Wednesday, 16 March, 2005
I'm still not sure if my increased Web traffic is from real people visiting the site or if it's from referral log spammers. My referral logs show huge numbers of links from poker, porn, and prescription sites (the "three Ps?"), but the distribution of pages visited hasn't changed much.
I've mentioned before the possibility of a browser exploit that would spoof the HTTP_REFERRER field. This doesn't have to be done with a browser exploit. All you need is a proxy. There are many Web pages that suggest users access the Internet through anonymous proxies. These proxies can block cookies, advertisements, popups and other spam, and also prevent Web sites from gathering referral information, operating system and browser statistics, and other such data that the browser can send. That's all to the good.
However, going through an anonymous proxy doesn't really make you anonymous. It just makes you anonymous to the Web sites that you visit. The proxy service that you go through can easily keep track of all the information that passes through it. It can track your entire browsing session: the sites you visit, the order in which you visit them, how long you spend at each site, and even any information that you provide to the site in the clear. This includes cookies, and passwords that you enter on non-secure sites like Yahoo Mail and other Web mail sites. This is in addition to the browser and operating system statistics that all Web sites can capture.
By using an anonymous proxy, you preventing the majority of Web sites from learning anything about you, but giving a single site (the proxy) the ability to know everything about you. Now I don't know about you, but I'm not real comfortable with that idea. It's bad enough that somebody at my ISP could, if he wanted, sniff my traffic. I trust them just because I have to. It's another thing entirely to trust a free anonymizer service that I know absolutely nothing about. If you're contemplating using one of these services, I suggest that you investigate it thoroughly before you subscribe.
The other thing that an anonymous proxy could do is sell referral log placement. Since a lot of Web traffic goes through the proxy, and the proxy is going to blank the real HTTP_REFERRER field, there's nothing stopping it from putting whatever the operator wants in that field.
Since I don't have access to the raw Web logs for my site, I don't have enough information to determine if this is really happening. If you search the Web for "anonymous proxy", you'll find a long list of sites that provide "anonymous" browsing services. Some are probably legitimate, but I suspect that many are not.