Do proxies really provide anonymity?
Do web proxies really provide anonymity?
I mean, without someone asking for logs in a web proxy server for who/when connected, is it impossible to know who was behind that IP address?
I'm asking this because I heard somewhere that some technologies (like "flash") bypass personal IP information for requests or something like that.
(I'm a noob in server configuration and concepts like DNS and proxies. Thanks!)
No, just setting a proxy within your browser not make you anonymous.
Your browser and flash is likely to have cookies that will identify you.
If you wanted to be truly anonymous you would probably need to fire up a new browser from a livecd or in a VM, set the proxy, and then browse. To maintain your anonymity you must not login to any site that has your name.
You will probably also need to make sure the browser/OS you are using does not make DNS requests to a local DNS server. If you do not configure the proxy correctly your machine make make DNS requests for the sites you are visiting to the local network.
If the proxy you are using is not using SSL for transport your ISP or someone on the local network will still be able to see what you are doing. Even if they are using SSL your ISP will know you are contacting that proxy.
If the an evil person cannot get the logs from the proxy machine to get the logs. if they are able to monitor the incoming and outgoing traffic they still may able to identify you just by looking at the flows of data.
Something like TOR does the best job, but even with it you must be very careful that you set it up properly and that during your session you never reveal any information that would unmask you.
It depends on what you're trying to obscure and how it's configured. Proxies aren't meant to hide people; they're meant to cache data, and later they started scanning content to filter it or protect people on the inside from malware. Anonymous proxies act anonymously by promising to not give out or retain logs (you have to trust them on that) and anyone trying to trace where the request is coming from is stopped at that hop if the proxy strips data out of the request that is personally identifiable.
Basically, the proxy has to be configured specifically to strip out identifiable data.
If the request or post information has your ID or personal information or something like that embedded in it, then that kind of defeats the purpose too.
If the request has to get back to your computer somehow, there is definitely a trail that leads back to you. Just depends on how obscure it is to trace. Commercial anonymizers just promise to stonewall by purging logs and stripping data from the request (if you trust them), and networks like Tor obscure your request by bouncing it all over the place (more info on their website) to obscure it and make tracking extremely difficult.
If you run a proxy at home, it doesn't take a forensic expert to know that there's a very limited number of people that could be making web requests from that home network.
But if you were truly 100% hidden...how would the data get back to you?