I indicated in another article that proxies come in several flavours. I’ll discuss those here, in order of sophistication.
The Web-Based Proxy
These are the simplest to deploy, often requiring less work than setting up WordPress (famed for their 5-minute install). With well-regarded software written in many languages, setting up a web-based proxy typically requires you to select a ready-made package (such as CGI Proxy or Glype), copy it to a server somewhere, and unpack it. Some may need minor tweaking with permissions.
These proxies run inside a web browser. You call a page, the server fetches and delivers it in a frame or something similar. The request appears to originate from the server hosting the proxy script, and does not (directly) expose you to the server.
- Quick and easy to configure on the server.
- Requires little to no configuration on client systems.
- Does not need explicit support in software.
- Operates as a page within a web browser. Such systems to not lend themselves well to more general use.
- Many web hosts explicitly disallow proxies on their servers. Deploying one may risk having your account suspended.
- Some sites may not function correctly, notably those that rely heavily on AJAX and similar technologies.1
A bit more complicated to set up, SOCKS proxies are simple in concept. They act as a simple relay between points, completely blind to protocol. They do not understand what they are passing back and forth. This is beneficial, as it enables them to work with most systems easily. However, this simplicity also prevents them from doing much in the way of optimization.
You may see these described as SOCKS4 or SOCKS5 proxies. The primary difference is that SOCKSv4 is TCP only, and SOCKSv5 supports both UDP and TCP. UDP support is practical for things such as DNS queries, an often-overlooked aspect of maintaining anonymity.
- Simple method of operation promotes wide support.
- Can be used to proxy non-web services (IRC, Skype, Usenet, etc)
- You can send DNS queries through a SOCKSv5 proxy.
- Being blind to protocol details, SOCKS proxies have limited potential for optimization.
- SOCKSv4 proxies can offer a false sense of security, unless you take precautions to prevent data leaks via DNS.
- Requires explicit support in software.
An HTTP proxy has a few perks to it, as it relates to your privacy on the web. While less flexible than SOCKS, the tight integration between the proxy and the protocol it supports allow it to do more advanced things with that data stream.
As an example of clever an HTTP proxy, Privoxy performs several useful functions as well as acting as a relay. It can handle cookies, strip advertising from pages, and even un-animate animated GIFs.
The same capabilities that allow an HTTP proxy to enhance your privacy can also be used to weaken it. As an example, a malicious proxy could rewrite the HTTP requests to include information that may expose the sender.
- Highly optimized for HTTP traffic.
- Possibility for advanced functionality.
- Only works with HTTP traffic, for the most part.2
- Requires explicit support in software.
At the far end of the spectrum we have Virtual Private Networks. These could be viewed as very advanced proxies, capable of traversing firewalls, handling NAT, and encrypting your data. This is important, as it adds another layer of security. If your connection to the proxy becomes compromised, your data remains private.3
While VPNs do not need support in each application, they do need support somewhere. Typically this is at the operating system level. That said, all notable operating systems have some form of VPN support available (including Linux, BSD, Android, Mac OS X, iOS, and Windows), so this effectively takes care of itself.
There are some top-notch providers in this arena, as well. I use Golden Frog’s VyprVPN service, and my recommendation goes to them. I experienced a few connectivity hiccups when they first launched (notably connecting to the Europe point of presence from Western Canada), those issues are long since resolved, and they’ve been rock solid since then.
- Maintains data integrity.4
- Encrypts all data on the wire.
- Does not need support in software.
- Most reliable providers offer multiple points of presence.
- Ability to bridge multiple networks.
- Requires OS support.
A Virtual Private Network (VPN) is a more complicated sort of proxy, and is outside the scope of this discussion. I mention it here as part of my commitment to complete and accurate information.
Either style of proxy is acceptable, though I would personally recommend a SOCKS5 proxy, as you can feed far more through it than HTTP, such as IRC for anonymous realtime communication or FTP for anonymous file transfer.
- This issue stems from the same origin policy, and while it is possible to work around this, it requires per-site hackery, and is not convenient in the slightest. [↩]
- Though I suppose one could encapsulate data in an HTTP session, and tunnel it through a proxy set up to handle this… [↩]
- 256-bit encryption, as employed in most OpenVPN and IPSec implementations is non-trivial to defeat. [↩]
- If using a L2TP or IPSec VPN [↩]