The old adage goes that if you’re not paying for a product, then you — the consumer — are the product. It couldn’t be more true about most of the services we use on the web today. For companies like Google and Facebook, which offer their services for free, we are a product entity for them. A recent example comes from developer Christian Haschek who claims that a vast majority of proxies we use on the web to mask our identity and access geographically locked content are “shady.”
For the average Joe, that might not seem scary. But this next part definitely will. Haschek notes that 157 of the top free online proxies don’t have HTTPS enabled on their site. The lack of HTTPS means two things: the website isn’t encrypted and secure, and two: all the websites you visited using that proxy website can be easily intercepted. The site admins or any third-party intruder — including your ISP — can easily find the websites you visited, and if you logged-in to any website using those proxies, fraudsters could steal your credentials as well.
The lack of HTTPS connection allows the traffic to be analyzed, and facilitates man-in-the-middle attacks. “It’s okay to assume that if you are using a proxy and it’s allowing HTTPS traffic, you are safe,” Haschek told Technology Personalized in a statement.
Unfortunately, he hasn’t listed out exactly which proxy did he test, but assures that he has checked all the top ones (presumably the proxies that appear on top of search results). Hascheck told us that some of the proxy sites he tested include free-proxy-list.net and us-proxy.org, which are indeed very popular.
So what can be done? You can, of course, use a paid service which is more reliable. Or you could use Tor, which isn’t perfect either, but is unarguably the most reliable tool you have available for free.