I was just now trying to see how the New Internationalist website might look from Canada, to test some GeoIP set up that we’re working on. So I used a trick that I mainly use when I’m browsing the interwebs from public WiFi networks. Given the emergence of tools like Firesheep, which allows h4x0rz to steal your unencrypted social networking sessions, I thought now might be a good time to remind/share this tip with you.
Prerequisites
You’ll want to get a shell account on a server in the country you want to browse from, beware not everyone lets traffic through their firewalls; paid accounts should. If you’re just interested in local privacy on a WiFi network then an account in your own country would do the job. You’ll also want ssh installed and a web browser; I use Iceweasel.
Proxy it up
The first step is to get an ssh SOCKS proxy set up. In your shell type: ssh -ND 8080 your_user@your.shell.server.example.com
. That wasn’t so hard, was it? You now have an encrypted proxy from your local host to your remote host to the interwebs running on port 8080. You'll be asked for your password on the remote host.
Make yer browser use it
OK, now you'll want your browser using the proxy. There are many browsers so some googling may be in order. In Iceweasel (hence probably firefox too) I can do this:
Edit | Preferences | Advanced | Network | Settings (Connection)
Manual Proxy Configuration
SOCKS Host: 127.0.0.1
Port: 8080
No Proxy For: localhost, 127.0.0.1
Now go to a GeoIP Lookup site and you whould see yourself browsing through the IP address of your shell server.
Caveats
- Doesn't pass your ICMP or DNS traffic over the proxy. Sniffers could figure out what sites you were visiting, for example.
- May be slower -- traffic has to go through another hop. Some shell providers are doing it on limited bandwidth.
- ISPs log stuff, don't rely on this for anonymity, tor would be better.
- Always read the label. Your house may go up as well as down. I am not a lawyer. Your mileage may vary. Pictures for illustrative purposes only …