Now I get it, I really do – life is expensive and there’s always something new we have to shell out for. Many people obviously search for ways to avoid spending money, well I certainly do and the internet is a great place to start. There’s a reason why coupon and money saving sites do so well, we all are looking to save money.
For some people there’s almost an expectation that they can get stuff for free. Look at YouTube or Instagram at software demos, or online services there’s usually loads of disparaging comments when they find out it’s not free. The internet is of course, rammed full of free movies, cracked software and ripped music. However, when you get to a certain age then you start to appreciate that very few things are actually free, there’s normally a cost somewhere. Unfortunately in the digital world, it actually can be a very high price indeed.
Now for pirated movies, games and stuff if you’re lucky you can download for a while without something bad happening. Yet almost inevitably, something will happen eventually, whether it’s a nasty virus embedded in that Avengers Movie you downloaded or an unexpected legal claim for hundreds of dollars from the owner of that porn movie! Both play on the fact that people think they’re completely safe and protected sat at their computer. Yet the ‘freebie’ seeker is actually a prime target for numerous malicious hackers and money making entrepreneurs.
The Risk of Free Proxy Lists
However the subject of this post is another target for the online bargain hunters, those who are looking for free proxies to use online. Ironically these proxies are usually desired for privacy, bypassing blocks and staying secure online. Which is usually exactly the opposite of what you will actually get using free proxies.
Let’s step through and have a look at some of these proxy lists. Basically you’re looking for lists with lots of servers with certain ports open to allow external access to the internet. The easiest method to find decent lists is to use a simple Google search like this –
+”:8080? +”:3128? +”:80? filetype:txt
You’ll get a load of lists packed full of proxies and anonymous servers. Most of them simple text files which are compiled and published automatically by proxy scrapers, if you change your search results to list the latest files they’ll be pretty recent too. Here’s a screenshot of one of the sort of lists you’ll find –
These will the usually be checked to see if they’re working, what ports are open and given a spurious ranking of things like ‘high anonymous’ or ‘elite proxy’ based on how much information they leak when being used. However the main issue with using any free proxy like this is simple –
You will have absolutely no idea about who’s servers these are or who’s running them.
Let’s just check one of these servers and see if we can find out who’s running this. I had a fantastic holiday in Slovenia a year ago, so let’s pick this one and see who owns it. It’s listed above as a high-anonymous proxy with the IP address of 188.8.131.52 with port 80 open. If we do a WHOIS check on that IP address we’ll find that the IP address assigned to that server is owned and registered by the Health Insurance Institute of Slovenia.
So are the Slovenian Health Insurance Institute running some sort of secure proxy service for people to use? Possibly, but very unlikely – what is more likely is that this is an application or proxy server sitting in their IT room. It’s probably been left open accidentally with no firewall or a poorly configured one protecting it leaving the server accessible and usable from the internet.
So the instant you start using that proxy server it’s very likely you are doing several things –
- Using someone else’s servers without permission.
- Relaying your data through a badly secured and configured server in Slovenia.
- Leaving your real IP address connected to this server and whoever has access to it.
All these, have potentially huge consequences which could affect anyone using this server. Using someone else’s computer and bandwidth without their permission is in most countries a criminal offence. The penalties vary but in the UK for instance it’s covered by the Computer Misuse Act and you could potentially be sent to prison. The likelihood of prosecution could be quite small but it does happen. If you pick the wrong server like one perhaps owned by a Government or the military it can be much more serious too. Remember unless you take action to hide your connection to this server then your real IP address traceable to your exact location is logged there for anyone to see.
That is all probably risk alone but there are other possibilities too. This badly configured server could indeed be sitting ignored in some understaffed server room. However it could also be run or controlled by others unrelated to the organisation. It’s a common tactic for cyber criminals and hackers to actually quietly gain access to these servers and simply log the connections. They look for usernames and passwords or other identifiable information to use in other crimes like identity theft. The other common method is to use the proxy as an open gateway to install trojans and viruses on your own computer whilst you’re connected.
These risks make using a free proxy server for whatever purpose hugely risky. Sure you save the costs of a paid proxy service but it could potentially cost an awful lot more. The simple fact is that using an open proxy is quite possibly constituting a criminal act and also it’s opening up your own connection to also sort of attacks too.
Nobody who has any perception or knowledge of these free proxies would ever use them for anything. Don’t put your self at risk by using them.
It’s true folks, loads of people hack into these servers and use them as free proxies. I’m a sysadmin and have seen it many times.