Do web proxies really provide anonymity?
I mean, without someone asking for logs in a web proxy server for who/when connected, is it impossible to know who was behind that IP address?
I'm asking this because I heard somewhere that some technologies (like "flash") bypass personal IP information for requests or something like that.
(I'm a noob in server configuration and concepts like DNS and proxies. Thanks!)
It depends on what you're trying to obscure and how it's configured. Proxies aren't meant to hide people; they're meant to cache data, and later they started scanning content to filter it or protect people on the inside from malware. Anonymous proxies act anonymously by promising to not give out or retain logs (you have to trust them on that) and anyone trying to trace where the request is coming from is stopped at that hop if the proxy strips data out of the request that is personally identifiable.
Basically, the proxy has to be configured specifically to strip out identifiable data.
If the request or post information has your ID or personal information or something like that embedded in it, then that kind of defeats the purpose too.
If the request has to get back to your computer somehow, there is definitely a trail that leads back to you. Just depends on how obscure it is to trace. Commercial anonymizers just promise to stonewall by purging logs and stripping data from the request (if you trust them), and networks like Tor obscure your request by bouncing it all over the place (more info on their website) to obscure it and make tracking extremely difficult.
If you run a proxy at home, it doesn't take a forensic expert to know that there's a very limited number of people that could be making web requests from that home network.
But if you were truly 100% hidden...how would the data get back to you?
No, just setting a proxy within your browser not make you anonymous.
Your browser and flash is likely to have cookies that will identify you.
If you wanted to be truly anonymous you would probably need to fire up a new browser from a livecd or in a VM, set the proxy, and then browse. To maintain your anonymity you must not login to any site that has your name.
You will probably also need to make sure the browser/OS you are using does not make DNS requests to a local DNS server. If you do not configure the proxy correctly your machine make make DNS requests for the sites you are visiting to the local network.
If the proxy you are using is not using SSL for transport your ISP or someone on the local network will still be able to see what you are doing. Even if they are using SSL your ISP will know you are contacting that proxy.
If the an evil person cannot get the logs from the proxy machine to get the logs. if they are able to monitor the incoming and outgoing traffic they still may able to identify you just by looking at the flows of data.
Something like TOR does the best job, but even with it you must be very careful that you set it up properly and that during your session you never reveal any information that would unmask you.
I run a squid server at home, with a very basic/default setup, and I've seen websites identify me by my internal address. I'm not sure if the website is getting from my browser or the proxy, but it definitely can be found with my particular setup.
Knowing your internal IP addy really isn't a big deal. NAT (or proxies that accomplish the same thing) violates the principles of end-to-end routing in the first place, since there are now computer connected to the Internet (through a NAT router) which do not have a "routable" address. I wouldn't call your IP personal information, not anymore than the street address on the front of your house.
To your larger question about proxies providing anonimity. Cookies can uniquely identify you with or without proxies. Websites can also do a browser fingerprint on you, and that basically uniquely identifies you without a cookie.
http://www.privateproxysoftware.com>Anonymous proxies do many things, such as change an ip address, encrypt information, and most of all ensure a person’s safety. A proxy will supply you with a fake ip address in place of your old one. This will keep anyone from knowing your true identity on the internet. The key behind how anonymous a proxy really is, is owning a proxy under a reliable company. Everything you do on the internet will go through the company’s proxy first, so the company could just be out to steal your personal information.
The best answer I can give is "up to a point". Even if the proxy is configured to strip out anything that might identify you, the operators are scrupulous and the system is impenetrable against hacking (as if!), depending on local laws it may still be required to maintain logs that can identify your machine. It may sound a bit altruistic but I think an operator that disrespects the law should probably not be trusted to respect your privacy.
