ANON: anonymizer.com thru proxy server is bad news

Damaged Justice frogfarm at yakko.cs.wmich.edu
Tue Feb 11 06:27:12 PST 1997



>From: jmccorm at galstar.com (Josh McCormick)
Newsgroups: comp.infosystems.www.misc,alt.anonymous,comp.infosystems.www.browsers.misc,alt.2600,ok.general
Subject: NOT ALWAYS ANONYMOUS: "www.anonymizer.com"
Date: 9 Feb 1997 19:25:46 GMT
Lines: 43
Message-ID: <5dl8bq$6h3 at mercury.galstar.com>

THE CLAIM:
> Our "anonymizer" service allows you to surf the web without
> revealing any personal information.

THE PROBLEM:
> If you access The Anonymizer through a proxy server, it may add a 
> variable, such as "HTTP_FORWARDED", that The Anonymizer does not filter 
> out, revealing your true identity.

THE DATA:
> Below is a printout of the variables from an "anonymous" session done 
> through The Anonymizer when accessed through the Squid proxy server.

REMOTE_HOST=darkmatter.infonex.com
REMOTE_ADDR=206.170.114.24
HTTP_USER_AGENT=Mozilla/3.01 (via THE ANONYMIZER!)
HTTP_HOST=sol.infonex.com:8080
HTTP_FORWARDED=by http://galaxy.galstar.com:3128/ (Squid/1.0.20) for 204.251.83.41
HTTP_PRAGMA=no-cache
HTTP_PROXY_CONNECTION=Keep-Alive

THE RESULT:
> A CGI script could see that you were using The Anonymizer to hide 
> yourself, but your true IP address is revealed in the "HTTP_FORWARDED" 
> string.

THE SUMMARY:
> Beware using an anonymous browsing service if you are going through a 
> proxy server. Until they remove the information provided by proxy 
> servers, using their service isn't as anonymous as they say.

THE QUOTE:
> (from The Anonymizer home page) "Many people surf the web under the
> illusion that their actions are private and anonymous. Unfortunately, it
> isn't so." 

=====================================================================
== Josh McCormick             Galaxy Star Systems                  ==
== jmccorm at galstar.com        Providing Quality Internet Access    ==
== Systems Administrator      WWW: http://www.galstar.com/~jmccorm ==
=====================================================================

--
http://yakko.cs.wmich.edu/~frogfarm/  ...for the best in unapproved information
 "Would I had phrases that are not known, utterances that are strange, in new
 language that has not been used, free from repetition, not an utterance which
 has grown stale, which men of old have spoken."  - inscribed on Egyptian tomb 








More information about the cypherpunks-legacy mailing list