36
linuxxx
6y

Just wrote a (PHP based) proxy which can cache resources being requested and serve them to clients.

The idea is that (I'm going to write a firefox add-on for it too, yes) you can install the add-on and any resource (js/CSS, general web resources which would be downloaded off of googleapi's etc) hosted with Google would be proxied through the server running the proxy, meaning that one wouldn't have to connect to the mass surveillance networks directly anymore as for static resources.

I think checksum verify stuff would still work as the proxy is literally a proxy, the content will be identical to the 'real' resource. (Not sure about this one, enlighten me if this isn't true)

Input appreciated!

Comments
  • 2
    If the user base is small (in worst case one person) and the server has a static ip (which it propably has), doesn't this in fact deaunonymise one? Especially if the used browser and system are already very privacy friendly configured?
  • 7
    Doesn't decentraleyes already do such things?
  • 2
    @Benedikt was thinking about the same, proxies only anonymise you if they are very very busy
  • 5
    @epse Yup but I wanted to make something similar, simple as that :)
  • 5
    @Benedikt @epse Its not at all meant to anonymise a user, it just has to serve as a proxy inbetween users and mass surveillance networks.

    Not even sure if I'll release it as I don't know if this is entirely legal but I can at least use it myself.
  • 3
    So.. proxy Google services? With all due respect but things like login flow and email traffic and such is not something I'd like to entrust to a proxy, whether that's ran by someone I personally know (such as you), or someone I don't. It's too easy to snoop on it. And that's especially dangerous given that a Google account can be used to access more than half of most users' other accounts. For the purpose of privacy, just limit your exposure to Google to begin with. And for the purpose of IP forwarding, use a VPN. But I don't think that a proxy like this would be a solution, or even a good idea at all.
  • 1
    @Condor I'm not sure what you're misunderstanding by static resources? (Googleapis for example, this is just meant to serve up some of those pesky libraries delivered by google (and Facebook and others for that matter) cdn's.

    I definitely understand that you wouldn't trust any proxy with login stuff nope.
  • 1
    @Condor To clarify, while testing I used one of the fonts you can download through googleapis. (Also did some tests with cloudflare)
  • 1
    @Condor this would be a similar thing as the add-on Decemtraleyes. Just making sure that stuff hosted with cdn's will be proxied to local resources, in my case to a proxy ran by me.
  • 2
    @fylToo about:addons I thought... And yeah I hate chrome with a passion so Firefox it is.

    (although I do use Chromium sometimes)
  • 0
  • 1
    I’d be interested in it
  • 0
    Two questions:
    1) wouldn't varnish be better ressource/speed wise?
    2) wouldn't then all the api keys go through your proxy? Sure I trust you, but does every one?
  • 2
    @Wack Possibly, I've never worked with varnish and this does work right now. (My reasoning behind it)

    Would uploads and such be done through the same domains? (Again, this is just for static resources)
  • 0
    @linuxxx depends on what you mean by static ressource. Ex. The static google maps image or the google maps js sdk both require a token in the request url. If they are called from the frontend, then sure, anyone would see them anyway, however if they're called in the backend and processed/stored, then not neccessarily.
  • 2
    @Wack I'll give an example when home, good one, might need some advice on this!
  • 0
    Usually there's a lockdown on domain/ip you're allowed to call from, 8n this case this might actually be a problem as someone else could use my access through the same proxy, if I whitelist that proxy...

    Plus google et al probably mostly use js for "metrics" anyways
Add Comment