Rethinking Proxies Security with ScraperAPI Zoltan Bettenbuk and Ian Williams

Published on: September 25, 2024
Roberto Popolizio Roberto Popolizio
Published on: September 25, 2024

Whatever you know about protecting your online privacy, cybercriminals probably know that too, and are already finding new ways to breach your defenses and steal your sensitive data.

It’s hard for everyday people like me and you to always be on top of threats, vulnerabilities, emerging trends, and overly complex cybersecurity concepts without going nuts. Not to mention the hidden truths no one talks about…

In this new interview series by Safety Detectives, I am talking to cybersecurity experts and business leaders who share untold truths and actionable insights from their experience that will help you be more aware and more effective in protecting your sensitive data while keeping your sanity.

My guests today are Zoltan Bettenbuk and Ian Williams from ScraperAPI, the web scraping solution chosen by 10,000 companies like Deloitte, SONY, Alibaba, and more.

Zoltán has a background in engineering and product management and has previously worked with multinational companies like LogMeIn and T-Systems. He also co-founded Fishbole, a cloud app for education, before focusing on Scraper API.

Ian Williams is the Head of Engineering at Scraper API and one of the original team members. He previously co-founded Evolution Media Technology, Primaltalk and 3DKarma.

Before we dive in, let’s get to know you a bit better. Can you share a bit about your background and what you do at ScraperAPI?

Zoli: Even though I wandered on management paths early on, I’m still an engineer at heart. I love building robust systems, and I love to apply the same principles to building a team or scaling a company. Our mission at ScraperAPI is to make public data truly accessible for everyone at any scale, so we built an empowered team with an unmatched tech stack to become the most trusted partner for companies that need data to power their business.

Ian: I’ve been working in software engineering for more years than I care to count, from one of the big 6 consulting firms to my own small start-ups and in a variety of industries, from finance through psychometrics. My real love is in the complexities of high-volume systems, which is what I get to play with at ScraperAPI. I’m the Head of Engineering, so I’m responsible for making sure that our customers are happy by keeping our success rates high and that we are continually at the forefront of scraping.

Can you briefly explain what proxies are and how they enhance online privacy? Are they Safe?

A proxy is a gateway to the internet, a middleman. A separate computer/server that acts on behalf of you when you’re browsing the internet. It may be used to enhance online privacy, but it only does so if configured properly and instructed to do so. When you open a web page, your web browser will request the page from a web server. A proxy sits in the middle between you and your browser and the web server.

Proxies (when used correctly) enhance your privacy by giving you a different IP address, making it more difficult to identify you and track your activity. This is because one of the things that identifies you on the internet is your IP address, which is a unique identifier without which you can’t use the internet, but also can be used to identify you personally and track the sites you visit.

Can you still be tracked through a proxy?

It depends 🙂

Different proxies come with different goals. A proxy that your internet service provider may require you to use (probably not anymore, it was more common in the past) usually doesn’t protect your privacy at all. Those are transparent proxies.

Non-transparent proxies are more private than transparent proxies, but you can still be tracked, if they are not properly configured to protect your privacy. That’s why we make sure that our proxies are properly configured, with no chance of revealing your identity. In fact, the proxies that we use at ScraperAPI are designed specifically for privacy and large-scale use, so they would never reveal your true identity as a user.

What are the most overlooked privacy threats that proxies protect against? Can you share any real-world examples?

Have you ever seen an ad that directly relates to something you’ve just been googling or seen on another website? That’s a prime example of IP profiling.

IP addresses are unique identifiers that internet-connected computers use to identify each other on the internet. When you browse the internet, the website that you visit gets to know the IP address of your computer, so it can start to create a profile about you:

  • What you did on their website
  • What you visited
  • What you liked
  • What you disliked
  • Your approximate location. It learns about your internet service provider and your country (but quite likely even down to the city level). This can be worrisome for some people.
  • Etc.

All that information is then sold to advertisers who use it to show you ads tailored to your interests, but it can also be misused for price discrimination, surveillance, stalking, DDoS, and other types of cyberattacks if it falls into the wrong hands.

What factors should people consider when choosing a proxy for privacy? How to know if a proxy is safe?

Testing for full privacy is quite difficult. Inexperienced users may visit some IP address checker websites, confirm that their true IP address is not revealed, and conclude that their proxy is safe. But that’s not the end of the story.

There are still a lot of aspects to consider and those are not easy to check. You’d need to check what HTTP headers your proxy forwards (or generates on its own) to ensure it doesn’t reveal your identity in any way. And then there is the TLS fingerprinting which is a super complex technique for the end user and quite hard to grasp.

Your entire tech stack (browser, operating system, computer hardware) may have a unique fingerprint that websites can still trace back to you – unless your proxy properly conceals them. You should definitely do your own research when selecting a proxy to make sure that it protects your privacy at multiple levels.

There are multiple layers to privacy and your IP address is just one of them.

In what scenarios should one choose a proxy over a VPN and vice versa?

It all depends on your needs. Proxies are historically used to route HTTP(s) traffic. It’s capable of doing a lot more than that, but it’s what they are commonly used for. So if you use a proxy on your computer, in certain scenarios your computer may still decide to connect to a peer on the internet without using the configured proxy. This may clearly be a privacy concern. But it can also be an advantage…

Using a proxy or a VPN as a gateway to the internet almost always slows down the connection (sometimes only by a bit, but sometimes quite noticeably). You can configure your computer to intentionally bypass the proxy on websites that you trust, or you can configure your computer to use different proxy servers for different websites (for example based on the geolocation of the website). This way you can always browse the web with the best performance.

VPNs on the other hand integrate with your operating system on a much lower level, as they typically provide you with a single IP address for the entire length of your session. Very difficult, nearly impossible for the home user to bypass them on a case-by-case basis, so once you connect to a VPN, all traffic goes through them, which may cause a permanent performance drop. However, this strictness of VPNs ensures the most safety for your privacy since your computer can’t bypass them – not even accidentally.

While proxies generally do the same thing, you can take additional steps to protect your privacy by using what’s called a rotating proxy. This type of proxy will route your network traffic through a different IP address for each network request made. That basically means that you get multiple different IP addresses instead of just one. This can make it harder to track your activity and invade your privacy.

Beware: one of the reasons to use a VPN is to prevent your ISP from tracking the websites you visit. Using a proxy, your ISP may still see those sites unless you use the right kind of proxy.

Your top tips for using proxies safely and effectively? What are some common mistakes to avoid?

Choose a proxy that fits the layers of privacy protection you need, or use a VPN if that fits better (but don’t forget to turn it on!). You can configure your browser or operating system to always use a proxy or VPN, or to use it if and when you choose.

Don’t try to build or source independent proxies on your own. That’s an endless rabbit hole with questionable outcomes. Always use a trusted vendor.

It’s also a good practice to use multiple proxies at the same time, either by signing up to a vendor that provides you with automatic IP address rotation as a feature, or by configuring your computer to use multiple proxies manually. Or use a VPN if that ticks all your boxes.

Lastly, what other tools and habits did you implement in your work and daily online life to protect yourself?

It should be common sense that whenever something is for free on the internet, you still pay, not with money but with your data. If you don’t like that, don’t use those sites, or use some strong privacy measures. But then be prepared that sites don’t like that and will fight back (remember Youtube’s anti-adblock changes?). Understandable, right?

It may sound weird, but I’m not worried about legitimate sites collecting data about me. That’s how they sustain their free services that we all love, like Google, Gmail, Facebook or WhatsApp. Plus, I actually prefer to get relevant ads over irrelevant ones.

Always stay away from sites that are too good to be true. You know, free ebooks, free TV series, etc. Those are extremely dangerous sites.

Never upload any photo or data to social media that you wouldn’t be okay sharing with the world.

Use strong passwords and two-factor authentication everywhere!

Make sure that you have anti-virus software installed on your PC and that it’s turned on! Windows comes with excellent virus-protection software, but it won’t do anything if you don’t make sure it’s activated.

How can our readers follow your work?

Zoli:

LinkedIn: https://www.linkedin.com/in/zoltanbettenbuk/

X: https://x.com/zbettenbuk

Ian:

LinkedIn: https://www.linkedin.com/in/iankwilliams/

About the Author
Roberto Popolizio
Published on: September 25, 2024

About the Author

With over 13 years of experience in managing digital publications, Roberto has coordinated over 5000 interviews with the biggest names in cybersecurity, AI, cloud technology, and SaaS. Using his knack for communications and a growing network of cybersecurity leaders, he provides newbies and experts alike with beyond-the-fluff online privacy tips, and insider perspectives on the ever-evolving tech world.

Leave a Comment