PDA

View Full Version : What do you think of my new proxy app?




gwelmarten
Jan 28, 2011, 09:59 AM
Hi
I have spent the last couple of months developing a simple universal web browsing app for the iPad and iPhone that has an intergrated proxy for easy anonymous web browsing. Just wondering what people think of it and if anyone has any suggestions.

The URL for the free version is:
http://itunes.apple.com/us/app/anonymous-browser-free/id405056165?mt=8&ls=1

And if you should feel like upgrading to the full version, it can be found at:
http://itunes.apple.com/us/app/anonymous-browser-pro/id404612198?mt=8&ls=1

I really want some advice at what to put in future versions. I am only 17 years old and really want to make this idea useful to lots of people, and get it selling well to get some money coming in.

Thanks in advance for any advice.

Sam



Arnold Rimmer
Jan 29, 2011, 03:04 PM
Hey,

I've not tested your app yet, however I happily will with a little further information..

1. Are the proxies safe/secure?
2. Do the proxies hold my data or it is purged every few hours.
3. Who owns/hosts the proxies
4. How safe is the data traveling between me and the proxy and the proxy and the site I visit.

5. Are/is any data collected or monitored by the server/servers you are passing through (if I log into my bank how secure are my keystrokes cookies and sessions prior to logging in etc

6. Are these proxies vetted as safe secure, if so what measures are take. To ensure privacy..

The reason I ask these questions is that I only use proxies I know and trust usually ones set up by other friends around the world at there employment (we're sys admins)

Other than that I'll happily test it and review if for you if you can answer my security concerns.

gwelmarten
Jan 29, 2011, 03:21 PM
Hi
Thanks for your reply and offer. That would be great, as as I said, only been 17 means I have little really life experience with breaking through proxies.

The proxies as script files themselves are hosted on a variety of VPS's, all registered to me and me only. As there are a number of proxies (different ones for different versions of the app), they must be on different servers or else the server can't manage the huge amount of traffic I am getting (about 22GB a day on each VPS).

The VPS control panel and CPanel are both only accessed through https (SSL). I and only I know the passwords to get in and make changes. Changes are also made via FTP, however, the FTP server is only turned on when I am making changes, otherwise it is off.

The proxies hold no user data what-so-ever. The Caches are in group, sorted into 2 hour batches. At the two hour mark, the group that began 4 hours previously is deleted, ensuring that data is removed, whilst not interrupting a users browsing session or slowing them down (as requested pages obviously go through the server first).

As I previously said, I host the proxies on a number of VPS's that I own.

The data is extremely safe travelling between you and the proxy. When you request a URL, the proxy script running on your device encrypts it by an algorith (like HEX-2, though not actually HEX-2. I will not say which it is in a public place).
This scrambled URL is sent to the server which decrypts it. The server downloads the page to it's self. Then, it encrypts all the html by the same algorith and sends it back out to the user, whose device decrypts the html. This avoids any router based content filters. All browsing is also done through a SSL certificate, correctly installed, issued by GoDaddy.

There is no monitoring software on the server. There is a user counter code in a header displayed on every webpage, and adverting script. The user counter code does not collect visitors info (as the frame is proxified anyway in the PRO version). In the free version, the frame is not proxified, so user data can be collected from the user counter code (though it is set not to) and advertisers may collect there own info.

You seem to know what you are talking about on these subject matters. Could I have your opinion on something? The proxy start page (the page where the user enters their URL) is not accessed through any kind of a proxy. Do you think I should make the start page be accessed through a proxy right from the start?

Thanks in advance.

I can generate a free download code for the pro version if you wish and post it. Saves you buying it.

Sam

Arnold Rimmer
Jan 31, 2011, 04:43 PM
Hi Sam,

Thank you for your very detailed and elegant response.

As you can imagine, my main concern was to ensure proxy privacy to ensure if i connect to my bank, email etc that my details are secure.. Some devs "forget" to tell users exactly what data they are collecting, as a sys admin I am very open as to what data we collect on our users, very strike on what we allow them to do and very cautions with our own company and personal data.

I will happily test the app in a range of day to day activities that most users would probably use the app for and post my results for you as an app review :)

I think your understanding of what you are doing is excellent and I also believe that you are taking the correct approach by ensuring data is purged, encrypted and NOT collected for marketing or monitoring purposes. Doing so will only deter people from using the app. If you want loyal dedicated customers an open honest approach with the maximum level of protection and security for your customers is essential.

To answer your question, hmm.. That's a difficult one to give a generic answer to?

I would say it's beneficial to have the have the initial page NOT via proxy, the reason for this would be that it may/could/can cause problems for the user depending on the current setup of the network they are attached to.

As long as all further transactions are completed securely then i see that as being of no major issue..

However...

It could also be beneficial to allow this as an option and add a toggle switch in the settings for advanced users to decide for themselves. This is just and option but choice is better than dictation :)

Congratulations on your app and I look forward to using it in the field.

Best regards,

TBA~