What is a Proxy Server and How It Works

What is a proxy?

So what is a proxy? a proxy comes from the Latin to act in place of another. A proxy server acts as an intermediary for requests from a client to a server. Proxies are used in a number of ways but here we’re going to talk about them in terms of privacy and anonymity for Internet users. And in this context proxies mostly are used for surfing the web and downloading files to disguise the IP address of the client or user from the destination. They are popularly used on laptops, PCs, tablets, and phones (though phone data will still have privacy issues).

They are somewhat similar to VPNs but without the encryption in most cases. VPNs send all traffic on your operating system via an encrypted tunnel however proxies on the other hand only forward the traffic of a specific single application.

There is no software to download and install to use a proxy. Often you just configure the application to use the proxy using the application’s own configuration and you can set up multiple applications to use a proxy but it has to be set up per application. So for example in Firefox we can go options -advanced – network and then settings and you’ll see this – proxy settings and configurations

Here is where we set up the proxy settings for Firefox and other applications will have similar sort of settings in order to configure the application. To use a proxy you need the IP address and the port of the proxy server and some will also have a username and password that you need to enter if it’s a private proxy or it’s a paid-for proxy. On the settings dialog box you’ll notice there’s actually a number of different proxies, we’ve got HTTP, we’ve got SSL, FTP, We’ve got SOCKS, SOCKSv4, SOCKSv5 so let’s go through these as well

The Different types of Proxies

So let’s start with HTTP proxy, an HTTP proxy understands and interprets the HTTP protocol only and they are used mostly for surfing the web and DNS resolution through them is supported.

Then we’ve got the SSL proxy or HTTPS proxy. This is the same but also supports SSL and or TLS between the proxy and the destination so make that clear, its between the proxy and the destination. The SSL part can be misleading as there is no SSL encryption between the client and the proxy but only between the proxy and the destination.

And then we have the FTP proxy which understands interprets the FTP protocol and is used obviously for FTP and you can get a proxy for pretty much any protocol you need but they won’t always be supported by your application like you can see, there is a limited set of protocols which it supports which is where SOCKS proxies come in as they are more flexible in what protocols that they can support.

Such proxies are different because they operate at a lower level of the ISO model than say for example HTTP or application specific proxies and they try to be transparent to the user. They are not protocol specific so forward more protocols without a problem so for example you can put telnet, SSH, Tor, HTTP/HTTPS through SOCKS

Difference between socks proxy versions

There are differences between the SOCKS versions as well and here we’ve got version 4 and version 5. Version 4 doesn’t allow remote DNS which means the proxy server cannot perform DNS look ups and its not ideal if you’re trying to hide where you’re going. SOCKS v4 also only supports TCP and not UDP. And then you have the SOCKS version 4A proxy which actually isn’t configurable on here on firefox, and this is a small enhancement on the v4 that allows the proxy to resolve domain names and again it’s only TCP.

And then we move on to version 5 which adds on top of the features that the SOCKS 4A has and offers more choice in things like authentication, support for IPV 6 and UDP and does support remote DNS. It can resolve DNS names through the proxy which is what we need, now in special instances of and HTTPS proxy if the administrator has enabled the use of the connect method HTTPS proxies can behave like SOCKS proxies but only with HTTPS sites that support it. And an important note here to reemphasize there is no user to proxy encryption which means anyone observing the traffic between the user or this browser and the proxy can see connection details such as the destination IP address, your ISP, a hacker or a man in the middle will be able to see this. If the destination isn’t using SSL/TLS then the content of the traffic will also be observable.

Do proxies provide privacy and anonymity?

Proxies are generally far higher in the IP address of the client from the destination and they can work to bypass censorship in an environment that doesn’t examine the contents of the packet but if the consequences of getting caught is high then don’t use them at all. Proxies are faster than VPNs because there is no encryption with proxies, think of proxies as a basic form of hiding your IP address from the destination and not to be considered anonymous against moderate or serious adversaries.

if you plan to use or have access to multiple proxies I recommend the Foxy proxy Addon which enables you to quickly and easily set up different proxies and has all sorts of other useful features. If you’re using lots of proxies if you want to switch just a single proxy on and off then get yourself the Quick Java addon which has the proxy bottom where you can easily just switch on and off the proxy as you need thus saving you from having to go into the settings. 

Paid proxy services

We discussed free proxies in our previous post, now about paid proxies. There are paid proxy services that are available from a number of companies such as BT guard, tor guard, and Foxy proxy just to name a few. I have no association and do not recommend any of those or don’t recommend them, they’re just examples and you pay maybe $45 per year to access to those sorts of services. They are notably cheaper than VPN services but that’s because they don’t load the servers as much as a VPN server does because VPNs use encryption while proxies do not. Some proxy providers give you software to install but that’s not necessary if you application support proxies. These paid proxy services are mostly aimed at people downloading torrents however proxies are better at anonymizing you than nothing but are one of the weakest forms of a privacy service or anonymity service because of the lack of encryption.

The issues of trust are the same with proxy providers and you have no guarantee of what they are doing so even if a proxy provider state that they don’t log traffic you have no way of knowing if that is true. Plus when pushed by an adversary such as a nation-state will they roll over? Probably yes to keep their business just because they don’t keep logs doesn’t mean they can’t just switch them on. If they are coerced or subpoenaed or they just feel like doing it because they’re doing some sort of diagnostic it is trivial for a Nation-state adversary to monitor your activity with a proxy. It is even relatively trivial for a minor adversary to monitor your activity when you’re using proxies

Leave a Comment