Proxies

buld your own proxy
Proxies when set up properly, help ensure that users can maintain their basic human right to privacy when using the internet. But be careful - proxies are frowned upon in dictatorships and police states. But if you live in a free country, you can give back to society as a whole by setting up proxy services on a spare computer. Here's how:

First, select good proxy software. This means the software should not leak any private information. This means you should not use the popular 'squid' proxy, or anything from Micro$oft  or other big name monopolies, since proprietary packages never be used where security is an issue. Why? They cannot be checked to ensure nothing which effects your privacy might be going on under the hood. Few if any computer corporations have a good track record for honesty, integrity, or ethical conduct when it comes to protecting the  basic human right to privacy.

So for this example we will use Privoxy, a readily available open source proxy. It is not the best perhaps (Polipo is IMHO much better), but it is the easiest to use and set up, and has several useful privacy protection features most others lack. To keep things really simple, we'll use an old spare computer you may have, and install linux on it so that your proxy will be on a dedicated server. This means there will be no proprietary software to get in the way of things, and nothing to buy. Go here and follow the directions to install Ubuntu (an easy to use version of linux). Done that? Okay - now we can build the proxy.

Step 1: get and install privoxy
  • Install privoxy:
    from the command prompt on your new ubuntu box, type:
    apt-get install privoxy
    if privoxy does not start automatically post installation, start it running with:
    sh /etc/init.d/privoxy start
  • edit /etc/privoxy/config
    • find the section marked 'logfile' and comment out the logfile setting like so:
      #logfile logfile
      otherwise a log will be kept of every internet site you visit
    • similarly comment out the loging of java information like so:
      #jarfile jarfile
    • find the 'debugging' section and comment out all the debug commands except for this one:
      debug 8192
    • set the listen-address to something appropriate. The default is usually fine:
      listen-address 127.0.0.1:8218
    • Turn off remote administration:
      enable-remote-toggle 0
      enable-remote-http-toggle 0
    • restart privoxy:
      sh /etc/init.d/privoxy restart
Step 2: configure privoxy
  • On your new ubuntu box, start a browser such as firefox
  • enter this in the location bar of your browser: config.privoxy.org/
    This brings up the configuration window
  • Click 'view and change current settings'
    Click 'edit global actions'
    Click 'edit'
Step 3: Set up some filters
  • Filters cause the proxy to prevent certain events. For example, there are filters to prevent google, yahoo, msn, etc. from knowing anything about your users (For fun, you may wish to do a little research if you do not know why these US corporations operating should be filtered)
    • filter google, yahoo, msn
    • filter hide tor exit notation (why give away private information?)
    • filter ie-exploits (why allow a certain horrible company to exploit your site?)
Step 4: Add some privacy controls:
  • From the configuration page which you accessed in Step 2, enable all of the following:
    • force-text-mode (avoids certain hack attacks)
    • hide-accept-language (it is almost never necessary to state that you only speak Xhosa)
    • hide-forwarded-for-headers
    • hide-from-header
    • hide-if-modified-since
    • hide-referrer (also click the box marked 'fake as root')
    • hide-user-agent (set the user-agent to 'Firefox 2.0.0.1' to make the web work better for your users)
    • session-cookies-only (prevent all tracking cookies by nefarious websites)
  • Step 5: Prevent spam, advertisements, spyware, certain popups, and other junk websites try to force you to look at:
  • From the configuration page which you accessed in Step 2, enable all of the following:
    • filter js-annoyances
    • filter html-annoyances
    • filter content-cookies
    • filter refresh-tags
    • filter unsolicited-popups
    • filter img-reorder
    • filter banners-by-size
    • filter banners-by-link (Necessary to avoid many invasive US corporations)
    • filter webbugs (ibid)
    • filter tiny-textforms
    • filter jumping-windows
    • filter frameset-borders
    • filter demoronizer (Necessary because Micro$oft does not play nicely)
    • filter shockwave-flash
    • inspect-jpegs (Necessary to avoid jpeg related hack attacks)

Save your work.
Start privoxy by typing: "sh /etc/init.d/privoxy start" at a command prompt.
Congratulations, you now have a working proxy.

To have your friends use your new proxy for anonymous browsing, do the following (here I assume they are using a good browser such as Firefox):

  1. In Firefox click 'edit --> preferences --> advanced --> network --> connection settings
  2. Set everyting to the IP of your proxy (IP-1 in the diagram above) and a port of 8118 (or whatever port you chose during the Privoxy setup)

 That's it. Now whenever your user group browses the net, they will automatically (and invisibly) connect to your proxy which will in turn access the websites they wish on their behalf, and return the information from those websites to their computers. The websites in question will record the IP of your proxy and not the users' real IPs.

Things to do next:

  • Now that you have a running proxy, you can set up a secure SSL connection to it so that no one can spy on the connection between your users and your proxy.
  • You can set up a TOR server to get much better (but also much slower) anonymity for your users.
  • You can set up an ssh tunnel to your new proxy so that users (should they have the misfortune to live in a dictatorship) will not appear to be using a proxy at all.
  • Of couse your proxy should have a proper firewall. See here to learn how to set one up on the proxy server you just built.