A proxy server (or “proxy”) is a computer that sits between your computer and a wider network. This “wider network” is usually the internet. A proxy server acts an intermediary between your computer and the internet.
This means that:
- Your real Internet Protocol (IP) address is hidden from anyone on the internet. A website, for example, will see the IP address of the proxy server when you visit it, instead of your real IP address.
- You will appear to access the internet from wherever the proxy server is physically located. If the proxy is located in a different country to where you are, you will appear to access the internet from that country.
On the flip side:
- Whoever is running the proxy will be able to monitor all your unencrypted internet traffic. Note that most secure websites protect your connection using HTTPS. This includes banks, email services, and online shops. As with your Internet Service Provider (ISP), when you connect to an HTTPS website the proxy owner can see that you are connected to that website, but cannot see what you get up to on that website.
- The proxy owner will also know your real IP address.
Many (but not all) proxies are encrypted proxies. This means that the connection between your computer and the proxy server is security encrypted.
- When using an encrypted proxy, your ISP cannot see what you get up to on the internet.
- Because government surveillance is usually performed with the cooperation of ISPs, encrypted proxies can be effective at preventing blanket, un-targeted government surveillance.
- The proxy owner will still be able to monitor traffic when not connected to HTTPS websites, as it is the proxy server that encrypts and decrypts traffic entering and exiting it.
- This means that a great deal of trust in the proxy owner is required.
Grab a great VPN service today
We review VPNs to bring you the fastest and best services
Public Proxy Servers
A public proxy is a proxy server that someone makes available free of charge to the general public. They are also known as free or open proxy servers. In theory, these are run by well-meaning volunteers. Public proxies come in unencrypted (HTTP), encrypted (HTTPS), and Socket Secure (SOCKS, which may or may not be encrypted) flavors.
The biggest advantage of public proxies is that they cost no money to use. The fact that you can freely switch between proxies located all over the globe also has privacy benefits. However…
- Because volunteers run them, often on an extremely ad hock basis, they can be very unstable, and regularly go offline without notice.
- They also tend to be very slow.
- You have zero reason to trust the proxy operator, who can snoop on all internet traffic that does not connect to an HTTPS website or service. (Note that it is irrelevant whether the proxy is itself encrypted using HTTPS in this regard.)
- Cybercriminals are known to routinely run proxy servers. Indeed, it is calculated that almost 70% of free proxies are not safe!
- On the flip side, the proxy owner can get into trouble for any illegal activity you perform! This is because it looks as if that activity is coming from their server. It is therefore not ethical to use public proxies for peer-to-peer (P2P) downloading the latest episode of Game of Thrones (let alone anything more criminal!).
I strongly recommend against using free public proxies. If you absolutely must, then only connect to websites and services using HTTPS. And never use a public proxy that bans the use of HTTPS. The only possible reason for it to do this is so that it can snoop on or interfere with your web traffic.
Really… just don’t! Note that similar issues plague free VPNs.
Private Proxy Server
Individuals or companies can run their own private proxy servers for their personal use, or the use of their staff. The term “private proxy,” however, also refers to commercial proxies that offer use of their server(s) for a fee. VPNs are by far the most common form of commercial private proxy.
Private proxies and VPN services are generally much faster and more reliable than free proxies. The fact that they are businesses rather than random individuals also makes them a known quantity that can be held to account.
Indeed, many VPN companies have built up fearsome reputations for their dedication to security and privacy. That said, it is important to take care to choose a reputable VPN service.
The same advice holds true for all commercial proxy services, but thanks to the popularity of VPNs, other forms of commercial proxy service represent a fairly small and unexamined market. No proxy-only services that I am aware of have built up the reputation, or received nearly as much scrutiny, as the big-name VPN companies.
It is worth noting that some VPN companies also offer more conventional HTTP/HTTPS or SOCKS proxy servers.
Types of Proxy Server
HTTP is the standard protocol used to connect elements of the World Wide Web. Importantly, connections to HTTP servers are not encrypted.
On the plus side, no encryption means vastly reduced computational overheads. This means HTTP proxies can readily accept multiple connections without seriously impacting internet speeds for users. Note, however, that the physical distance your data must travel will impact your internet speeds.
An HTTP proxy interprets network traffic. This allows it to do high level things with the traffic, such as search its cache to see if it can serve a response without going to the destination, or consult a whitelist/blacklist to see if a URL is allowed.
By default, HTTP proxies are “blind” to Transmission Control Protocol (TCP) traffic and will simply ignore it. This makes them great for accessing unencrypted HTTP webpages, but little else.
HTTP proxies can handle TCP traffic if the HTTP CONNECT method is used, but its use is entirely dependent on the proxy owner. Because the HTTP protocol cannot interpret the TCP traffic, all TCP traffic is simply forwarded. This gives HTTP proxies that use CONNECT much of the flexibility of SOCKS proxies.
HTTP proxies must be configured individually in each software client you wish to connect to the proxy. The same is also true of HTTPS and SOCKS proxies.
HTTPS stands for HTTP Secure (or HTTP over SSL/TLS). It is used by any website that needs to secure users’ communications, and is the fundamental backbone of all security on the internet. HTTPS proxies are also called Secure Sockets Layer (SSL) proxies.
When you connect to an HTTPS proxy, all data that travels between your computer and the proxy server is security encrypted using HTTPS.
HTTPS uses TCP port 443, so all HTTPS proxies must use the HTTP CONNECT method in order to establish a TCP connection.
Socket Secure (SOCKS) proxies work at a lower level than HTTP proxies. They do not try to interpret web traffic, and just pass along all requests they receive. This makes them much more versatile than regular HTTP proxies.
SOCKS proxies can handle all kinds of internet traffic, including POP3 and SMTP for emails, Internet Relay Chat (IRC), and File Transfer Protocol (FTP) for uploading files to websites. They can also handle torrent traffic, which is why SOCKS proxies are sometimes referred to as “torrent proxies.”
Due to this flexibility, SOCKS servers usually handle a much higher volume of traffic than HTTP servers. This means that SOCKS proxies are usually much slower than regular proxy servers.
SOCKS5 is the latest version of the SOCKS protocol, and adds various authentication methods. This is useful for commercial providers who wish to limit access to their proxy servers to customers only.
The SOCKS protocol fully supports HTTPS, and it is common for SOCKS proxies to encrypt traffic in this way. One downside, however, is that SOCKS proxy connections are not as well supported by software clients as HTTP proxy connections.
Web proxies allow you to connect to a proxy server from inside your browser window. This proxy server can be either an HTTP or HTTPS proxy. Web proxies are usually free, and have the advantage that you do not need to download and install any extra software, or configure your bowser settings. They are therefore very easy to use.
VPN provider Hide.me also offers a free web proxy.
When surfing the web using this web proxy, a box at the top of the screen reminds me that I am doing so courtesy of Hide.me. As you can see from the fact that our URL has been replaced by one from Hide.me, our website has been successfully proxied.
Other than reverse proxies (see below), all proxies discussed in this article are technically referred to as forward proxies. They sit between your computer and a wider network, which usually means the internet. Under this setup, you connect to the proxy server, which then connects you to the internet.
As its name suggests, a reverse proxy does almost the opposite of a standard forward proxy. It sits between the internet and a much smaller group of servers.
A typical setup would be reverse proxy acting as a gateway between the internet and a corporate Local Area Network (LAN). In order to access resources on the LAN network you would first need to connect to the reverse proxy.
In addition to acting as a gateway, the reverse proxy can protect the entire network using HTTPS. It can also perform load balancing, content caching, data compression, and other tasks useful to corporate LAN networks.
Transparent proxies are so-called because they require no configuration on your part. You often don’t even know that you are using one.
Transparent proxies have many benign uses. For example, content filtering in libraries, or to authenticate users of public WiFi. That sign-in page you see in your browser when you connect your laptop to the WiFi in Starbucks? That is a transparent proxy in action.
Reverse transparent proxies are often used by websites to protect against distributed denial of service (DDoS) attacks.
Transparent proxies can be a pain in the ass, however. If not implemented well, issues with caching and authentication can arise. This last is because the server you are authenticating with does not realise that you are not talking to it directly.
Browsers may also detect the proxy server, and determine that it constitutes a security risk. In this case, they may refuse all connections through the proxy server.
Although potentially very annoying, there is good reason for browsers to do this. Use of transparent proxies is a classic form of Man-in-the-Middle (MitM) attack. In these cases, the attacker redirects your traffic without your knowledge to a malicious server that can then intercept it.
In the library example above, I mentioned “content filtering” in a benign context. But there is another word for it – censorship. ISPs, for example, can use transparent proxies to filter content on political, social, and religious grounds.
You can use a VPN or encrypted proxy, or simply connect to an HTTPS webpage, to prevent a transparent proxy from snooping on your web traffic or filtering content.
Just to prove that life is never simple, proxy lists often rate servers on their “anonymity level.” I will discuss this more a little later, but proxies that provide very little “anonymity” are rated as “transparent proxies.”
This terminology is undoubtedly confusing, but that’s the way it is.
Grab a great VPN service today
We review VPNs to bring you the fastest and best services
Difference between Proxy Vs VPN Servers
As noted earlier, VPN servers are a specialized form of proxy. The primary differences between VPNs and regular proxies are:
- VPNs are configured at the system level, rather than on a per-app basis. This mean that they need only be configured once in order to ensure that all internet connections from all software on a device are proxied by the VPN server.
- They use a variety of encryption protocols, which are usually very strong.
In general, VPN connections are more secure and easier to configure than regular proxy connections. This makes commercial VPN services more popular than commercial proxy services. This, in turn, has allowed some VPN services to establish very good reputations.
The Tor Network
The Tor network is free, and aims to provide users with true anonymity. It does this by routing all internet connections through at least three random “nodes.” These “nodes” are really just volunteer-run proxy servers.
The data is re-encrypted multiple times – each time it passes through a node. Each node is only aware of the IP addresses “in front” of it, and the IP address of the node “behind” it.
This should mean that at no point can anyone know the whole path between your computer and the website you are trying to connect to. The main downside is that the Tor network is very slow to use.
Please see my detailed Tor Network Review for more details. I2P is another anonymous proxy network, which is in many ways similar to Tor.
A proxy URL is not really a proxy (server) at all! It is a web address (URL) that forwards to another address. The most common use for proxy URLs is evade censorship blocks.
A great example of this in action is the URL www.bestvpn.com, which is blocked in China.
This allows users in China to access our website. Yay!
How Do You Use a Proxy?
Private proxy services (including VPNs) will provide you with all the details you need to connect to their servers. They often supply very detailed setup guides.
With the exception of VPNs, you must individually configure each program (or app) you use to connect to the proxy server. To connect to a proxy, you need its IP address (proxy server address) and port number. You may also need a username and password if authentication is required.
There are estimated to be “hundreds of thousands” of public proxies on the internet. To find one, just type “free proxies,” “public proxy servers,” “open proxy list,” (or similar) into your search engine. Good examples are here and here.
To configure a proxy server in Firefox, go to Options -> Advanced -> Network tab -> Connection Settings. Select “Manual proxy configuration:” and enter the IP address and port number of the server.
Exclude localhost, 127.0.0.1 (default setting), if you want to access local network resources such as printers and network attached storage (NAS) drives un-proxied.
The Vuze BitTorrent client can be configured to use a SOCKS proxy. Go to Tools -> Options -> Connection -> Proxy.
Configuration details depend on the individual software, but hopefully you get the idea.
“Anonymity” Levels for Proxies
Many proxy lists categorize proxies based on the level on “anonymity” they provide. Just to be clear, these ratings relate to what websites and other internet resources see when you are using the proxy.
The proxy owner knows exactly who you are from your IP address, and can monitor your non-HTTPS internet traffic. Thus you are never “anonymous.” It would therefore be better to describe these ratings as privacy ratings.
They come in three levels, with Level 1 providing the highest degree of privacy.
Transparent Proxies (Level 3)
The confusingly named transparent proxies forward a great deal of information about you to any website you visit. They therefore provide almost no privacy, and are primarily used for caching (which is why they are often called caching proxies).
Technically speaking, a transparent proxy (in this context) will hide your real IP address, but only very superficially. Your real IP address still appears in the request header sent to the webpage, and is therefore very easy to find out.
Anonymous Proxies (Level 2)
So-called anonymous proxies provide a much greater level of privacy. They hide your IP address from any website you visit, but do not hide that you are using a proxy server. Indeed, anonymous servers usually identify themselves as proxy servers by attaching “FORWARDED” headers to each page request.
Elite Proxies (Level 1)
Also known as high anonymity proxies, elite proxies will not only hide your IP address, but will also not alert a website (or other internet resource) that requests are being made via a proxy.
The website will, of course, still know the IP address of the proxy server. Elite servers tend to be the most popular kind of open server, which also means they can be the slowest.
Commercial proxy providers sometimes categorize proxies based on exclusivity. The more exclusive a proxy is, the more it will cost.
- Dedicated proxy – you have a proxy all to yourself. For this reason they are also known as “exclusive proxies”. Having a dedicated proxy also usually means that you have a static IP address. Dedicated proxies are likely to provide better performance than ones shared with others, and are useful for evading IP blocks such those imposed by Netflix. On the anther hand, they are less “anonymous” because that IP address is tied directly to you.
- Semi-shared proxy – usually means that you share the proxy with three other people.
- General proxy – same as a free proxy that anyone can use – so in all likelihood you will share that proxy with many other people.
Proxies are very popular and can be very useful. Open proxies, however, tend to be slow and unstable. They are also dangerous to use.
Commercial HTTP/HTTPS and SOCKS proxy services provide a much more satisfying experience and are much safer to use. There is a reason, however, why these are not as popular as VPN services.
For a similar price per month, VPN services are easier to configure, protect your entire internet connection, and usually use stronger encryption. Many (but by no means all) have also established strong reputations as reliable companies that will protect your privacy.
Grab a great VPN service today
We review VPNs to bring you the fastest and best services