PenguinProxy is a free and easy to use proxy service. As a result, it is a good alternative to VPN services (not free), and self-hosted solutions (hard to use). In a previous blog post, we also described how, unlike other "free" proxy services, we do not sell or use your personal data. Instead, we use peer-to-peer routing to reduce our server costs.

However, this also means that some identifying information may be accessible to our servers and other PenguinProxy users. If absolute privacy is your priority, you may want to use Tor instead, or investigate self-hosted solutions such as Shadowsocks.

The following information is what PenguinProxy and other VPN services are
capable of storing if they decide to:

  • Your IP Address
  • Basically everything that is unencrypted (over HTTP)
  • The domain name that you connect to for HTTPS (eg. google.com:443)
  • The time and size of any data sent through the server

Of the above, PenguinProxy will keep track of how much data you send through its servers, tied to an anonymized identifier. This is to identify misbehaving users, such as those who attempt to use PenguinProxy without giving anything back. In addition, we keep temporary logs that look like this:

16fa884cce1b4172d0047f8cd612afe3eb11d467f38178173cac0929a1356a20 - - [2018-05-17 19:26:23] "CONNECT example.com:443 HTTP/1.1" 200 165 0.021938

This tells us that this particular user made an HTTPS request to some page hosted by example.com at 19:26 UTC which took 0.02 seconds to send 165 characters. We keep these logs for debugging purposes for up to two weeks, and plan to remove them when PenguinProxy becomes more stable.

alt text

Because PenguinProxy is peer-to-peer, the same information can also be retrieved by the PenguinProxy user who completes your request for you. In this way, using PenguinProxy is similar in privacy to using a publically available Wi-Fi hotspot. It should be noted that a single PenguinProxy user cannot acquire information for all your requests, only those that have been randomly assigned to them. As with public Wi-Fi, we recommend you browse with HTTPS Everywhere, and pay attention to any safety warnings from your browser.

At the same time, people who you complete a request for may also be able to figure out your IP address, which can be used to determine your relative location and ISP (internet service provider). It may also be concerning that your IP address might be used for unknown purposes by other PenguinProxy users. We mitigate this by limiting our protocol to HTTP (no onion websites) blocking known spam and malware websites (via a locally hosted Google Safebrowsing database), and algorithmically detecting and blocking malicious usage (such as DDOS attacks).

In short, PenguinProxy serves to hide your IP address from the website you are browsing, and the website you are browsing from your ISP. In order to do so, it redirects your request through other PenguinProxy users, who in the process may be able to access your IP address and other metadata for the requests sent through them. While not as private as Tor or a self-hosted VPN, these tradeoffs allow us to provide a free, fast, and reliable proxy service without serving ads or selling your data.

This post is up to date as of 2018-05-18