GetParentalControls.org

Two interesting developments in battle of proxies, the web URL or software used to circumvent filtering software.  First, filtering vendor Bloxx released a new survey of both business and education IT admins:

 Are you concerned that Anonymous Proxies may pose a security threat to your network?
The majority of respondents from both sectors agree that anonymizers pose a security threat to their organsationand network but it seems the issue is more prevalent in education: 64% agreed that they posed a security threat. IT teams in the private sector are aware that they could cause trouble – 46% said they may pose a security threat but many don’t see them as much of a problem yet as they don’t think that many employees are aware of them. However, 12% of private sector respondents were unsure if they posed a threat indicating that there may be a lack of knowledge within some parts of this sector of the use of proxies for filter avoidance.

What impact are Anonymous Proxies having in your establishment?
Further evidence for this point is indicated by the data on the impact anonymizers are having on the organisation. Again, they are much more of an issue in education than the private sector; 49% in the private sector said that, at the moment, they weren’t a problem, whereas in education 90% of users agree that they are a problem to some degree. Education IT Teams agreed that 33% thought it was a serious problem, spending a fair bit of time keeping it under control and 3% claimed it’s a major problem; they spend excessive mounts of time keeping it under control, compared to 4% and 1% respectively in the private sector. 

This comports with the other things I’ve read: that proxies are only  a real problem in eductational settings.  Still, just 3% of education IT admins call it a “major problem.”  How many kids in schools are using proxies?  We only have one survey from I-Safe in 2006:

Males in grades 5-12 are more likely than females to have circumvented Internet filtering software intended to prevent them from viewing objectionable sites (22% vs. 16%).

 You have to pay to get the full survey from I-Safe, but this appears to be “ever/never”, so we don’t how often these kids use proxies, if they get caught, etc. My understanding from school IT admins is they find out about proxies by scanning the access logs, then shut them down and discipline the offenders.

 So what’s the business plan for the companies that make proxies?  It appears to be behavioral targeting, according to the Berkman Center blog:

Three of the circumvention tools – DynaWeb FreeGate, GPass, and FirePhoenix – used most widely to get around China’s Great Firewall are tracking and selling the individual web browsing histories of their users. Data about aggregate usage of users of the tools is published freely. You can see, for example, that the three sites most visited by users of these circumvention tools are live.com, google.com, and secretchina.com. Aggregate data like this is a terrific resource for those of us interested in researching circumvention tool usage, and not much of a privacy risk for the circumventing users if it is only stored (as well as displayed) in the aggregate.

It’s hard to state how dangerous this practice is. These tools are acting as virtual ISPs for millions of users. All circumvention tools work by proxying the data of their users through some third machine, so all circumventing traffic is going through that third party machine. Selling the browsing histories of those users is like an ISP selling the browsing histories of its users, which is a big step beyond what companies like NebuAd and Phorm were / are trying to do. NebuAd and Phorm are at least adding a variety of pseudonymity and privacy layers to their tracking, whereas dynaweb et al. are evidently directly storing (and selling) the full, individually identifiable browsing histories of their users.