Internet >
Security Issues > Anonymizers >
Anonymizer Limitations
Anonymizers protect your identity for normal
surfing, but have the following limitations:
- HTTPS. Anonymizers cannot process secure
protocols like "https:" since your browser needs
to directly access the site to maintain the secure encryption.
- Plugins. If
you access a site with an anonymizer that invokes a third-party plugin, then
you can't be assured that the program won't establish independent direct
connections from your computer to the remote site that are not anonymized.
Widely used, standard programs can usually
be trusted.
- Logs. All anonymizer sites claim that they don't keep a
log of your requests. Some sites, such as the Anonymizer, keep a
log of the addresses accessed, but don't keep a log of the connection
between accessed addresses and users logged in.
- Java. Any Java applications that
you access through an anonymizer will not be able to bypass the
Java security wall and access your
name, email address, or file
system. Some services have stated that Java security is not compromised "if you use the URL-based anonymizer",
but that it might be "if you use the anonymizer as a regular proxy".
- Active X. Presumably safe, authorized Active X applications
are certified with a certificate number. Active-X applications have
almost unlimited access to your computer system, and once downloaded
by a website they bypass the anonymizer completely. They can access
and reveal your name and
email address,
and can access
your
file system to perform file creations, reads, and deletions. Your
only protection with Active-X is traceability -- if a program maliciously
causes damage to your system you can track the author down through
the certificate registration system.
- JavaScript. Under most
browsers the JavaScript scripting language should be secure
and cannot reveal data or perform destructive
acts to your computer system. Some services such as the Anonymizer
state that there may be a security problem "if you use the URL-based
anonymizer, so the URL-based anonymizer disables all JavaScript",
and that "If you use the anonymizer as a regular proxy, then JavaScript
is safe and is left enabled."
|