* It's leaking a lot of information (Google Analytics and a few other domains are being connected to directly instead of going through proxy). This is probably the biggest thing to fix. Offering a "strip all scripts" option may help.
* Useragent is set to Go's default. Forwarding the user's user-agent or better yet, a stock browser useragent (Firefox or something) may be better
To be honest, I've never actually thought about peeing on my ISP.
But the single most enjoyable experience I've ever had peeing was at Martin's West in Redwood City.
They have an old-fashioned long tray shared urinal like we had in kindergarten, but thankfully I was there early and had the whole thing to myself. And they had just filled the entire tray with crushed ice!
If your aim is good, you can make any pattern you want. I tried for the Mandelbrot but only got a few spirals going. But man, was it fun!
What did you say your open source project does again?
As someone that has worked on a similar project before -- I should caution you that allowing POST requests and such can open up a lot more potential for abuse (comment spammers, web-mail spam, etc) so you should add some rate limiting per-visitor-IP/target-domain or something similar before implementing this.
right.. thanks for the heads up ! But since it's a self-hosted solution, it would be very easy to just circumvent the rate-limiting and use it for malicious purpose ?
Right, if your goal is privately hosted/accessible instances then it shouldn't be a problem. Just mentioning in case the goal is to offer it as a public service as it is at your main domain.
On Heroku, someone reported my site as being infected with malware that stole peoples Facebook passwords. Heroku took the site offline and notified me. I explained that it was just a web proxy and that there was no malware or stolen passwords. A week or two later they emailed me that I was correct, but they were going to keep my site offline and change their TOS to forbid proxy sites. (As far as I know they never did change their TOS, so GoPee should still be safe.)
On Nodejitsu, someone tweeted links to porn that went through my proxy, and they disabled the site thinking that I was using their service to host porn. The CEO told me that they'd turn it back on if I added user accounts and a way to ban users. But at that point, I had a newborn son and was in no mood to put a bunch of development work into making my anonymous proxy not-so-anonymous.
I think a slightly more practical approach would be to make an easily self-hosted web proxy with an accompanying Google Chrome (or other) extension that can rewrite all network requests.
A fully web-based proxy cannot accept connections as if it was an HTTP or SOCKS proxy. It has to use some hacks (typically using URL redirects) to route the traffic to you. Compatibility with JS/ajax-intensive web apps is quite tricky to achieve.
Glype [1] is an example of web proxy that provides rewriting and customizable plugins to improve compatibility with complex web apps. Not free software but comes with source code (PHP).
31 comments
[ 3.8 ms ] story [ 41.6 ms ] threadCan be self-hosted on Heroku, Red Hat OpenShift or any VPS / Cloud provider.
more details here http://madhurjain.github.io/gopee
* Doesn't support anything which requires sessions / cookies / logging in, yet
* Most AJAX requests don't work since the URLs are not rewritten
Don't stop working on it! This is a pretty great project.
I understand the deficiencies are major ones, but I am gonna continue working on it.
* It's leaking a lot of information (Google Analytics and a few other domains are being connected to directly instead of going through proxy). This is probably the biggest thing to fix. Offering a "strip all scripts" option may help.
* Useragent is set to Go's default. Forwarding the user's user-agent or better yet, a stock browser useragent (Firefox or something) may be better
SOME effort could be made to rewrite URLs found inside of Javascript but that might be a terrible idea in practice.
For anonymizing, stripping Javascript, Flash/plugin content would be essential I think.
But the single most enjoyable experience I've ever had peeing was at Martin's West in Redwood City.
They have an old-fashioned long tray shared urinal like we had in kindergarten, but thankfully I was there early and had the whole thing to myself. And they had just filled the entire tray with crushed ice!
If your aim is good, you can make any pattern you want. I tried for the Mandelbrot but only got a few spirals going. But man, was it fun!
What did you say your open source project does again?
https://github.com/aosmith/go-proxy
On Nodejitsu, someone tweeted links to porn that went through my proxy, and they disabled the site thinking that I was using their service to host porn. The CEO told me that they'd turn it back on if I added user accounts and a way to ban users. But at that point, I had a newborn son and was in no mood to put a bunch of development work into making my anonymous proxy not-so-anonymous.
So, right now, it's still offline. The source is at https://github.com/nfriedly/node-unblocker if anyone's interested.
Glype [1] is an example of web proxy that provides rewriting and customizable plugins to improve compatibility with complex web apps. Not free software but comes with source code (PHP).
[1] http://www.glype.com