|
|
|
|
| |
Web Anonymizers are special web sites that let you access other web sites while making it impossible for them to have any information about you (like knowing your IP address, planting or reading HTTP cookies or having any information about your location).
Many people use web anonymizing services to maximize their privacy or bypass web blocking applications (see our article: Web blocking software can be easily bypassed).
However, it seems that those services have flaws that allow web sites to bypass those anonymizers and retrieve information about your system. |
| |
Credit:
The Anonymizer (http://www.anonymizer.com) and Aixs (http://aixs.net/aixs/) are vulnerable to the URL redirection problem. Two other anonymizers, Bell Labs (http://www.bell-labs.com/project/lpwa) and Naval Research Laboratory (http://www.onion-router.net) are vulnerable to JavaScript attacks (those can be avoided by disabling active content such as JavaScript, ActiveX and Java on the browser).
These vulnerabilities were reported by Richard M. Smith
|
| |
The leading web anonymizers are simply web sites that proxies HTTP requests. The client computer accesses their web sites, and after typing the URL of the requested web site, the anonymizers will retrieve and display the HTML page using their server instead of the client machine. In this case, the remote server knows nothing about the client machine, only on the anonymizer server.
However, some features in the leading browsers allow remote web sites to collect this information even when a page is accessed using anonymizers. For example, using JavaScript, a remote site can retrieve the local machine's IP address and send it to the remote server. Also, using special HTML tags (like the META tag's REFRESH property) can silently redirect the browser to the original site, bypassing the anonymizer (without the user's knowledge). These issues basically render the anonymizers ineffective, since they do not really hide information from a remote site.
|
|
|
|
|
|
|
|
|
|
