JonDonym documentation Other Servicesarchive.org page.


Tor and Proxy Chains Comparison

This was originally posted by adrelanos (proper) to the TorFAQarchive.org (licensearchive.org). Adrelanos didn't surrender any copyrights and can therefore re-use it here. It is under the same license as the rest of the page.

Footnotes[edit]

  1. 1.0 1.1 https://en.wikipedia.org/wiki/Proxy_serverarchive.org
  2. Hundreds of thousands are suspected to be in operation.
  3. 3.0 3.1 3.2 3.3 Connection to the destination server, for example to the torproject.org webserver.
  4. 4.0 4.1 Transparent TCP Port.
  5. 5.0 5.1 No X-Forwarded-For HTTP header.
  6. These do not support the connect method (see below). Therefore connections to SSL/TLS protected websites are impossible.
  7. 7.0 7.1 This is true only when being used as proxy settings and not when used as a transparent proxy.
  8. 8.0 8.1 8.2 8.3 8.4 8.5 Depends on the proxy.
  9. The term HTTPS proxy is misleading because the connection to the proxy is not encrypted. The proxy additionally supports the connect method, which is required to access SSL/TLS protected websites and other services other than HTTP.
  10. https://en.wikipedia.org/wiki/SOCKS#SOCKS4archive.org
  11. https://en.wikipedia.org/wiki/SOCKS#SOCKS4aarchive.org
  12. https://en.wikipedia.org/wiki/SOCKS#SOCKS5archive.org
  13. https://en.wikipedia.org/wiki/Proxy_server#CGI_proxyarchive.org
  14. 14.0 14.1 eepsites only. Connections to clearnet are only possible through outproxies (no SSL/TLS to the destination site).
  15. I2P End-to-end Transport Layerarchive.org allows TCP- or UDP-like functionality on top of I2P.
  16. For a more detailed review of the JonDonym network, see: JonDonym.
  17. The SOCKS interface is only available to paying users.
  18. Tor can offer a SocksPort (SOCKS4(a)/5), DnsPort and TransPort. A third party HTTP/2 socks converter (privoxyarchive.org) is available.
  19. Tor offers a SOCKS5 interface but the Tor software does not support UDP itself yetarchive.org. Whonix provides a limited workaround for using UDP anyway, in the most secure manner available; see Tunnel UDP over Tor.
  20. h ttps://knowyourmeme.com/memes/good-luck-im-behind-7-proxies
  21. https://en.wikipedia.org/wiki/CGI_proxy#CGI_proxyarchive.org

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!