Anonymity and privacy are great concepts. But lately there is a feeling that both concepts of styles are unattainable on the net. Therefore, even I, not at all paranoid, occasionally think about tools such as VPN, Proxy and Tor. You've probably heard these words, and maybe even regularly use these technologies to maintain anonymity, bypass locks, watch American Netflix, or simply to access the corporate network.

But how exactly do these technologies work and how do they differ? And is it true that free cheese is only in a mousetrap? Today we'll talk about how to protect yourself and your data on a global network.

Proxy

Among the trinity – VPN, Proxy, Tor – the simplest technology is Proxy.

The technology works as simple as it sounds. Imagine your network traffic is a suitcase. You want to deliver this suitcase to a specific address, but you would not want to do it yourself, revealing your location and name. Therefore, you hire an intermediary who will deliver the suitcase himself to the desired address without revealing your identity and real address. Simple and convenient. Moreover, such intermediaries are quite multifunctional and will come in handy not only for trivially ensuring privacy on the network:

  • By changing your location using Proxy, you can bypass regional blockages. For example, it was the proxy servers that allowed Telegram to survive several years of official blocking so easily.
  • Or you may be able to access content that is only available in certain countries.
  • Or you can save on airfare by taking advantage of regional price offers or discounts.
  • But there may be a reverse situation. If necessary, using a proxy, network administrators can restrict access to certain resources.
  • There are also less obvious use cases. Proxy servers often cache data from popular sites, so downloading data through a proxy server can speed up access to these resources.
  • Or you can save traffic. Because proxies can compress all requested content. This is how the various turbo and economy modes work in browsers.

In general, there are a lot of options for using proxy servers. And this is the positive side of the technology, but proxy servers also have significant drawbacks.

Proxy types

First, the technology itself is very limited. Proxy servers are highly specialized, so each type of Internet connection needs its own type of proxy server.

For example, an FTP (File Transfer Protocol) connection requires an FTP proxy. There are also two separate HTTP and HTTPS proxy servers for HTTP and HTTPS.

This is a serious limitation, so there is still a separate type of proxy server, SOCKS proxy.

This protocol variation can work with different types of traffic. But it works more slowly, so it is also not suitable for everyone.

Proxy Security

All types of proxies are united by the main, key problem – security problems.

Because proxy servers do not encrypt traffic in any way. That is, HTTP traffic will not be encrypted at all. And HTTPS will be encrypted in the same way as with a regular Internet connection: using SSL encryption. And this is a huge problem. And to imagine the scale of the tragedy, let's remember the analogy with the suitcase.

Using a proxy server is like passing data to an intermediary in a suitcase without a password. This can be done only if you trust the intermediary 100%. And of course, you should beware of free proxy servers with a dubious reputation. After all, using an unverified free proxy is like entrusting the delivery of a bag to a free courier at an ad at a bus stop.

VPN

But there is a technology that has most of the advantages of a proxy and is devoid of most of the disadvantages – this is VPN or Virtual Private Network – a virtual private network.

Initially, this technology was not conceived as a means of traffic anonymization. Its task was to remotely unite computers into a single network. For example, to access the local network of the head office from a regional branch or from home.

VPN works like a proxy. Traffic in the same way, before reaching the Internet, first goes to an intermediate server. On the one hand, this allows you, for example, to access blocked resources. Because for an ISP, you are sending a request to a VPN server, and not to a prohibited site.

On the other hand, it allows you to remain anonymous, since the site you are visiting thinks that the request came from the IP address of the VPN server, not yours. But proxies do essentially the same thing, so what's the difference?

The key difference between VPN and Proxy is end-to-end encryption. All traffic passing through the VPN server is protected all the way from the entry point to the exit point. This is because when VPN is enabled, an encrypted communication channel is created between your device and the VPN server, which protects all data from hacker attacks.

Again, if we compare it with a proxy, in the first case, we transfer an open suitcase with information to an intermediary, who can either be robbed at any time, or he himself will steal the data. In the case of a VPN, we transmit data over a closed tunnel to penetrate into which is extremely difficult. Moreover, VPN works with all types of data and encrypts all traffic from all applications in general, not just your browser traffic.

At the same time, unlike a proxy, for a VPN to work, a VPN client must be installed on your device in the form of a separate application or browser extension.

However, installing an application for an ordinary user is much easier than digging into the proxy settings somewhere in the browser settings.

Free VPN Services

It turns out that a VPN is better than a proxy in everything? Not always.

The point is, not all VPN services are created equal. As with proxies, free VPNs have been caught spying on users and selling their data more than once.

For example, the VPN service Betternet, which had 38 million users, used 14 libraries to spy on users.

Hola sold the IP addresses of free users to hackers. That is, the criminals could have used your IP address for their own business.

SHADOWSOCKS

On the other hand, not all proxy services are bad. For example, there is a special type of proxy called Shadowsocks. Basically, it is a SOCKS proxy on steroids.

There is powerful encryption, traffic hiding, and the ability to bypass various locks. There are clients for both a computer and a smartphone, allowing you to stay protected at all times. And this thing was created by the Chinese people in order to bypass the great Chinese firewall.

Hence some nice features of Shadowsocks. For example, to gracefully bypass blocking, it can selectively mask traffic. You choose what to hide and what not.

For example, you are in China and want to check your Gmail, or watch YouTube. Thanks to Shadowsocks, you can do both of these while visiting sites that are only accessible from China.

VPNs, in turn, encrypt all traffic, so you won't be able to open sites that are only available in China.

But that doesn't mean Shadowsocks is better than a VPN. Unlike VPN services, Shadowsocks is not built to protect the privacy and anonymity of the user. With Shadowsocks, data packets are left unencrypted. This is done on purpose so that your data looks more like regular HTTPS traffic and does not arouse suspicion. So Shadowsocks is only suitable for bypassing locks? but not for security or corporate network connectivity. In this regard, VPN is beyond competition. Adjusted for the fact that you need to use only trusted services with a good reputation.

Tor

And finally, the most hardcore way to anonymize on the web is Tor. Is it true that Tor is so secure?

Tor stands for The Onion Router and it uses what is called onion routing. Your data is the core of the onion, and its protection is the layers around it. What does it mean?

To anonymize Tor, just like proxies and VPNs, it passes traffic through intermediate servers. But only in the case of Tor, there are not one, but three, and they are called nodes.

Now look, your traffic goes through three nodes:

  • entrance or sentry,
  • intermediate,
  • output.

Why is this needed?

First, to hide your IP address. Each node only knows the IP address of the node that is in the chain before it. Therefore, while your traffic reaches the third node, the original IP is sweating.

Secondly, your traffic is wrapped in three layers of protection. Therefore, the first and second nodes do not see your traffic, they only peel off the layers of protection like a peel from an onion, but only the third output node takes out the core and sends a request to the Internet.

These nodes are deployed by network users themselves on their computers. The more users there are, the safer and the faster the network is.

And access to the network is carried out through a special browser Tor Browser, based on Firefox. It has been improved with additions that prohibit sites from following you. For example, the browser is able to distinguish all scripts on sites, in fact, prohibiting the collection of any user data, or forces sites to enforce encryption. Sounds very safe, but in practice it is not.

Firstly, Tor is very much disliked by law enforcement agencies, and the very fact of using Tor is easy to trace. Therefore, simply by using the Tor Browser, you can already attract unnecessary attention. In other words, it is better to use Tor in conjunction with a VPN.

Secondly, the owners of the exit nodes are very risky. After all, it is they who are responsible for all actions that network users perform.

Thirdly, the same exit node owners see all your traffic, which means they can track you indirectly. That is why exit nodes are most loved by law enforcement officials.

Moreover, due to multilayer encryption, the Tor network works very slowly, half of the sites simply refuse to work correctly through the Tor Browser.

Outcomes

What's in the bottom line? If you are worried about your online security, then the best way to protect yourself is a VPN. But remember to use only reliable and reputable VPN services. Often information about the reliability of a particular service can be found on the Internet, in special articles. Also remember that a good VPN can cost money, or rather, its creators may charge a fee for using it.