Expand: date=August 2007

for: Anonymizer (company)

An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet untraceable. It accesses the Internet on the user's behalf, protecting personal information by hiding the source computer's identifying information.

Purposes

There are many purposes for using anonymizers. Anonymizers help minimize risk. They can be used to expose human rights abuses without retribution, to speak about a taboo without loss of reputation, or to receive information within a repressive regime.

While there are ways in which some Who: date=July 2008 may view the use of this service as abuse, such as when criminals use anonymizers along with encryption software to securely hide their identity and keep their message hidden from any police or intelligence agencies, there remain many law-abiding citizens who wish to secure their communications from illegal government snooping Fact: date=July 2008 in the same manner, protect themselves from identity theft, or protect their search histories in the event of accidental or purposeful public disclosure. Indeed, criminals already have anonymity on the Internet: they can compromise other people's computers, exploit open relays, etc. Anonymity systems aim to provide privacy to law-abiding citizens.

Risks and security

Anonymizers are not entirely secure. If an anonymizer keeps logs of incoming and outgoing connections and the anonymizer is physically located in a country where it is subjected to warrant searches then there is a potential risk that government officials can reverse engineer and identify all users who used the anonymizer and how they used it. Most anonymizers state they do not keep logs but there is currently no way to confirm that. However, if the user used another anonymizer to connect to the exposed anonymizer, that user is still anonymous. This is sometimes called daisy-chaining.

Further, an untrustworthy web based anonymizer is capable of man in the middle attacks. The anonymizer can read, inject, and modify content into the message that the user is sending as well as receiving. The anonymizer can intercept and record private unencrypted information such as username and password credentials, credit card numbers, e-mails, etc. that have been transported using the anonymizer. To avoid this, content should be encrypted and credentials should be exchanged outside of the anonymizer.

For even trustworthy anonymizers, anonymizers cannot filter out any malicious code that may reveal the identity of the user who wishes to remain anonymous. See malware. Care should be taken to prevent information leaks. For example, anonymizing an HTTP connection but not a DNS lookup can reveal the location of the viewer.

Anonymizers also present a high value target. Groups opposite the people who want to remain anonymous target public anonymizers, especially as they are often misused.