Open Web Proxies: analysis, threats and opportunities

Speaker : Diego Perrino
Date: 11/04/2018
Time: 2:00 pm - 3:00 pm
Location: Doctoral Training Center (EIT Digital)


Open web proxies promise anonymity and censorship circumvention at no cost. Several websites publish lists of free proxies organized by country, anonymity level, and performance. These lists index hundreds of thousand of hosts discovered via automated tools and crowd-sourcing. A complex free proxy ecosystem has been forming over the years, of which very little is known. In this talk we shed light on this ecosystem via a distributed measurement platform that leverages both active and passive measurements. Active measurements are carried out by an infrastructure we name ProxyTorrent that discover free proxies, assess their performance, and detect potential malicious activities. Passive measurements relate to proxy performance and usage in the wild are accomplished by means of a Chrome plugin named Ciao. ProxyTorrent has been running since January 2017, monitoring up to 200,000 free proxies. Ciao was launched in March 2017 and has thus far served roughly 3,000 users and generated 3 TB of traffic. Our analysis shows that less than 2% of the proxies announced on the Web indeed proxy traffic on behalf of users; further, only half of these proxies have decent performance and can be used reliably. Around 10% of the working proxies exhibit malicious behaviors, e.g., ads injection and TLS interception, and these proxies are also the ones providing the best performance. Through the analysis of more than 3 TB of proxied traffic, we show that web browsing is the primary user activity. Geo-blocking avoidance is not a prominent use-case, with the exception of proxies located in countries hosting popular geo-blocked content. In addition to those findings, Open Web proxies, and more generally open resources on the internet, provide several opportunities. We will discuss few use cases we are addressing and focus on one of them, i.e.  FreeLab: A Free Experimentation Platform. The key idea of FreeLab is that experiments run directly at its user machines, while traffic is relayed by free vantage points in the Internet (web and SOCKS proxies, and DNS resolvers).