If you ask me, most school and corporate policies on network monitoring and filtering are totalitarian and excessively pervasive. The Right is so concerned with silly traditional values and keeping objectionable content away from their vanilla-bland offspring that most corporations, by default, coerce their system administrators to violate one of the core guarantees of the Internet.
A few weeks ago, three Chinese guys submitted a draft to the IETF. They proposed a laughable system in which each country controlled its own DNS namespace, so that each municipality had autonomy over the resolution of domain names for the sake of keeping up with the “fast development of the Internet” as if we had to split up the Internet into parts because it is getting too big. Read the draft if you’d like, for some good laughs.
Jokingly or not, the concept is the same at a smaller scale. It has already, to some extent, been made into reality.
For us millennials, web proxies will forever be part of our secondary school culture as long as the older generation maintains their foolish padded-playground ideologies. Unblocked web proxies were gems in primary school, like a covert gateway to all of the fun on the Internet. But as you get older, proxies start to take on different meanings and purposes.
From my experience with largely-useless Microsoft Certifications and linux server administration, I offer you this wisdom:
- The hub model of the Internet is a popular misconception because it’s taught in all kinds of introductory networking classes. The idea that information is sent from one computer to another until it reaches its destination originates from a more ancient time when there subnets and routing tables were much more relevant than they are today. Typically, your data packets now only traverse through your LAN, an ISP, and a hub before reaching its destination, or vice versa. Be wary, and know that it’s not as complex as they make it out to be.
- Traditional web proxies are grossly insecure. Some do not offer client-to-proxy authentication or encryption, so even if you do trust the proxy operator, there is the possibility of a man-in-the-middle attack. But if all you want to do is stream Tangled to your laptop at school, it is sufficient.
- More corporate-focused proxies manifest as virtual private networks. A dozen different technologies, mostly from Microsoft, exist to enable employees throughout the Internet to maintain an encrypted connection to a local area network, so they can access resources that are off-limits to the general public.
- Other modern protocols like OpenSSH are more easily accessible for non-Windows operating systems, and in my opinion, easier/cheaper to configure and maintain. You can tunnel traffic through an ssh stream, along with X windows and files. It will work for a personal internet proxy that’s probably more reliable and secure than any public web proxy, but a poorly-configured ssh server can open up vulnerabilities in your server. Beware.
- SOCKS5 and HTTP proxies can be easily set up on linux servers. The difference between these proxies and web proxies is significant. SOCKS5 and HTTP allow all kinds of communication to pass through, including flash and script-dependent requests, while web proxies generally rely on replacing url’s to even function. However, SOCKS5 and HTTP require you to change settings on the web browser, which may or may not be available to you.
As good practice, I use squid to run my own HTTP proxy on my home media server, as well as a SSH daemon for other purposes. That way, I’ll have them if I ever again need to deal with restrictive internet policies.