Exclusive: Selecting a proxy vendor for cybersecurity

Gone are the days of visible intelligence threats. Today’s CEOs are prioritising cybersecurity as the top concern for corporate IT safety, allocating over 80% of their security budgets, personnel and overall strategies to guard against hacking threats and information breaches – and with good reason. As quickly as technology progresses to improve business operations, malicious actors adapt their capabilities to make cybersecurity a moving target. For executives strategising to protect their businesses, one reliable tool to improve overall security is the proxy server.

Proxies facilitate anonymous web access for research, testing and tracking purposes. By allowing businesses to hide their true locations and IP addresses, proxies can secure corporate infrastructures and conceal information about how the network is built or where its weaknesses lie. Especially relevant to security issues amid current lockdown measures, proxies can also be applied to protect residential locations and secure a distributed workforce. Proxy servers are a strong line of defence against fraudulent inquiries – unless your proxy provider itself is unethical.

If a proxy provider operates without an ethical rulebook, it can expose a business to substantial security threats. Here, I’ll dive into what makes a provider unethical and how business leaders can verify whether a proxy vendor can be trusted to secure against potential threats.

How a proxy provider can be unethical

At a high level, an unethical proxy vendor is one that fails to consider the privacy and safety of its customers. Free proxy servers, in particular, pose serious risks as they are typically lacking in the thorough oversight required to maintain their safety for use. The function of a proxy is simple; they act as a gateway between user web requests and the data each site returns, filtering out unwanted content and allowing users to browse anonymously or collect marketing data. Within that function lies the unseen threat posed by unethical proxies – shared access.

All users sharing access to a proxy with a malicious actor risk exposure to security threats and data breaches. Because such threats are undetectable by the client using the proxy service, it remains the provider’s responsibility to establish and adhere to an ethical privacy code to ensure the security of its users. For business leaders, the selection of a reputable and trustworthy proxy provider is vital.

An important factor in the ethical credibility of a proxy provider is the means by which it acquires the IP addresses for its network. An irresponsible vendor may source its IP addresses through fraudulent means, routing connections through personal devices or computers without informing those individuals that their devices are being used as proxy servers. Such vendors directly violate the rights of those peers, failing to obtain consent to use the IP addresses associated with their devices and neglecting to offer any compensation or benefit for doing so.

Another hallmark of the unethical proxy is nonadherence. A reputable vendor will abide by all relevant regulations, including General Data Protection Regulation (GDPR) guidelines. Whether a vendor can prove its compliance with GDPR standards is a reliable pulse check on whether that proxy service prioritises user rights and privacy and should be a key factor in any business leader’s selection process.

Identifying a reputable proxy service provider

For proxy providers, client trust is a formidable competitive advantage. Reputable vendors will typically tout their own ethical guidelines as a selling point, often advertising the security of their proxy services with a dedicated page on the website menu or in the footer. In cases where the company’s ethical guidelines are not clearly presented on the website, business leaders seeking to vet the provider’s compliance with security standards can request a copy of those guidelines from the vendor’s support team.

If a vendor declines to share its code of ethics guidelines, it may be an indicator that the company does not adhere to best practices for customer security. Similarly, trustworthy vendors will ensure that those guidelines also fall into compliance with GDPR safeguards to secure the identity, privacy and rights of its customers and peers.

Consent is key to the ethical operation of a proxy service. Often vast and composed of devices from around the world, a proxy service uses the personal gadgets that join its network as servers to reroute user traffic. An ethical vendor will obtain consent from each individual device owner before using that IP address to reroute request data, requiring each participant to agree to a clear set of terms. Embedded in the terms of partnership for peers within the proxy network should be tangible benefits. In exchange for the use of their device’s IP address, a reputable provider will offer its peers a specific benefit, such as access to a premium app or free features, to ensure the agreement is mutually beneficial.

Despite the benefits a proxy service may offer to its peers, a reputable vendor will allow those individuals to exit the network at will. Respect for individual rights is integral to the ethical code of a good proxy service. Just as peers should be afforded a choice about whether to opt into a proxy network, they must also retain the right to leave it with the knowledge that use of their device’s IP address will cease immediately.

An ethical provider will typically take practical measures to ensure that its peers, as a vital component of the network, feel comfortable and respected while their devices are being used by the proxy service. To implement considerate use of its network of IP addresses, vendors should abide by internal policies to prohibit the use of peer devices while they are actively in use or running on a low battery. An ethical vendor will reroute user traffic though a device only when it is completely idle, actively charging or at a sustainable battery life, to avoid inconveniencing the device owner with issues like sudden losses of power or slow connections. Ultimately, the most powerful indicator of a proxy provider’s ethical integrity is respect – for its peers, for digital privacy legislation and for the business leaders who place their complete trust in its services.

By Vladimir Fomenko, Infatica.io Founder and Director