What exactly are the risks to using shady free proxies? I understand that if something is free, then you are the product, and that a big reason for using proxies is for privacy, and free proxies are not very good for your own privacy. My main interest with free proxies is having my bots avoid captchas. I know people really dislike questions that might seem dumb, but I really just want to learn. Thank you.
Worst case they harvest/sell your usernames and passwords, data and identity.
Other than harvesting everything sent unencrypted, they could inject their own content into pages you load. Normally this would be ads or trackers, but they could put in fake links to their own downloads or external domains disguised as if they were part of the original site. They could also attempt man-in-the-middle attacks on encrypted connections if you ignore certificate warnings.
There is also a risk that the proxies are being hosted on botnets / malware infected computers.
Everything that goes through the proxy is readable by the proxy.
That includes passwords. If you log into a site while using a shady free proxy, they will get your password.
My main interest with free proxies is having my bots avoid captchas.
Your bots are more likely to have to do captchas if you’re using a proxy.
Using shady free proxies can expose you to serious risks: data theft, malware injections, and having your activities logged/sold. Even for bots, these proxies are often unreliable, flagged by sites, or monitored by third parties—putting your operations at risk. I personally have for a long time used alertproxies and they have worked very well and they have unbelivably low prices compared to others.
Well, free proxies can steal your login credentials, inject malware into your traffic, and sell your browsing data. If you’re running bots, they might also steal your target site’s cookies/sessions. Better to pay for private proxies than risk your data getting compromised.
As long as everything is encrypted, nada.
Any unencrypted connection is a severe risk.
What exactly are the risks to unprotected sex with a shady partner ? If you’re risky have at it, otherwise add some layers of protection
They would see everything you sent and everything you received. If you’re cool with that and otherwise private, have fun.
Most proxies are able to intercept https and generate certificates on the fly in order to decrypt every https session. Even if the session is encrypted the proxy would be able to look at the content (usernames/passwords/etc)
But other that that, it’s cool, yeah?
Or inject malicious scripts into the traffic. Heard of a few ISPs who injected adverts straight into HTTP. Although these days not a concern anymore as 99.99% of web traffic is run through TLS.
That includes passwords. If you log into a site while using a shady free proxy, they will get your password.
You mean in a communication that SSL isn’t present, right?
Why is this the case?
They can still do that when you are running through a proxy,
Yes, and sites without HTTPS are pretty rare these days, thankfully.
Or other encryption standards for other protocols.
No. TLS ensures E2E encryption. You can’t inject code into an encrypted stream without breaking encryption.
“Hey proxy, use HTTPS to send these credentials to my bank’s login page…”