Proxy Server Status Explained
· What does each proxy status mean?
o There is no 100% anonymity as such on the Internet. Any proxy server by design provides some degree of cloaking. Different server types can counter specific attacks.
§ Alive - provides basic anonymity - your IP won't show up in default web server logs.
§ (Alive) - same as previous but supports SSL connections. In cases where SSL (https://) connection it will behave as an Anonymous server.
§ Anonymous - proxy server doesn't include your IP in the extra headers. These headers by default are not logged.
§ (Anonymous) - same as previous, but supports SSL connections.
§ Elite-Anonymous - this server doesn't send any additional headers at all. Can be countered by use of Java.
§ Socks v4/v5 - Same as Elite-Anonymous.
§ Private - server is password protected (access was denied).
· How many high-anonymous and elite servers are there?
o It's hard to give an exact number. For public lists, the rough estimate is that only 5-10% of alive servers are actually high anonymous. Private lists usually have more. That's why it's important for Proxy Switcher to check for actual state of the servers (registered version only).
Availability of High Anonymous & Elite servers
Configuring Mozilla Firefox for increased privacy:Privacy Settings
Table of contents:
· Privacy Settings
· Caching and Bookmarks
· Active content, Plugins and Extensions
Summary:This article describes what private information Mozilla Firefox stores on your system and how to reconfigure it to reduce it's amount.While using a proxy server will give you a certain level of protection aginst the detection of your IP address, the browser will store plenty of information about sites you visit. Although Firefox has built-in feature to clear history and temporary files, but that might not be enough to really clear it. The reason is that it's pretty hard toactually remove any files from the Windows file systems. There are a lot of forensic tools that can restore deleted files or even restore whole drive contents even after drive format. So the question is, what to do. The answer is a preventive measure are more effective than trying to remove data that's already written to the disk. One of preventive measures is to configure browser to not store any private data (history, passwords, cache, etc.) in the first place. Since if no data is actually stored it's not needed to delete it. While this maybe sometimes might be inconvenient it's usually not a big issue.As a target browser we will be using Mozilla Firefox 3. There are following components that need the reconfiguration:
· Privacy settings
o Browsing History
o Cookies
o Private Data
· Saved passwords
Privacy settings
1.Browsing History
First thing that has to be corrected is Firefox browsing history settings. These settings are located in the Privacy tabsheet of the Tools->Options... menu. You need to uncheck boxes that enable logging of browsing history and user entered strings.The obvious dangers of the stored browsing history is that the address of each and every web page you have visited is recorded. Of course there are plenty of forensic tools that will extract and trace all the sites you have visited.
2. Cookies
Cookies are used by websites to store little data snippets in your browser. Almost all the sites leave some kind of cookie in your browser. Luckily Firefox has an option to remove cookies when it's exited. Altho it's possible to not accept cookies at all, but that often can cause problems since some sites actually need to have cookies enabled to for navigation to work. The dangers of cookies are that each of them contains a record of the web site's address it was sent from. So it works as an evidence that a particular web site was visited. To see currently stored cookies you can click the "Show Cookies..." button. It's a very good idea to get rid of them as soon as possible.
3. Private Data
Firefox has a built-in private data cleaning utility. It can clean up any remaining traces of data (which should small to non-existant). The best option is to enable it to clear data whenever you close the brower. This way you can be fairly certain not to forget to run it. Only problem is that if you crash or power down without proper shutdown this procedure won't be executed, so keep that in mind.If you click the "Settings..." button you can see what private data can be removed. Also check that all the options in this window are enabled.
Saved passwords
Saved passwords are a particularly dangerous feature. Only recently Firefox started use of encrypted saved passwords. The ramifications for the stolen saved passwords are immense. There have been numerous reports of passwords stolen from compromised machines (say good-bye to your Paypal account for example). The best way is not to save passwords in the browser. If youreally need to save passwords, consider using some good 3rd-party utility designed exactly for a safe password storage.
N.B. If you fill the login form on some website by default Firefox will ask you - "Do you want to save password for this site?" - in case you answer "not for this site" - it's name will end up inside Firefox's exception list which is readable to anyone. Same goes for all the exceptions lists in the browser! So you need to answer "No" in such cases.
Caching in FireFox consists of online and offline content caching. To disable caching and thus reduce the amount of private information stored we need to reconfigure following things:
· Firefox internal settings - about:config
· Offline storage cache
· Bookmarks
Firefox internal settings - about:config
Some of the browser's settings aren't directly accessible from the options window. What we want to change is the browser's content caching settings. To access them you need to type "about:config" in the address bar. This will load up list of Firefox internal settings. Next to filter out interesting settings, write "browser.cache" into the filter edit box.Settings of particular interest arebrowser.cache.disk.enable, browser.cache.disk.capacityand browser.cache.offline.enable. Set disk cache and offline cache enabled flags to false and the capacity to zero.The risks of caching on disk are obvious - content of the pages you load are stored on your disk ready for somebody else to view and analyze.
Offline storage cache
This is a fairly new feature that some websites use to try to store data for offline use. They usually store code and documents so they could be used when Firefox is switched to "Work offline" mode. As any cache it can contain sensitive information that you might not want to see recovered. So uness you got an appication you really want to use with this particular feature it's a good idea to disable this as well.
Bookmarks
For the sake of completness I'll mention bookmarks. It's simple - if you bookmark some page, that bookmark can be viewed by anybody else that has access to your computer. Athough you have to keep in mind that some sites can forcefully add bookmarks. So keep your eyes open and naturally don't add sites to bookmarks you don't want to be traced to.
Mozilla Firefox is a very modular browser it support active content like Java and Javascript, ActiveX, 3rd party extensions and plugins. This gives a lot of flexibility, but at the same time increases risks of losing your privacy. Here we'll cover configuration options which help to reduce this risk.
· Java and Javascript
· ActiveX and plug-ins
· Phishing checkers
· 3rd party extensions
o Google toolbar
o Firefox extensions
· Conclusions and suggestions
Java and Javascript
Java and Javascript are languages fairly often used in the web environment. The trouble with them is that they can easily be used to obtain your personal or private data and send it back to the website. Usually you can disable Java, for the most of the time, since there aren't a lot of sites that require it. Javascript is more problematic since a lot of sites use it for navigation and other things. Obiously the safest way would be to disable both, but that will cause problems with browsing. So one of the reasonable options is to leave Javascript enabled and use NoScript extension for Firefox (available at the Mozilla plugin's site).
ActiveX and plug-ins
ActiveX plugins (for an example adobe flash player, windows media video (wmv) player and others) are actually full fledged programs, they can potentially do anything they want with your computer. There are even reports of some Firefox extensions being used as a deployment for a trojan programs. The safest way would be to disable all of them completely. Sadly, yet again, this might not be an option. So the reasonable solution is toonly allow the plugins you trust and really need. As a personal opinion I suggest to disable flash plugins, they might be pretty, but the problem is there were multiple exploits found in the flash player. Which would mean that in case your system is unpatched, or there is an unknown vulnerability a simple flash banner could potentially compromise your whole system.
Phishing checkers etc.
While the idea that browser checks site against online blacklists in-general is good and welcome addition. The problem is that to do so browser needs to submit the page address you are viewing to the checker's site (hopefully nothing else). Which is counterproductive if you want extra privacy. So it's a risk vs risk, it's up to you to choose which you want - disable suspected attack siteand suspected forgery site checks or not.
3rd party extensions
1. Google toolbar
Lets take a look at probably the most popular toolbar. While the Google toolbar itself is fairly harmless, the problem with it is that it submits the site addresses you visit to the Google. They are supposedly using them to find new pages to index. But objectively that is a pretty large security problem. So it's better to disable it if you have it installed.
2. Firefox extensions
While Firefox has a marvelous extensions out there you have keep in mind additional risks associated with their usage. Main privacy problems with addons are:
· Might be storing your browsing history.
· In severe cases might be leaking it to some 3rd party.
· Installations might be purposely infected by viruses or trojan programs - consider using only signed extensions.
· Particular addons are sending information to 3rd party sites.
Some examples - if you use popular AdBlock Plus program and manually add some extra blocks then their addresses will be stored inside browser and might be an unpleasant surprise later.
Conclusions and suggestions
It is possible to reconfigure Firefox in a such way it leaves fairly minimal browsing traces on the user's system. The problem with it is that a browser configured in a such way is not very user friendly. Only solution to this in, my opinion, is to use two browsers - one configured in a secure manner, other one unsecure. So then by default you use the secure one, while switching to unsecure one for sites that refuse to work otherwise.&#...
OsakaMotel