Hi,

I am looking for a solution for an anonymizer problem. This is the
situation:

1. I regularly access arbitrary internet sites from unsecure working
stations, i. e. working stations located in networks that I do not know, e.
g. public internet access stations.

2. I have an own server in the internet.

Now I would like to use my own server as a proxy to the internet sites I
access from the unsecure networks:

1. The local web browser should access my proxy using an encrypted
connection.

2. My proxy should forward the requests coming from my browser to the final
recipients.

3. In effect, only the encrypted connection to my own server will be visible
in the unsecure network.

My question: How can I realize this? I prefer open source software running
on linux.

The only proxy I know is squid. Can I use it in my scenario?

Thanks,
Magnus

Magnus Warker <warker@magnus.co> writes:

> Hi,
>
> I am looking for a solution for an anonymizer problem. This is the
> situation:
>
> 1. I regularly access arbitrary internet sites from unsecure working
> stations, i. e. working stations located in networks that I do not know, e.
> g. public internet access stations.
>
> 2. I have an own server in the internet.
>
> Now I would like to use my own server as a proxy to the internet sites I
> access from the unsecure networks:
>
> 1. The local web browser should access my proxy using an encrypted
> connection.
>
> 2. My proxy should forward the requests coming from my browser to the final
> recipients.
>
> 3. In effect, only the encrypted connection to my own server will be visible
> in the unsecure network.
>
> My question: How can I realize this? I prefer open source software running
> on linux.
>
> The only proxy I know is squid. Can I use it in my scenario?
Yes, squid is already used by some anonymizing network
applications. But what is so anonymous about your server if it is visible?

--
Allan

>> The only proxy I know is squid. Can I use it in my scenario?
> Yes, squid is already used by some anonymizing network
> applications. But what is so anonymous about your server if it is visible?

The communication with the web sites behind it is invisible. Isn't it?

Magnus

On Sun, 06 Jul 2008 02:58:08 +0200, Magnus Warker wrote:

> Hi,
>
> I am looking for a solution for an anonymizer problem. This is the
> situation:
>
> 1. I regularly access arbitrary internet sites from unsecure working
> stations, i. e. working stations located in networks that I do not know,
> e. g. public internet access stations.
>
> 2. I have an own server in the internet.
>
> Now I would like to use my own server as a proxy to the internet sites I
> access from the unsecure networks:
>
> 1. The local web browser should access my proxy using an encrypted
> connection.
>
> 2. My proxy should forward the requests coming from my browser to the
> final recipients.
>
> 3. In effect, only the encrypted connection to my own server will be
> visible in the unsecure network.
>
> My question: How can I realize this? I prefer open source software
> running on linux.
>
> The only proxy I know is squid. Can I use it in my scenario?
>
> Thanks,
> Magnus

Take a look at Privoxy (http://www.privoxy.org/). This is what I use &
its also a good web content filter (banners, pop-ups, etc...).

Magnus Warker <warker@magnus.co> writes:

>>> The only proxy I know is squid. Can I use it in my scenario?
>> Yes, squid is already used by some anonymizing network
>> applications. But what is so anonymous about your server if it is visible?
>
> The communication with the web sites behind it is invisible. Isn't
> it?
Whether you use Privoxy, as mentioned in another post, or squid your
anonymity can be compromised by attacking the proxy itself. If this is
enough privacy for your purposes, fine. No anonymity scheme is
perfect and even if it was it would be impractical and unusable.

--
Allan

On 2008-07-06, Magnus Warker <warker@magnus.co> wrote:
> Hi,
>
> I am looking for a solution for an anonymizer problem. This is the
> situation:
[Protect machine on untrusted network using remote machine at home]
> My question: How can I realize this? I prefer open source software running
> on linux.
>
> The only proxy I know is squid. Can I use it in my scenario?

Just as a different solution, what I do is forgo the HTTP proxy
altogether and use the SOCKS forwarding feature of SSH instead.

As long as you have sshd running on your remote machine (the one in
your house, which is on a 'trusted' connection), and your travel
machine (the one you're using in the 'untrusted' network, like an
Internet cafe) has an SSH client -- available for basically every
platform -- you just open an SSH connection with the "-D {port}" flag,
and then point your browser at "localhost {port}", telling it to use a
SOCKS proxy.

This is in many ways a lot nicer than using an HTTP proxy. All web
traffic is forwarded from the browser to the port on the localhost,
and from there across the SSH tunnel to the remote machine, which
actually makes the connections for you.

It's dead simple to set up and works for web traffic, instant
messaging, and virtually any other application that can use a SOCKS
proxy (pretty much everything).

Googling "ssh socks forwarding" will turn up lots of HOWTOs for
various platforms. Here's just one, for Debian:
<http://www.debian-administration.org/articles/449>

I like this because it doesn't require installing or running anything
on your remote machine besides sshd, which chances are you're already
running as it is.

-Kadin.