Make Linux Invisible To The Bad Guys
A browser may tell the world more than it needs to know about your Linux system. Here's how to use a proxy filter to shut out snooping Web sites and black-hat buttinskys.
Setting up anonymous proxies via Privoxy
First, find anonymous proxy listings (including SSL) at Atom Intersoft (read notes at bottom of page); Public Proxy Servers; or Proxy Elite. Whatever proxy listing sites you use, make sure they:
Show transparent / anonymous / "high anonymity" or "elite" (synonymous) in descriptions Are accessible with your anonymous proxy Show country of origin
Use "high anonymity" / "elite" ONLY, and change the anonymous proxy site(s) in your /etc/privoxy/config forward entry frequently. If you think your users should worry about problems based on surfing to sites containing controversial political content, the best anonymous proxy sites are those that are least likely to cooperate with the local government.
Choosing the wrong anonymous proxy site might put you behind private or government censorware applied at a network firewall between your anonymous proxy and the site you want to connect to. The wrong proxy might simply make the site you want to see inaccessible by simply blocking an IP and returning no result to a browser URL request instead of redirecting the user to a "blocked" page.
The Great Firewall of China is an example of that kind of blocking. I tested this by deliberately select a .cn anonymous proxy and accessing a site that I could reasonably expect to be blocked by the Chinese government. Below is an example of the wrong choice of proxy landing me behind a firewall that refers "bad site requests" to a blocking page.
Either way, the user fix is the same: simply find another anonymous proxy site and keep on surfing. Manually editing the /etc/privoxy/config file below is required, because the file where the forward entry is located is not browser-configurable:
Enable anonymous proxy:
log in as root:
nano /etc/privoxy/config
Use the search (control-W) function to find :443 .
Examples:
Everything goes to an example anonymizing proxy,
except SSL on port 443 (which it doesn't handle): forward / 193.194.79.xxx:8080
forward :443++.
Set Up Or Change An Anonymous Proxy
Uncomment the forward line(s) you use by removing # . Substitute a proxy IP for 193.194.79.xxx:8080. Substitute a ssl-capable proxy IP for: forward :443++. if you like. The dot after :443 means forward nowhere. You replace the dot with an IP address for a proxy capable of accessing SSL via port 443 if you use a SSL proxy. (SSL proxies are much rarer than regular Web proxies.)
Keep a few extra proxy IP addresses in the file for convenience. Put them in lines under the forward lines, and comment them with # as above. Toggle privoxy OFF(see above), then back ON. Your browser should route to/from the new forwarding address. If not, stop or restart it.
Chain anonymous proxies
This means run two or more proxies in series. Of one anonymous proxy isn't anonymous, its site logs will be useless for tracking because they will be pointing to the other proxy. Problems include additive lag time; also, both proxy sites must work. Because the documentation is inadequate for this, I have requested how-to information.
To stop privoxy:
log in as root
ps A
find the numeric process ID of privoxy
kill -9
[numeric process ID]
See the paragraph above that follows After Installing privoxy for restart instructions. I have requested forwarding be made Web-configurable. You can track this feature request at https://sourceforge.net/tracker/index.php?func=detail&aid=1089626&group_id=11118&atid=211118
Testing
Do not rely on untested anonymous proxies. Use an ENV_Checker to examine the browser headers. Look for your own IP address. If you find it, (start with HTTP_X_FORWARDED_FOR), you're not anonymous. Find another proxy site. The sites below perform the ENV_Checker functions mentioned above. Use these to test your browser:
This next screen shot shows that both Privoxy and the high-anonymity proxy are working, as my real IP address is absent. The proxy IP is edited to protect its bandwidth:
Finally, this is the whois listing for the IP I am apparently websurfing from:
For more information:
Security and Encryption FAQ: WebServerTalk Keeping Fedora up to date with Yum: Linux Gazette
A. LIZARD is an Internet consultant in the San Francisco Bay Area. He has been writing for technology magazines and Web sites since 1987. Discuss this Recipe with other system builders in the TechBuilder Recipe Forum.
About the Author
You May Also Like