FUD and Proxies

I sometimes wonder how many people who use proxies / VPN service / Tor actually understand how the Internet works.

To be sure, there are lots of reasons to use them. Want to access geo-restricted content? Tunnel your traffic through a proxy in a region that works. Want to hide your identity? A proxy / Tor can help.

Want to remain secure online? A proxy / VPN / Tor is a horrible idea!

Take, for instance, the description of this product, which appears to be a Tor ‘router’ in hardware. (There is, of course, absolutely no reason you need a hardware device. You could just, you know, install Tor on your computer for free.) It says, in part: “Each time you venture out onto the web, you’re vulnerable, because each site can access your IP address, giving them the ability to find your physical location. With Safeplug, you can feel safe on the internet again, browsing anonymously and securely.”

They can “access your IP address”? That’s how the Internet works! It would be like denouncing telephones as unsafe because, when you call someone, they can see your phone number and, from your area code, deduce your location. (Although the Caller ID argument is fallacious. You can block Caller ID, but you can’t block an IP–you can only route your traffic through someone else’s computer, so that sites see that IP.)

It’s right about browsing anonymously. It’s good for that. But securely? It couldn’t be more incorrect! You’re routing your traffic through an unknown stranger’s computer to stay anonymous. That person can see everything you do. It’s not just paranoid and not-tech-savvy people that fall for this–it’s how numerous embassies had their passwords exposed and web traffic seen, by forgetting how the service works.

In defense of Uncrate, they do explain how it works, by saying that it “routes your internet traffic through a series of random locations, making it impossible to determine where you are.” If your goal is anonymity, Tor might work. (If you’re careful.) If your goal is security, though, perhaps consider that “rout[ing] your internet traffic through a series of random locations” is about the most unsafe thing you could do.

I’m not arguing that one should never use Tor or an anonymous proxy. I’m just arguing that using them for, say, online banking, or confidential communication, is quite ignorant. (Unless you’re excellent at using encryption.)

Leave a Reply

Your email address will not be published. Required fields are marked *