Category: filtering

Use a Ninja Proxy in 2019

It’s sounds so overkill and somewhat paranoid – but honestly it’s not, there are genuine reasons why people use these ninja cloak proxy site programs like Identity Cloaker.  There’s an increasing necessity to  protect yourself online.  The need to use common sense and adequate security and privacy tools is vital. If you’ve come here looking to become an online proxy ninja, surfing securely through the electronic ether well perhaps I can point you in the right direction.ninja proxy But First the Danger finding any sort of anonymity is difficult online, you’re tracked and logged through your ISP, company firewalls, every web sites you visit and a thousand other devices in between. Your IP address can be tracked back to the very PC you’re sitting at and the logs stored and backed up in your ISP contain virtually everything you’ve done online for the last two years. When I say everything, I’m not kidding – and yes it does include the fact that you watched the Kylie Minogue Agent Provocateur advert 6 times in a row last Friday when you came home from the bar.

Now the inconvenience Sometimes it’s not actually the paranoia (oh and yes they are watching you), but the inconvenience that drives people to hopeless proxy sites in search of a Ninja proxy to surf through.  This is down to the increasing pervasiveness of a system called geotargeting – I’ll add a better description of this but it’s basically the way that websites restrict what you can watch depending on your location. You’ve probably seen it in action –

  • Want to watch BBC Iplayer but are not in UK – Sorry blocked by IP address
  • Catch up on some shows on Hulu while on holiday in France – Nope blocked by IP address
  • View the news on ABC whilst in Canada – Nope blocked by IP address again.

The real list is much, much longer – anything from accessing YouTube to just about any big media site.  More so if you’re unlucky to live in a country where it’s considered bad for you to access Facebook  – it’s likely you’re going to get blocked for not having the right IP address. So people are fed up with being blocked, monitored, logged and basically having their online experience controlled and analysed.  So they look online and find details of unblock sites and read blog posts looking for a free proxy server. They then find they don’t work and indeed haven’t for many years at least for most applications.

There’s no point looking on a free proxy list you simply won’t find anything that works anymore and you certainly won’t find a proper ninja proxy which unlocks the internet and hides your location.   What they find is loads of web pages called Ninja something or other and a basic install of a web proxy called Glype.  They will promise you all sorts of super, secret ninja surfing via their little browsing frame – but I’m afraid it’s not true.

Computer Admin Watching Someone Search Through a Ninja Proxy Site

The Truth About Ninja Proxies Unfortunately that’s what the majority end up doing, searching in Google and finding some Ninja web site or something like that.  In the middle of the page their will be a little box inviting you to search via their site – something like this

Not Really Ninja At All! In fact little more than a default Glype installation with a proxy browser front end.

Is it secure ? In a word – No. Well if you trust a complete stranger who has set up a free server, installed Glype and covered it in ads – to look after your data then of course it’s fine. It doesn’t bypass most firewalls, it certainly doesn’t give you anonymity – it does add many more risks to your browsing. For those of us who prefer reality it’s a complete waste of time, all you are doing is funneling your data through another unknown, insecure point.  In some circumstance the setup may obscure your IP address slightly but that’s about it – you also be leaving yet another log of your activities on this guys server. Don’t think you’ll be able to stream previously blocked video either like BBC Iplayer or Hulu because you can’t watch these through a little Iframe window and besides the servers are normally basic ones that would struggle to stream video to one person not the thousands who’ll probably be trying.

The real proxy ninja experience will obscure your IP address completely through an advanced network of high speed, highly secure servers across the planet.   It will be high speed and high performance allowing media streaming direct to your PC from wherever you are – so watch the BBC Iplayer or Hulu or any site you care to try.

It can also be set to automatically switch your browsing data across to a different server across the globe every few minutes. But finally it will also encrypt your data meaning that you really can be anonymous, your ISP logs included.  In fact  the only readable logs of your online existence are briefly on the secure servers and are deleted immediately.

To access a global network of secure proxies and VPNs, which can bypass internet blocks and keep you anonymous –

Use Identity Cloaker

 

 

Divine Internet Filtering

Now I’m not very religious, but have no real problem with those who are.  Obviously, excluding those who want to kill me, blow me up or have me imprisoned – anything like that.  However I do think that secular governments seem to work better, at least with regards to democracy simply because most places have many people of differing faiths – I’d argue history supports this view.

It also in my opinion works best with other areas, such as internet access. For example Saudi Arabia, has a very fast and efficient telecoms infrastructure,  the speed in some of Riyadh’s 5 star hotels is absolutely incredible, absolutely no buffering over Wifi while watching BBC iPlayer.  But unfortunately with this 21 century technology, comes an almost medieval implementation.

I am referring to the way that Saudi Arabia censors the internet, or specifically the ISU who are based at the King Abdulaziz City for Science and Technology.  For a 21st century techno geek like me, alarm bells started ringing when I read the ISU statement on why they filter the internet –

God Almighty directed humanity in the Nobel Qur’an in the words of His prophet Joseph: “He said: My Lord, prison is more beloved to me than that to which they entice me, and were you not to divert their plot away from me I will be drawn towards them and be of the ignorant.  So his Lord answered him and diverted their plot away from him, truly, He is the All-Hearer, the All-Knower”  Yusuf(12):33-34

You can see the filtering statement here.

http://www.isu.net.sa/saudi-internet/contenet-filtring/filtring.htm

Now I’ve written a fair few, acceptable use policies in my time, but I confess I rarely reference religious scriptures. It will come as no surprise to find that in general the internet filtering operated by the Saudi Government tend to focus on repressing opposition and promoting their religious beliefs.

The sort of sites that are blocked are things like the Saudi Human Rights organisations, Free Speech Coalition and the Voice of Saudi Women. Lots of journalists are filtered, in fact they once blocked all of blogger because of a couple of blogs were being used to raise awareness of issues within the Kingdom of Saudi Arabia.

saudi internet filter

This is the cheerful message you get if you try and access one of the many thousands of blocked websites. Be especially careful in Saudi Internet cafes were hidden cameras were installed in 2009 and the proprietors are forced to supply names and addresses of customers on demand.

They use a system called Smart Filter to block access to all these websites. It’s nothing very complicated though and most people are able to bypass using proxies, VPNs or specialised software – like this.

Why Can’t I Use a Proxy

We’ve all been there – you’re stuck in work or school, and frankly bored out of your brain.   Sure you have internet access but all the most interesting sites are blocked –

  • Facebook Blocked
  • Youtube Blocked
  • MySpace Blocked
  • World of Warcraft (games and forum) Blocked

So why’s it happening and what can you do about it?

Your company or school controls your access to the internet at several points and is blocking your access at several levels.

The first control is probably through their own proxy server.  If you go and look in Tools/Internet Options/Connections/LAN Settings or  something like that in different browsers you’ll probably see a proxy server set.  That address will be a server controlled by your company where they force all internet traffic.  If they’ve done a decent job you won’t be able to change this.

The settings will normally be deployed by something called GPO (group Policy Objects) which are the way most organisations control what their computer looks like.  These apply settings like specific desktops, screensavers, Internet Explorer settings each time you boot up your computer.

Therefore absolutely everything you request goes through the company proxy server.  You might think you’re being clever searching for ninja proxy sites on the internet but I’m afraid you’re not.  All you are doing is creating a log of you searching for ‘ninja proxy sites online’, and letting administrators know you want to bypass their settings. The proxy server will be set to filter out all such requests by a variety of methods.  The most common one will be a huge list of URLs containing all the dodgy one page, Glype proxy installations online.

So you need to bypass this proxy server or do you?

If the organisation has their network set up properly then even by using an alternative browser or modifying the proxy settings in IE will not work anyway.  The reason is that your company firewall, the hardware device which controls all the traffic in and out of your network should only allow web traffic out from one specific address – the proxy server.   So forget about specific IPs, free web proxies or anything specific like a UK VPN or proxy until you figure this part out.  Remember in this scenario if you bypass the company proxy then your request will not get through, it needs to come from that specific IP address or it will get blocked.

Then a couple of things might happen –

  • The alert will be flagged on the firewall (Web requests from an incorrect internal client)
  • The administrator will track down the PC and find out it’s been modified.

But don’t worry in reality probably nobody ever looks at  the logs and most firewalls generate so many alerts that nobody ever looks at those either.

The point is your searching for online web proxies is simply a waste of time.  To bypass most corporate proxies you need to go through that proxy and not around it.  Through it because any other originating IP address will get blocked and may possibly  wake up your IT Department.  But you need to stop the proxy blocking access based on the content (what you are requesting) and the URL (the actual site you want to visit).

There are two things you can do to allow this – first you need encryption so that nothing can see inside your web request and secondly you need some low key server outside the network to relay your request.  These two requirements if implemented correctly will allow you to tunnel through any corporate network firewall or proxy and also keep your surfing private from the administrators and logs.   I should point out that the new generation of Smart DNS servers like this, may be more effective in a lockdown environment that standard proxies although it’s likely you’ll need admin access on your local pc in order to modify the network settings, as generally these will all be assigned automatically via DHCP.

What is Internet Filtering (and How Can you Beat it)?

This is becoming a more and more important question as we spend an increasing amount of time online. What exactly is internet filtering and should we learn to live with it or try and bypass it at every turn?

It’s probably best to start with some background, and define some of the types of filtering you’ll find online and who enforces them. All sorts of people could potentially be filtering your internet access, largely dependent upon your location and situation. Governments often filter extensively – places like China, Thailand and Iran heavily restrict what you can see or do online. More worryingly many places monitor rather than block which has led to many bloggers for instance being imprisoned for merely expressing an opinion online.

Web Filtering
More democratic nations are also starting to increase the amount of filtering they engage in. Australia seems very keen to introduce an extensive filtering system whilst Iceland are proposing to block internet porn completely from their country.

There are also more understandable filtering which takes place in your workplace, schools or colleges generally to prevent individuals accessing inappropriate sites or spending their working days on Facebook!

Surprisingly though all this filtering is usually obtained through very similar methods. Your local college is liable to be filtering your internet feed using the same methods as the Sudanese Government. If you decide you do want to beat internet filtering – then here’s two of the main methods used;

Filtering TCP/IP Headers

Every TCP/IP packet consists of two main sections, the header and the data. Inside the header you’ll find the destination IP address effectively where the request is being sent to. A simple but popular method of internet filtering is to maintain a list of ‘blocked IP addresses’ any request sent to these addresses is either dropped or blocked. It’s nto a very effective method though and means spending a long time keeping an up to date list of IP addresses and servers. It also often ends up blocking legitimate sites by mistake.

Filtering Based on Content

A more sophisticated method which involves looking at the data in the packet and not simply the address from the header. It usually involves an investment in new hardware to enable content filtering. This method is much more configurable and will allow blocks on inappropriate content such as porn, gambling etc without the reliance on maintaining a static list of sites.

It’s not perfect and there are still ways to beat this method of internet filtering too, it can also heavily impact the speed of the connection as well.

There are many variants of these methods and of course you’ll find lots of different security configurations employed as well in many organisations. For example many companies will only allow outgoing web requests out through a single server address normally a controlled proxy server. This is to stop people using the free basic web proxy servers that you find over the internet.

So Can You Beat Internet Filtering?

The simple answer is that you normally can. Evading the simple TCP/IP header filters is relatively straight forward – just finding a proxy server which does not have it’s IP address listed will normally do the trick.

Obviously it’s more difficult if you’re faced by a sophisticated content filter like BT Clean Feed, Websense or Optinet. These are actually looking in the data for both web addresses and specific keywords or patterns in the content itself. The simplest way to stop these content filters blocking you is to make your browsing unreadable by encrypting it. Encrypting your data means that the filters can’t actually see what is in the data in order to make a decision, when combined with a proxy server you can normally beat most internet filters.

Take a look at this video, which demonstrates how Hide IP Software actually works.

If you need a product that does this and more – then take a look at . , it has the technology to encrypt and cloak your protection plus access to an extensive network of proxies all over the globe – servers in the United States, Britain, France, Canada and many more across the world. You can use it for complete seclusion, to circumvent web filtering,censorship or even just to watch Hulu, BBC Iplayer or any media site you enjoy. The proxy will shield your IP address and the encryption will protect your data from logging and content filters.

Once Upon a Time There Was a Hosts File

When the World Wide Web was little and called the ARPAnet, resolving computers to their IP addresses wasn’t a big deal. In fact because the network consisted of only a few hundred hosts, a single file called HOSTS.TXT was sufficient. This file contained the name to address mapping of every computer on the ARPAnet. Unix computers hacked the HOSTS.TXT and built it’s own version and stored it into /etc/hosts – all was fine and dandy.

The HOSTS.TXT was maintained by a Network Information Centre and distributed by a single host. Any client would pick up a fresh copy every few days to see if any new hosts had been added to the network. Slowly there were problems as the network got bigger – here’s some of the biggies:

  • Traffic – the toll on the SRI-NIC (the computer which held the master copy of HOSTS.TXT) became unbearable. Network traffic and CPU utilization was overloading the host.
  • Name Collisions – No two hosts on a network can be the same. There was no system to enforce this uniqueness of host names – duplicates started to appear in the host list as it got bigger.
  • Consistency – making sure that everyone had the correct version of HOSTS.TXT became extremely difficult. Machines on the far edges of the network would take so long to get an update that it was

It didn’t work, name resolution started to cause havoc on the network as it grew, mailservers fell over as duplicates appeared. Hundreds of versions of the HOSTS.TXT file caused loads of issues and the reliability of the network plummeted.  A new system was needed and it was needed fast, that system was delivered by a chap called Paul Mockapetris.  He released two RFCs  – 882 and 883 which were the first definition of the Domain Name System – or as we mostly refer to it as DNS.    These RFCs have now been superceded many times as security, administration and implementation problems have been identified and rectified.

The Internet as we know it relies not on some huge text file but the Name resolution delivered by the Domain Name System.  DNS is simply a huge distributed database, local control of this data is allowed.   However this data is accessible across the whole network through a client/server set up.  Now this is where the history lesson finishes – I don’t want to start talking about Name Servers, resolvers or caching as you can find that stuff in other places.

Here on theninjaproxy.org we like our information is little more practical – so lets have a look at a little legacy of the HOSTS.TXT file that is used as a first step of resolution by Windows TCP/IP.

There’s the little fellow  – a text file called hosts which contains your computers first port of call in Name resolution before it uses methods like DNS for example.

It can be used to block or filters websites, hackers use it to infect clients with viruses and trojans by redirecting to nasty sites.  Also plenty of places still use it to make web based applications work properly or to redirect clients to specific computers.

It’s quite simple to use – here’s a brief illustration.  We are going to redirect a web site to a different place using the hosts file –

Let’s redirect our web surfer to somewhere pleasing to the eye – playboy.com.  First we find the IP address of the site by pinging it -216.18.172.158.   Next we need to make some simple modifications to our hosts file – you’ll usually need administration access to alter this file.


You can see we have added a line telling the computer that the site www.google.com can be found at the address 216.18.172.158 (oh no it can’t!).

Of course you’ve guessed what will happen when anyone tries to visit Google on this computer!

Sometimes doesn’t work as great on the bigger sites that rotate their IPs over lots of servers and you may have to clear your cache with CCleaner beforehand.  But you get the idea, another slight modification is that you can use the hosts file to block access to sites to.   Instead of redirecting a site to different IP address you can just redirect to your local computer using 127.0.0.1.

For example perhaps you are getting pissed about all the adverts that are served on websites from ad.doubleclick.net, simply add this line to your hosts file.

127.0.0.1     ad.doubleclick.net

This will have the effect of blocking access to that website (and blocking it’s adverts).  It’s a crude but reasonably effective way of blocking access to specific websites on a particular computer.  Many companies or schools use this method on public facing or ‘kiosk’ machines.

Unfortunately hackers also use this method too, viruses modify your hosts file to redirect your machine to malicious websites instead of popular sites like Facebook or similar.  So it’s always worth checking out your hosts file occasionally to see all is in order.