Build your own Proxy with Linode: ntck.co/linode and you get a $100 Credit good for 60 days as a new user! Google is baking in proxies into their Chrome Browser. Known as their “IP Protection” feature, this will have users of Chrome go through a Google owned proxy for websites they access. 🚀 What We're Talking About: Google's Proxy Thing in Chrome: Yep, Google's mixing things up by adding a proxy right inside Chrome. Is this the future of browsing? Let's find out. Proxy vs. VPN: Heard of VPNs? Well, proxies are a bit different. We'll break down what's what and which you might wanna use. DIY Proxy Server? Yes, Please: Google's proxy sounds neat, but why not roll your own? I'll show you how to set up a personal proxy, and it's thanks to the awesome folks at Linode by Akamai. Some Geeky Concerns: Is Google's proxy all sunshine and rainbows? Eh, there might be some bumps. We'll chat about that. Setting Up Your Own Proxy Server: It's easier than you think, and I'll walk you through it step-by-step. Video Links --------------------------------------------------------- shadowsocks.org/ 🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy **Sponsored by Linode Cloud Computing from Akamai
:3 Google is slowly rolling out proxies to supposedly make it safe for users to use the internet. They're claiming that they might do it like Tor, with multiple nodes, so either CDN doesn't know what traffic is really happening. It sounds like even larger data harvesting, and bigger government overwatch. I use NordVPN sometimes, which is one of the little renaming VPNs remaining with supposed no-logs (Athena OS comes with Mullvad VPN, which is also very nice), and Tor sometimes (Tor is arguably safer since you go through nodes, but of course you have to be careful of nodes). Plus, I prefer Brave browser, and Firefox, which the founder left to make Brave for how bad Firefox has been getting, is better for ethical hacking with the built-in proxy system it has, unlike Chrome, that relies on your computer's settings, and Firefox has more ethical hacking tools, too. Brave has user profiles, whereas, Firefox, doesn't, amongst a lot of other better things with Brave. Tor and Brave are Firefox-based.
Google doesn't sell your data... They need that data to sell ads. If they sell your data anyone can sell ads using that data. So please tell me which data is sold by Google
Please spend 2 seconds and search google selling data.. There are countless legal cases currently against google, tons of articles around this.. You can't be serious with this comment. @@Flaggyt
Lived in Japan for almost a decade and loved every second of it. Coincidentally to this video I started building a Japanese travel app but couldn’t get Google map to pin my location in Japan for testing. This video was right on time in helping resolve the issue so thank you. Don’t leave Osaka without trying the takoyaki!
Is it true that Osaka takoyaki are softer and a bit 'soggier' than elsewhere? I've only ever been to Tokyo and the Takoyaki is crispy on the outside there :(
I wish more people understood this. The only reason they are baking this into chrome is to ensure they have no competition, it sure as hell isn't to keep you or your data private, just to make sure they get first dibs on the sale of it.
This still doesn't make you anonymous though. If you put a proxy in Japan, now big tech will build a profile on you based in Japan. You will only be anonymous if you keep rotating proxies consistently, so that you never appear as a single person, but an entire range of people.
Google only wants to protect your privacy to the extent you don't quit using their products and the government doesn't get mad. Luckily we have a little control over one and a lot of control over the other.
You sir are a scholar and a gentleman. You convinced me to dip my toes into Linux it always amazes me how learning something new opens one’s eyes to how much there is left to learn in this world.
and not conversant in basic TCP /IP protocls ... to get from your computer to any other computer your IP and the destination IP must be readable at each and every hop so the various DNS servers can route your information back and forth between every stop ... this information is NEVER ENCRYPTED ... because it is used to differentiate your request from everyone elses request ... making everything he said useless ... and yes even VPN's fail with this ...
@@kaboom-zf2blyes, the clue always has a connection to the one who planted it. Nothing is ever full proof. You just have to hope and pray they don't find you. 😨😳
Is this not a way for Google to monopolise on the useful tracking data available on the web? By poisoning/ pooling/ reducing the availability of data useful to other ad-providers and companies that use those data. If Chrome and Chromium-based browsers are used by the majority of internet users, they could push a centralised, Google-controlled solution for 'privacy' that reduces the perceived need of - and increases the resistance to - rolling your own solution. I suppose what I'm really asking is whether or not this step by Google will in some way be to their own detriment or benefit.
It's a way for Google to have your real IP, while depriving other service providers of that information. I'll stick with my $3 a month Surfshark VPN service. I trust Surfshark more than Google.
Yes, I can see Google agreeing with liberal elements of the government to keep you from seeing content against the agenda being promoted. And as someone else pointed out, unless you see it coming from a google domain, you shouldn't let these dangerous users see your content.
That's the hole point. They try to Stop other ad it's not the first try. Won't be the last. All I can say stop or limit the amount of Google products you use.
Opera has this entirely optional feature that you have to intentionally turn on for some time although they confusingly call it a "VPN" when it isn't really. Unless you opt for the premium version that can include a proper system VPN if you want one and go through the intentional steps to configure it. My main concern is that Google is going to turn this on by default and effectively force this on everyone, probably without proper consent and absolutely without the understanding by most users of what they are enabling. This is then going to have all sorts of knock on impact where general users not understanding what is going on are going to be contacting ISPs, Phone Network Providers or Websites when things aren't working when its something wrong with their Google account or a Google server or something similar. Also a number of antivirus type companies sell products like this and this could be seen as an anti-trust manipulation where Google are using their dominance in the browser market to impact the AV/IT Security market.
This is the reason we have anti-trust laws. Shit's blatantly trying to get rid of all competition. Have you seen the recent youtube and firefox situation with the whole ad-block thing? It's ridiculous.
@@Rayzermatic considering that Google seems to be the main source of income for Firefox, you can bet they'll try to pressure them to support their so called privacy proxy too at least as a default, as they already by default use Google's safe browsing services.
proxies are way easier to detect than just keeping deny lists from the ips/hostmasks of the ad servers lol i don't see how a proxy is better than a vpn here, nto even if YOU run it, let alone these motherfuckers lol
@@dutchdykefinger I run the proxy myself on my server with a 5950X and gigabit fiber internet, connecting to it with a Wireguard VPN. It's effectively a MITM for my http and https connections that applies the Adblock Plus Easylist. From my testing, it blocks TH-cam ads in Chrome with no extensions installed. A VPN typically filters at the DNS level which doesn't work for sites that serve ads from the same domain as content, like TH-cam.
Another way is to use Tailscale. Configure your VPS to be an exit node and you are ready. Bonus points: - Access to any device, even behind a firewall (SSH to home PC while away, forward local subnets to access other local devices that may not be able to run Tailscale ex NAS) - Better performance, since it's based on Wireguard which uses UDP instead of TCP - Ability to share devices to other people (ex. share your PC which runs a Minecraft server with a friend, instead of having it publicly available) - Peer-to-Peer encrypted connection between the devices (even the shared ones)
@Tim242You can instead host your own Tailscale network using Headscale, an open source project based on Tailscale, works like a charm. Have been using them for quite some time now, really good!
@@MaxშემიწყალეFor a dedicated WireGuard tunnel, you would need to use the WireGuard server to connect to device B from device A, using Tailscale/Headscale device A & B can communicate with each other directly, that too without opening any ports on either device; ultimately you get less latency and faster speeds. Moreover, you don't need to maintain WireGuard configs anymore, adding devices is just very easy as well.
So my understanding is ssh is already using encryption - the "secure" in secure shell. Hence an ssh tunnel would use ssh encryption as well. So why would traffic be not encrypted by the ssh tunnel alone?
@@sampatkalyan3103 wrote, _"if you are not paying them with anything they are not obliged to give you anything."_ Remuneration and obligation are so anti-Internet spirit. Not everything that's lawful is humane, moral, ethical, or even beneficial to all. As if money doesn't already govern so much of life, there was a time when 'free access' and 'open source' were driving forces. Not everything needs to be monetized. Rabid money hounds ruin so many things it's just pathetic.
3:51 here they're referring to the fact that one of the easiest ways to prevent DDoS attack is banning IPs, but with huge proxies in place where everybody passes through it wouldn't be feasible anymore (as if an attacker uses Google's proxies, the defendant can't just block the IP without also blocking every legitimate user)
I'd say it's more than likely they'll cooperate with cloudflare on that one to find some common ground since it's in the best interest of both of them. Also now that I think about it, it might actually split the load at least for the most simple HTTP-based attacks between google and cloudflare. I mean, just because they can't see the traffic(since it's a CONNECT proxy) doesn't mean they can't do pattern analysis on the broader traffic and limit/block/reject some traffic.
HTTPS over HTTPS proxy is encrypted for the proxy too, if the proxy is not working against you AND has the ability to sign SSL certificates for any domain according to your approved root certificates. That being said; Google could hide the fact they are decrypting all data, but it is not open by nature.
Since OP was also of the opinion that MiTM would be possible and feasible: I honestly wonder how Google would decrypt the content(apart from for their own sites) with PFS on most sites nowadays and mandatory SCT requirements in Chrome without anyone noticing when scrutiny over what they do is so high?
But you don't get any privacy benefit from running your own proxy because your proxy node has a public IP and unless it happens to be running other proxies, your traffic will be just as unique as if it were leaving your own home network, i.e. still trackable. The benefit of the public proxies is that your data is mixed with other users so the traffic can't be (easily) singled out to you.
Exactly. Also worthy of mention is Linode is now owned by Akamai which Microsoft has invested millions into. The logic in this video seems to defeat the purpose. Personally, it makes more sense to just use a non-google browser such as Firefox and a trustworthy vpn/proxy if internet anonymity is the intent. The reality here though is the internet isn't what it was from the early 2000's and prior, the internet of today, really, no one is truly privatized. It's all smoke and mirrors so companies can make a profit off of nativity and false premise.
@@terminalvelocity4858 What VPN do you recommend? Does the same stuff OP said apply to “creating” your own VPN as well (i’ve seen videos on it)? Is it better to do this stuff at the router level as well?
@@phr3ui559 TL;DR - Yes, you can do exactly all the same things as mentioned in this video and depending on your use-case, router level may be desirable and is supported with many router models and VPNs. The difference by using a paid VPN is you have access to multiple IP addresses and locations which is a lot better than running your own limiting you to a static ip and location which really is just an IP mask for your geo location. Over time, a static ip will become identifiable and defeats the privacy aspect. Creating your own vpn/proxy server not only costs the same or more as a paid vpn, but you have to do all the work and be responsible for maintaining everything. Personally, I think most of us have better things to do to just ensure we can connect to the Internet in a more privatized fashion. Personally, I would recommend Mullvad VPN. They don't limit the amount of devices you can connect or even ask for an email address. You can even pay in crypto if you want. No logs policy and all machines are ram disks (no data stored, whatsoever). They have apps for pc and mobile, or if you are tech savvy, you can even use just the config files on whatever device. They also use and recommend Wireguard which is one of the most secure and fast protocols for secure tunneling over the Internet. Last I checked monthly cost was only five bucks. Doesn't really get more affordable and private than this. If your use case is wanting a vpn for all devices on your network, then as long as your router supports it, that would be the easiest and most logical way to go. You simply upload the vpn config file to your router and connect it to the VPN and configure from there. Off the top of my head, a TPLink AXE5400 supports this, but so do many modern routers; just check the support manual for your preferred brand and needs. As for your browser, Firefox or a fork of Firefox called Librewolf (removes all telemetry, and more strict privacy policy). Neither are owned by big tech, open source, and best for privacy. To further privacy on top of all this, use 5 free simple extensions: - uBlock origin for adblock - Privacy Badger for tracker blocking. - Local CDN to emulate CDN's locally - Canvas Blocker to anonymize fingerprinting - HTTPS Everywhere to ensure HTTPs only connections (can also just enable builtin setting in Firefox/Librewolf) By use of the above methods, it's about as private and secure as you can get outside of more uncommon methods. Just remember, don't do malicious things on the Internet in the first place, and you have nothing to worry about, regardless of whether you use a VPN or not.
My recommendation would be to pay for a mullvad subscription using monero, as you can use the VPN without providing any information to the VPN provider that way. Unless you want to be as anonymous as possible on principal thou, you should think about from whom you are actually protecting yourself. Mass data collection is a big business model because of how easy it is, and if you just set your browser to delete cookies, don't log in into every possible website through Google and use a simple proxy that you change from time to time you will avoid almost all tracking. If on the other hand you are afraid that someone is specifically spying on you, or maybe even has authority to compel companies to assist them, you have to use methods that will slow down your traffic considerably, and cost you more money.
If all web traffic goes through Google, in addition to being able to watch and record everything, they can then also filter anything they (or their government/corporate masters) want.
Wooooow! I have NEVER fully understood proxies as a newer technician starting a couple years ago and you SERIOUSLY explained it so good it seemed so simple its crazy!😂 Thank you so much for your content!!!!🙏
:3 Google is slowly rolling out proxies to supposedly make it safe for users to use the internet. They're claiming that they might do it like Tor, with multiple nodes, so either CDN doesn't know what traffic is really happening. It sounds like even larger data harvesting, and bigger government overwatch. I use NordVPN sometimes, which is one of the little renaming VPNs remaining with supposed no-logs (Athena OS comes with Mullvad VPN, which is also very nice), and Tor sometimes (Tor is arguably safer since you go through nodes, but of course you have to be careful of nodes). Plus, I prefer Brave browser, and Firefox, which the founder left to make Brave for how bad Firefox has been getting, is better for ethical hacking with the built-in proxy system it has, unlike Chrome, that relies on your computer's settings, and Firefox has more ethical hacking tools, too. Brave has user profiles, whereas, Firefox, doesn't, amongst a lot of other better things with Brave. Tor and Brave are Firefox-based.
As an aspiring networking professional, your channel is my most watched on youtube. You've helped me learn how to set up my own home network, protect it, learn docker, docker networking and so much more. I truly feel like I have a leg up on some of my classmates at school because of the knowledge I've learned from this channel. I have issues with concentration, but the flow of your channel and videos grab my attention and focus. If you haven't already, you should consider teaching!
IMPORTANT NOTE: If you're using an alternative port for ssh to begin with (aka "best security practices") you must define that with -p and then the port number. Otherwise Windows will always attempt to connect via the default 22.If this is closed due to the use of "best practices" and instead you're using an alt port, define it as discussed earlier in my comment.
@@fernandoblazin The tutorial used Windows as an example. I was just providing assistance by offering additional information. Also, if you're going to pretend to be a snob on the internet, perhaps you'd like to learn capitalization and correct punctuation.
@@fernandoblazin All Operating Systems are imperfect. My comment on best practices actually apply to ALL operating systems as SSH is on port 22 by default everywhere; thus should be changed everywhere. You're complaining about an issue on Windows which is an issue across all platforms.
Since Indian banned VPN providers for cyber compliance, I like the option for proxy to India is still available for research locally on the web before travel.
Please also know that if you use Android's Rich Chat Services (RCS) you are tunneling all your SMS/MMS messages through Google's private networks. Your messages are opaque to the carrier, but NOT to Google.
You have became my favorite TH-cam channel. I love your insight, your outlook on everything, with all your wisdom and positivity makes it so inspiring and motivating. Thank you for your work!
Consider using squid. Configure an https proxy so it works out of the box, doesn't require any client app, no ssh client no socks client nothing. Great for mobile. I've been running squid for 4 years now and had been doing ssh tunnels for the decade before that :) I use it not for anonymity but mostly to prevent ISP from blocking stuff (torrent etc). The bad thing is that hosters' IP addresses are flagged, so on most websites you'll get Cloudflare's captcha if you're not outright blocked.
The google proxy seems pretty freaky, especially if they lean more into it. seems like a play to just make sure google is at the first hop of many people, with enough people on board they could make the play that google services only work on google proxy, forcing more people who depend on google to sign up and authenticate. theres plenty of other reasons too, but it seems to be for privacy and completely against it at the same time. yeikes. The security of the internet should never be the responsibility of a single company/service.
Hey Chuck, enabling proxy will utilise the bandwidth and data limits of linode you just created, so what is the minimum data transfers do they allow with lowest plan?
Rolling your own like this doesn't solve the identity tracking problem though - unless you are spinning up a new Proxy every day. Also, how would a second hop prevent the first proxy from knowing the destination address. Surely it needs that to pass to the second proxy?
As of my research of Google and their browser architecture, Google is doing a kind of microservice architecture around Chrome Client (offline/locally) and their Online-Services. So I assume they will most likely will have the same problem like the Case study from China where Google‘s Phishing Pages Filter failed totally by just using a weak PC at home. So as of my knowledge: Thank you so much for opening up for all of us this option! ❤
I will go the more sinister route and say this actually violates the internet ethics of an open internet. On one hand if done properly can make browsing more secure, on the other hand could signal to people who run servers to trust those lists of ips. Hence creating a more prioritized route. Along with their dominant share of their network as you pointed out, it will only further the monopoly type behavior on the internet.
Like CloudFlare sitting in front of more than 50% of websites, requiring me to run their shitty JavaScript to "MaKe SuRe ThE cOnNeCtIoN iS sEcUrE" sometimes even a CAPTCHA just to VIEW a page Hate these guys
@@counterleo Ya this is another type of behavior I am not fond of, although not as sinister as one may seem. I would say it is more gray area. Actually it's not about making your connection secure. It's main purpose is to prevent ddos attacks. The main downside is you have to give them your ssl cert.
@@AtherionGG Yep I know it’s DDOS protection, I think it’s the same kind of evil as Google, with just a different target (client vs server) and pretext (privacy vs ddos protection), but ultimately the same motive, become a world class middleman of Web traffic and do whatever analytics they feel like doing. The “checking connection is secure” thing is their own wording, while they run their JS to determine if you’re a bot or not and redirect you. If you access the web from an IP flagged as belonging to a hosting company, you will see that message a lot 😅 I may be a boomer but the idea of the Internet was decentralisation. Today it all tends to be very centralised, with single points of access (and failure). Screw that. I’ll never use Cloudflare. I’m also running my DNS zone myself, and my own SMTP server acting as MX for my domain even though I’m guilty of using gmail as a frontend for convenience (boo). At least if something goes wrong I can check my own bloody logs and usually fix it within minutes, vs. the hours or days needed talking to support teams of external providers.
I ran my own VPN out of my gaming desktop for a few years and had my cell phone connected to it. As you say its not that hard to do if you actually know how these things work internally (even if its kinda arcane to most people) Sadly the fixed IP forwarding service I was using dropped free service options and I was not able to keep it going. Thing about Googles services, or payed proxies/VPNs, is you are putting trust in whoever it is that is providing the service. You might be secure between you and them, but they have easy access if they want it.
Google can't MITM the traffic without creating certificate errors if the sites you are visiting use TLS. They also won't know the host name you are connecting to if the server is using ESNI. As for a DDOS attack, Google, CloudFlare, and AWS have all proven to be pretty resilient to these attacks because of the massive bandwidth they have available to them. Another note; the SOCKS proxy you set up at 9:50 will NOT encrypt UDP traffic. Because of this, most of the DNS look-ups and streaming services that rely on UDP traffic will not be tunneled and will be coming directly from your home's IP.
WRONG ... the base data packet will ALWAYS be not encrypted and contain your IP and the destination IP address ... and are freely viewable as this is how you get from your computer to the site you want to look at ... EVERY SINGLE HOP SEES YOU ...
@@TK_Raz some will see that root ca for certain sites are changed. But yeah for a targeted attack thats easy. Additionally they could just add theirs to chrome
So to supercharge this, if you have a Socks5 proxy and add tailscale/zerotier/twingate to the mix, then there you have a 2 hop proxy where the first hop connection is encrypted (and possibly the second one may also be if using shadowsocks)
I'm assuming Google will still have to comply with Communications Assistance for law Enforcement Act (CALEA) so they wil be able to figure out what you are doing.
The problem with proxies and VPNs and all those services that use a single shared IP address or a handful of IP addresses among lots of users is, as soon as one of those users get the IP blocked from some website or service, it blocks everyone else using that proxy or VPN IP address as well. On top of that, a lot of websites and services simply block all IP address pools that are assigned to services like VPNs and Proxies. Even renting your own VPS server with a dedicated IP usually doesn't work, because everyone can still see that the IP address that was assigned to your VPS, belongs to a pool of IP addresses that the VPS provider owns, so it still gets blocked when websites and services choose to block connections from those types of IP addresses.
Awesome tutorial @NetworkChuck. Your videos are easy to consume and learn new tech tricks. P.S. It's a bit funny situation about Google statements about privacy: they will protect your privacy, in order to sell your data themselves 😄
Love it!! Yes I have my own proxy, with vpn and just put my whole home network on its own wifi channel. I also like that I can monitor it all from my S23 Ultra.
Do this and you will likely be blocked by many sites as a lot of them block corporate IP addresses which services like Linode use. Good luck using streaming sites too.
@@swallowedinthesea11 Suggesting to do something does not overshadow what factually happens if you do something that really isn't a good idea in the first place. He's still human like the rest of us and does not exclude him from criticism just because of internet popularity. In the tech industry it is essential to share problematic approaches in the ecosystem, which absolutely is the case here and why I am sharing the issues with what he is suggesting that his 3.5+ million subscribers do here. If your hot take is all I am doing is putting Chuck down (which I'm not), then you are biased and very obviously missed the point entirely! Feel free to waste your time and money to do what he suggests here against what I've commented as problematic and prove my 30+ years in this industry wrong. I'll wait.
@@swallowedinthesea11This is a sponsored video from Linode. He gets paid, if as many of his 3,5 million subscribers as possible click thought and get the "free trial". If twisting the truth a bit and making his solution look better gives more clicks... well.. that's the game. He doesn't care about your privacy. He cares about clicks.
I'd like to set up my own proxy server on my own hardware however if I'm the only one using my own proxy server... Doesn't it kind of defeat the purpose? I don't want to really use somebody else's hosted proxy server on their own hardware.
Eh, honestly. You're just trading them tracking your residential IP.... to them tracking the IP of your VPS. Either way, it's still a stable-ish address. I daresay, it would be *more* stable then a residential IP, given that many ISPs use CGNAT for v4, and v6 has privacy extensions + many residential ISPs also do dynamic prefixes. Meanwhile most VPS services will have stable addresses for the lifetime of that instance. And I doubt many people will be uh... zealously recreating instances and reconfiguring networks/devices to the new IP (or using dns I guess). The way I see it, this wont protect you from tracking, unless you routinely rotate addresses on your VPS somehow. Though, sometimes the VPS companies can have way better routing then your ISP, so it *might* paradoxically, improve your internet experience.
This is just another power grab for a big tech conglomerate. What better way to collect user data than to funnel all traffic through a server they control? No thanks.
It's really the same with every other browser. Trusting Mozilla has become harder and harder given they talk a lot of smack and how privacy oriented they are and then do things that are questionable at best like integrating fakespot and then "suggesting" users to try it while hiding the privacy implications in a lengthy legal document instead of clearly saying that this has pretty big privacy implications for users who enable it.
Depending on the implementation, it could be made nearly impossible without talking to both servers. For example, Google's server can accept a connection from your IP, it will know who you are, but it can just forward the packets to a specific end-point, like cloudflare. It doesn't need to look at your packet because all packets go to cloudflare, so then that server can be assumed to "not know where the destination is" because that traffic could also be encrypted between yourself and cloudflare. Cloudflare however does need to know where you want to go, so it will open the packet and read the destination, but it will see google's servers as the source, not you, becuse that was the server that sent the packet. This way CF doesn't know who you are and Google doesn't know where the data is going.
2 items: Google IS one of ONLY a handful of companies that is trustworthy AND turning the feature flag on/off is so, So, SO simple. Best solution I've ever heard for a proxy. Great!!!
Really? This seems like a half baked response to Apples iCloud Private Relay that also includes DNS request and encryption they implemented into Safari years ago.
I love Google's data center videos where they show you how many layers of security there are protecting your data before they sell it off. Google: Wants to protect your privacy
Hey Chuck. I need to route all my traffic (TCP and UDP) from all apps on my PC not just chrome or firefox through linode. Can you make a video teaching how to setup a router at home to forward all traffic from your PC to the ssh tunnel on linode? This way you don't have to change the SOCKS configuration of any particular app and also the apps that don't even use the SOCKS configuration will happily send the packets through the tunnel unaware of it.
One important note: Google's Proxy only applies to 3rd party hosts. Meaning your real IP remains visible to the 1st party site you are visiting. It's only intended to limit cross site tracking. Same site tracking and abuse remains a thing.
Google could very EASILY do a MITM with TLS inspection even. They own a fully trusted Certificate Authority .... So the idea isn't far fetched at all ....
You said that unlike VPN, a proxy doesn't use encryption, which is true in general, but in the case of an SSH proxy. the SSH traffic is encrypted, meaning this proxy is using an encrypted connection, so depending on the bandwidth, the smallest possible VPS may slow you down considerably.
Hi! Great video it was so helpful. I do have a question thought, when u use the first method, do u have to repeat the steps several times as you log into your device, or is it a one time thing? Thank you!
I'd recommend specifying the bind_address with -D. (-D [bind_address:]port) From the man page: The bind_address of ``localhost'' indicates that the listening port be bound for local use only, while an empty address or `*' indicates that the port should be available from all interfaces. Which sounds like it binds to all interfaces by default. This would not be good. That way if you're connected to public network, you just exposed the SOCKS proxy to it. Not only does it allow people to use it freely for internet access, but it also allows access to LAN and localhost, which may be dangerous.
I find this extremely interesting and fascinating. This went a little fast and I need a little more schooling on this stuff to follow along at this speed. Great video. Subbed and liked.
How is them tracking your proxy IP that different to tracking your actual real IP? can't they just join the same information together against the proxy IP as your real one?
@NetworkChuck iam worried that setting up our own proxy will basicly be neccessary when google forces this. but to many unanswered questions here. 1) how does it affect ping 2) how do games react to this, potentialy triggering their DRM or locking themselfs? 3) -D statement compressed vs uncompressed why save bandwith? what is faster if you actualy want a low as possible reacting/ping time.
Build your own Proxy with Linode: ntck.co/linode and you get a $100 Credit good for 60 days as a new user!
Google is baking in proxies into their Chrome Browser. Known as their “IP Protection” feature, this will have users of Chrome go through a Google owned proxy for websites they access.
🚀 What We're Talking About:
Google's Proxy Thing in Chrome: Yep, Google's mixing things up by adding a proxy right inside Chrome. Is this the future of browsing? Let's find out.
Proxy vs. VPN: Heard of VPNs? Well, proxies are a bit different. We'll break down what's what and which you might wanna use.
DIY Proxy Server? Yes, Please: Google's proxy sounds neat, but why not roll your own? I'll show you how to set up a personal proxy, and it's thanks to the awesome folks at Linode by Akamai.
Some Geeky Concerns: Is Google's proxy all sunshine and rainbows? Eh, there might be some bumps. We'll chat about that.
Setting Up Your Own Proxy Server: It's easier than you think, and I'll walk you through it step-by-step.
Video Links ---------------------------------------------------------
shadowsocks.org/
🔥🔥Join the NetworkChuck Academy!: ntck.co/NCAcademy
**Sponsored by Linode Cloud Computing from Akamai
Gt xxx
Hi, thanks for posting. We would love a video about Monero for privacy
Love the furryforlife Easter egg lmao
password furryforlife LOL
Can you use vpn and proxy at the same time? Is it a redundancy to do that or extra layer of security?
I love Google's data center videos where they show you how many layers of security there are protecting your data before they sell it off.
No competition is good competition, lol.
They don't want outsiders to know how much data they gather and what they use it for.
:3 Google is slowly rolling out proxies to supposedly make it safe for users to use the internet. They're claiming that they might do it like Tor, with multiple nodes, so either CDN doesn't know what traffic is really happening. It sounds like even larger data harvesting, and bigger government overwatch.
I use NordVPN sometimes, which is one of the little renaming VPNs remaining with supposed no-logs (Athena OS comes with Mullvad VPN, which is also very nice), and Tor sometimes (Tor is arguably safer since you go through nodes, but of course you have to be careful of nodes).
Plus, I prefer Brave browser, and Firefox, which the founder left to make Brave for how bad Firefox has been getting, is better for ethical hacking with the built-in proxy system it has, unlike Chrome, that relies on your computer's settings, and Firefox has more ethical hacking tools, too. Brave has user profiles, whereas, Firefox, doesn't, amongst a lot of other better things with Brave. Tor and Brave are Firefox-based.
Google doesn't sell your data...
They need that data to sell ads. If they sell your data anyone can sell ads using that data.
So please tell me which data is sold by Google
Please spend 2 seconds and search google selling data.. There are countless legal cases currently against google, tons of articles around this.. You can't be serious with this comment. @@Flaggyt
Lived in Japan for almost a decade and loved every second of it. Coincidentally to this video I started building a Japanese travel app but couldn’t get Google map to pin my location in Japan for testing. This video was right on time in helping resolve the issue so thank you. Don’t leave Osaka without trying the takoyaki!
Is it true that Osaka takoyaki are softer and a bit 'soggier' than elsewhere?
I've only ever been to Tokyo and the Takoyaki is crispy on the outside there :(
@@Snakebloke I'm in Osaka right now for the second time, there is any difference between takoyaki
If Google is doing it, they are gaining something, period. If the product is free, YOU are the product!
Google? Libre? Private? lol!!!
why are you yelling everyone knows this
@@asiliria wdym
@@phr3ui559 funny to think Google always calls itself private, but it’s not fully libre
I wish more people understood this. The only reason they are baking this into chrome is to ensure they have no competition, it sure as hell isn't to keep you or your data private, just to make sure they get first dibs on the sale of it.
This still doesn't make you anonymous though.
If you put a proxy in Japan, now big tech will build a profile on you based in Japan.
You will only be anonymous if you keep rotating proxies consistently, so that you never appear as a single person, but an entire range of people.
Exactly! Now if you and a group of people all had shared proxies and a proxy roulette program... 👍
@@danielsligar787 exactly, different IPs, different online habits
They have many other methods to id you eg browser fingerprinting, extensions, window frame sizes etc.
Is there a difference between this and a VPN?
@@CuriousCattery vpn =encrypted proxy = not normally encrypted
Google: Wants to protect your privacy
Also Google: Collects and sells your data
They don't want to protect your privacy 😂
@@hansmuds6018 They want to protect your privacy from other data harvesters :)
Google only wants to protect your privacy to the extent you don't quit using their products and the government doesn't get mad. Luckily we have a little control over one and a lot of control over the other.
They want to protect your privacy so only they can abuse it. They don't want your ISP to get in on their action.
Linode: owned by Akamai
Also Linode: Millions invested into Akamai by Microsoft who collects and sells your data. 🤓
You sir are a scholar and a gentleman. You convinced me to dip my toes into Linux it always amazes me how learning something new opens one’s eyes to how much there is left to learn in this world.
@@dadigitechmanFedora
For Security Purposes - Kali Linux and Parrot OS 🦜 Security
and not conversant in basic TCP /IP protocls ... to get from your computer to any other computer your IP and the destination IP must be readable at each and every hop so the various DNS servers can route your information back and forth between every stop ... this information is NEVER ENCRYPTED ... because it is used to differentiate your request from everyone elses request ... making everything he said useless ... and yes even VPN's fail with this ...
@@dadigitechman I'd suggest LinuxMint or PopOS for a first
OMG bruh it's going out if my head
@@kaboom-zf2blyes, the clue always has a connection to the one who planted it. Nothing is ever full proof. You just have to hope and pray they don't find you. 😨😳
Worth mentioning that besides server charges, traffic through these services can generate extra costs
Really like your content, the way Nick edits your videos and the way you give out information- down to the point, no bs or long useless talks!
You can use a proxy as a limited ad block. There is a growing number of countries that do not allow ads to run during videos.
Especially in US embargoed countries
yes if i change my VPN location to Russia, no more youtube ads.
@@danwake4431 Or Albania
Is this not a way for Google to monopolise on the useful tracking data available on the web? By poisoning/ pooling/ reducing the availability of data useful to other ad-providers and companies that use those data. If Chrome and Chromium-based browsers are used by the majority of internet users, they could push a centralised, Google-controlled solution for 'privacy' that reduces the perceived need of - and increases the resistance to - rolling your own solution.
I suppose what I'm really asking is whether or not this step by Google will in some way be to their own detriment or benefit.
Now Google will have more chances to sell our information to third parties.
It's a way for Google to have your real IP, while depriving other service providers of that information. I'll stick with my $3 a month Surfshark VPN service. I trust Surfshark more than Google.
Yes, I can see Google agreeing with liberal elements of the government to keep you from seeing content against the agenda being promoted. And as someone else pointed out, unless you see it coming from a google domain, you shouldn't let these dangerous users see your content.
That's the hole point. They try to Stop other ad it's not the first try. Won't be the last. All I can say stop or limit the amount of Google products you use.
Opera has this entirely optional feature that you have to intentionally turn on for some time although they confusingly call it a "VPN" when it isn't really. Unless you opt for the premium version that can include a proper system VPN if you want one and go through the intentional steps to configure it. My main concern is that Google is going to turn this on by default and effectively force this on everyone, probably without proper consent and absolutely without the understanding by most users of what they are enabling. This is then going to have all sorts of knock on impact where general users not understanding what is going on are going to be contacting ISPs, Phone Network Providers or Websites when things aren't working when its something wrong with their Google account or a Google server or something similar. Also a number of antivirus type companies sell products like this and this could be seen as an anti-trust manipulation where Google are using their dominance in the browser market to impact the AV/IT Security market.
This is the reason we have anti-trust laws. Shit's blatantly trying to get rid of all competition. Have you seen the recent youtube and firefox situation with the whole ad-block thing? It's ridiculous.
Sounds like an EXCELLENT reason to STOP using chrome browser
@@Rayzermatic considering that Google seems to be the main source of income for Firefox, you can bet they'll try to pressure them to support their so called privacy proxy too at least as a default, as they already by default use Google's safe browsing services.
A next step would be an ad filtering proxy like Privoxy, so you can still block ads in Chrome after the MV3 transition next June.
proxies are way easier to detect than just keeping deny lists from the ips/hostmasks of the ad servers lol
i don't see how a proxy is better than a vpn here, nto even if YOU run it, let alone these motherfuckers lol
@@dutchdykefinger
I run the proxy myself on my server with a 5950X and gigabit fiber internet, connecting to it with a Wireguard VPN. It's effectively a MITM for my http and https connections that applies the Adblock Plus Easylist. From my testing, it blocks TH-cam ads in Chrome with no extensions installed. A VPN typically filters at the DNS level which doesn't work for sites that serve ads from the same domain as content, like TH-cam.
How does one set this up?
Another way is to use Tailscale. Configure your VPS to be an exit node and you are ready.
Bonus points:
- Access to any device, even behind a firewall (SSH to home PC while away, forward local subnets to access other local devices that may not be able to run Tailscale ex NAS)
- Better performance, since it's based on Wireguard which uses UDP instead of TCP
- Ability to share devices to other people (ex. share your PC which runs a Minecraft server with a friend, instead of having it publicly available)
- Peer-to-Peer encrypted connection between the devices (even the shared ones)
Why not just use Wireguard then?
@@MaxშემიწყალეTailscale iirc is just autoconfigured Wireguard? Pretty sure that’s what its supposed to be
@Tim242You can instead host your own Tailscale network using Headscale, an open source project based on Tailscale, works like a charm. Have been using them for quite some time now, really good!
@@MaxშემიწყალეFor a dedicated WireGuard tunnel, you would need to use the WireGuard server to connect to device B from device A, using Tailscale/Headscale device A & B can communicate with each other directly, that too without opening any ports on either device; ultimately you get less latency and faster speeds. Moreover, you don't need to maintain WireGuard configs anymore, adding devices is just very easy as well.
@Tim242 lol
So my understanding is ssh is already using encryption - the "secure" in secure shell. Hence an ssh tunnel would use ssh encryption as well. So why would traffic be not encrypted by the ssh tunnel alone?
Google wants to give you privacy, but bans me when I use an ad blocker on TH-cam so they can't have my data.
TH-cam is a video streaming service if you are not paying them with anything they are not obliged to give you anything. that means access to TH-cam.
@@sampatkalyan3103 wrote, _"if you are not paying them with anything they are not obliged to give you anything."_
Remuneration and obligation are so anti-Internet spirit. Not everything that's lawful is humane, moral, ethical, or even beneficial to all. As if money doesn't already govern so much of life, there was a time when 'free access' and 'open source' were driving forces. Not everything needs to be monetized.
Rabid money hounds ruin so many things it's just pathetic.
@@sampatkalyan3103we already pay them with our data when using a google account
just pay for yt premium then? freeloader
3:51 here they're referring to the fact that one of the easiest ways to prevent DDoS attack is banning IPs, but with huge proxies in place where everybody passes through it wouldn't be feasible anymore (as if an attacker uses Google's proxies, the defendant can't just block the IP without also blocking every legitimate user)
I'd say it's more than likely they'll cooperate with cloudflare on that one to find some common ground since it's in the best interest of both of them. Also now that I think about it, it might actually split the load at least for the most simple HTTP-based attacks between google and cloudflare. I mean, just because they can't see the traffic(since it's a CONNECT proxy) doesn't mean they can't do pattern analysis on the broader traffic and limit/block/reject some traffic.
HTTPS over HTTPS proxy is encrypted for the proxy too, if the proxy is not working against you AND has the ability to sign SSL certificates for any domain according to your approved root certificates.
That being said; Google could hide the fact they are decrypting all data, but it is not open by nature.
Since OP was also of the opinion that MiTM would be possible and feasible: I honestly wonder how Google would decrypt the content(apart from for their own sites) with PFS on most sites nowadays and mandatory SCT requirements in Chrome without anyone noticing when scrutiny over what they do is so high?
But you don't get any privacy benefit from running your own proxy because your proxy node has a public IP and unless it happens to be running other proxies, your traffic will be just as unique as if it were leaving your own home network, i.e. still trackable. The benefit of the public proxies is that your data is mixed with other users so the traffic can't be (easily) singled out to you.
Exactly. Also worthy of mention is Linode is now owned by Akamai which Microsoft has invested millions into. The logic in this video seems to defeat the purpose. Personally, it makes more sense to just use a non-google browser such as Firefox and a trustworthy vpn/proxy if internet anonymity is the intent. The reality here though is the internet isn't what it was from the early 2000's and prior, the internet of today, really, no one is truly privatized. It's all smoke and mirrors so companies can make a profit off of nativity and false premise.
@@terminalvelocity4858 What VPN do you recommend? Does the same stuff OP said apply to “creating” your own VPN as well (i’ve seen videos on it)? Is it better to do this stuff at the router level as well?
@@phr3ui559
TL;DR - Yes, you can do exactly all the same things as mentioned in this video and depending on your use-case, router level may be desirable and is supported with many router models and VPNs.
The difference by using a paid VPN is you have access to multiple IP addresses and locations which is a lot better than running your own limiting you to a static ip and location which really is just an IP mask for your geo location. Over time, a static ip will become identifiable and defeats the privacy aspect. Creating your own vpn/proxy server not only costs the same or more as a paid vpn, but you have to do all the work and be responsible for maintaining everything. Personally, I think most of us have better things to do to just ensure we can connect to the Internet in a more privatized fashion.
Personally, I would recommend Mullvad VPN. They don't limit the amount of devices you can connect or even ask for an email address. You can even pay in crypto if you want. No logs policy and all machines are ram disks (no data stored, whatsoever). They have apps for pc and mobile, or if you are tech savvy, you can even use just the config files on whatever device. They also use and recommend Wireguard which is one of the most secure and fast protocols for secure tunneling over the Internet. Last I checked monthly cost was only five bucks. Doesn't really get more affordable and private than this.
If your use case is wanting a vpn for all devices on your network, then as long as your router supports it, that would be the easiest and most logical way to go. You simply upload the vpn config file to your router and connect it to the VPN and configure from there. Off the top of my head, a TPLink AXE5400 supports this, but so do many modern routers; just check the support manual for your preferred brand and needs.
As for your browser, Firefox or a fork of Firefox called Librewolf (removes all telemetry, and more strict privacy policy). Neither are owned by big tech, open source, and best for privacy. To further privacy on top of all this, use 5 free simple extensions:
- uBlock origin for adblock
- Privacy Badger for tracker blocking.
- Local CDN to emulate CDN's locally
- Canvas Blocker to anonymize fingerprinting
- HTTPS Everywhere to ensure HTTPs only connections (can also just enable builtin setting in Firefox/Librewolf)
By use of the above methods, it's about as private and secure as you can get outside of more uncommon methods. Just remember, don't do malicious things on the Internet in the first place, and you have nothing to worry about, regardless of whether you use a VPN or not.
@@phr3ui559 try mullvad
My recommendation would be to pay for a mullvad subscription using monero, as you can use the VPN without providing any information to the VPN provider that way.
Unless you want to be as anonymous as possible on principal thou, you should think about from whom you are actually protecting yourself.
Mass data collection is a big business model because of how easy it is, and if you just set your browser to delete cookies, don't log in into every possible website through Google and use a simple proxy that you change from time to time you will avoid almost all tracking.
If on the other hand you are afraid that someone is specifically spying on you, or maybe even has authority to compel companies to assist them, you have to use methods that will slow down your traffic considerably, and cost you more money.
Mate, been watching your videos now for a while.
This had to be one of the best videos you have released.
Great to see your change of pace!
If all web traffic goes through Google, in addition to being able to watch and record everything, they can then also filter anything they (or their government/corporate masters) want.
@@wojtek-33 Well.... they can not filter so much above google search.... but with proxy they can do so much more.
@@saywhat524 Proxy does not negate HTTPS.
if your government doesn't want something, they already have an ISP and providers they can tell to do stuff, they really don't need google for that.
@@IzzyIkigai Google want metadata from the proxy for sure.
Wooooow! I have NEVER fully understood proxies as a newer technician starting a couple years ago and you SERIOUSLY explained it so good it seemed so simple its crazy!😂 Thank you so much for your content!!!!🙏
:3 Google is slowly rolling out proxies to supposedly make it safe for users to use the internet. They're claiming that they might do it like Tor, with multiple nodes, so either CDN doesn't know what traffic is really happening. It sounds like even larger data harvesting, and bigger government overwatch.
I use NordVPN sometimes, which is one of the little renaming VPNs remaining with supposed no-logs (Athena OS comes with Mullvad VPN, which is also very nice), and Tor sometimes (Tor is arguably safer since you go through nodes, but of course you have to be careful of nodes).
Plus, I prefer Brave browser, and Firefox, which the founder left to make Brave for how bad Firefox has been getting, is better for ethical hacking with the built-in proxy system it has, unlike Chrome, that relies on your computer's settings, and Firefox has more ethical hacking tools, too. Brave has user profiles, whereas, Firefox, doesn't, amongst a lot of other better things with Brave. Tor and Brave are Firefox-based.
As an aspiring networking professional, your channel is my most watched on youtube. You've helped me learn how to set up my own home network, protect it, learn docker, docker networking and so much more. I truly feel like I have a leg up on some of my classmates at school because of the knowledge I've learned from this channel.
I have issues with concentration, but the flow of your channel and videos grab my attention and focus. If you haven't already, you should consider teaching!
IMPORTANT NOTE: If you're using an alternative port for ssh to begin with (aka "best security practices") you must define that with -p and then the port number. Otherwise Windows will always attempt to connect via the default 22.If this is closed due to the use of "best practices" and instead you're using an alt port, define it as discussed earlier in my comment.
maybe don't use windows
@@fernandoblazin The tutorial used Windows as an example. I was just providing assistance by offering additional information. Also, if you're going to pretend to be a snob on the internet, perhaps you'd like to learn capitalization and correct punctuation.
@@Anon0nline its not about being a snob windows is known to be full of security holes so if privacy is of concern windows should be avoided
@@fernandoblazin All Operating Systems are imperfect. My comment on best practices actually apply to ALL operating systems as SSH is on port 22 by default everywhere; thus should be changed everywhere. You're complaining about an issue on Windows which is an issue across all platforms.
@@Anon0nline you no more secure using an alternative port as opposed to using the default port, security through obscurity was never more secure
Since Indian banned VPN providers for cyber compliance, I like the option for proxy to India is still available for research locally on the web before travel.
Please also know that if you use Android's Rich Chat Services (RCS) you are tunneling all your SMS/MMS messages through Google's private networks. Your messages are opaque to the carrier, but NOT to Google.
You have became my favorite TH-cam channel. I love your insight, your outlook on everything, with all your wisdom and positivity makes it so inspiring and motivating. Thank you for your work!
I’m a web proxy administrator by day - I’m surprised I haven’t set up a web proxy for my homelab and such yet. Looks like it’s time!
Consider using squid. Configure an https proxy so it works out of the box, doesn't require any client app, no ssh client no socks client nothing. Great for mobile. I've been running squid for 4 years now and had been doing ssh tunnels for the decade before that :) I use it not for anonymity but mostly to prevent ISP from blocking stuff (torrent etc). The bad thing is that hosters' IP addresses are flagged, so on most websites you'll get Cloudflare's captcha if you're not outright blocked.
I'm more suprised this is all you have to say after watching this video 🙈
The google proxy seems pretty freaky, especially if they lean more into it. seems like a play to just make sure google is at the first hop of many people, with enough people on board they could make the play that google services only work on google proxy, forcing more people who depend on google to sign up and authenticate. theres plenty of other reasons too, but it seems to be for privacy and completely against it at the same time. yeikes. The security of the internet should never be the responsibility of a single company/service.
using chrome as default web browser is a mistake
Not if that isn’t his main machine
I've learned more in 5 mins with this guy then any courses I have taken in school!
Hey Chuck, enabling proxy will utilise the bandwidth and data limits of linode you just created, so what is the minimum data transfers do they allow with lowest plan?
Chuck has mastered IT content. Whoever does the edits. Bravo!👏🏾
Rolling your own like this doesn't solve the identity tracking problem though - unless you are spinning up a new Proxy every day. Also, how would a second hop prevent the first proxy from knowing the destination address. Surely it needs that to pass to the second proxy?
For that second question.. Not 100% sure but if I had to guess I'd say that's what the CONNECT is for.
What about the bandwidth, for what I can tell its being hindered and will be limited to the linode's parameters when choosing the machine, right?
Amazing, finally good quality content. Keep it up man! Becoming your follower!
As of my research of Google and their browser architecture, Google is doing a kind of microservice architecture around Chrome Client (offline/locally) and their Online-Services.
So I assume they will most likely will have the same problem like the Case study from China where Google‘s Phishing Pages Filter failed totally by just using a weak PC at home.
So as of my knowledge: Thank you so much for opening up for all of us this option! ❤
I will go the more sinister route and say this actually violates the internet ethics of an open internet. On one hand if done properly can make browsing more secure, on the other hand could signal to people who run servers to trust those lists of ips. Hence creating a more prioritized route. Along with their dominant share of their network as you pointed out, it will only further the monopoly type behavior on the internet.
And there's probably more secret goals. (Still trying to figure out all the angles for their forced obsolescence of HTTP, for example .)
Like CloudFlare sitting in front of more than 50% of websites, requiring me to run their shitty JavaScript to "MaKe SuRe ThE cOnNeCtIoN iS sEcUrE" sometimes even a CAPTCHA just to VIEW a page
Hate these guys
@@counterleo Ya this is another type of behavior I am not fond of, although not as sinister as one may seem. I would say it is more gray area. Actually it's not about making your connection secure. It's main purpose is to prevent ddos attacks. The main downside is you have to give them your ssl cert.
@@AtherionGG Yep I know it’s DDOS protection, I think it’s the same kind of evil as Google, with just a different target (client vs server) and pretext (privacy vs ddos protection), but ultimately the same motive, become a world class middleman of Web traffic and do whatever analytics they feel like doing.
The “checking connection is secure” thing is their own wording, while they run their JS to determine if you’re a bot or not and redirect you. If you access the web from an IP flagged as belonging to a hosting company, you will see that message a lot 😅
I may be a boomer but the idea of the Internet was decentralisation. Today it all tends to be very centralised, with single points of access (and failure). Screw that. I’ll never use Cloudflare. I’m also running my DNS zone myself, and my own SMTP server acting as MX for my domain even though I’m guilty of using gmail as a frontend for convenience (boo). At least if something goes wrong I can check my own bloody logs and usually fix it within minutes, vs. the hours or days needed talking to support teams of external providers.
Criminals did it first....
I ran my own VPN out of my gaming desktop for a few years and had my cell phone connected to it. As you say its not that hard to do if you actually know how these things work internally (even if its kinda arcane to most people) Sadly the fixed IP forwarding service I was using dropped free service options and I was not able to keep it going.
Thing about Googles services, or payed proxies/VPNs, is you are putting trust in whoever it is that is providing the service. You might be secure between you and them, but they have easy access if they want it.
If you don't pay for a product (Google) YOU are the product!!! There is a reason they no longer use the slogan "Don't be Evil"....
When I see the words "Google" & " Privacy" 😂😅😂
i have used aws api gateways as proxies before. Works great
Google can't MITM the traffic without creating certificate errors if the sites you are visiting use TLS. They also won't know the host name you are connecting to if the server is using ESNI. As for a DDOS attack, Google, CloudFlare, and AWS have all proven to be pretty resilient to these attacks because of the massive bandwidth they have available to them. Another note; the SOCKS proxy you set up at 9:50 will NOT encrypt UDP traffic. Because of this, most of the DNS look-ups and streaming services that rely on UDP traffic will not be tunneled and will be coming directly from your home's IP.
SOCKS5 has support for UDP packets.
Screw CloudFlare. Making the Web ever more centralised. And you need JavaScript to access any basic website because of them.
WRONG ... the base data packet will ALWAYS be not encrypted and contain your IP and the destination IP address ... and are freely viewable as this is how you get from your computer to the site you want to look at ... EVERY SINGLE HOP SEES YOU ...
On the contrary, Google CAN successfully MITM traffic without creating any certificate errors. They own a trusted Root CA.
@@TK_Raz some will see that root ca for certain sites are changed. But yeah for a targeted attack thats easy. Additionally they could just add theirs to chrome
Please keep uploading more videos. I almost watched all your videos in your chanel and I love every single one of them Thank you for everything Chuck!
furry for life, huh??
I'm addicted to your videos, thank you very much. You and David are 🪨✨s in our field!!
Came here for this... was wondering if anyone else was on the slomo/pause for the IP etc.
So to supercharge this, if you have a Socks5 proxy and add tailscale/zerotier/twingate to the mix, then there you have a 2 hop proxy where the first hop connection is encrypted (and possibly the second one may also be if using shadowsocks)
How do you add them to the mix?
Get everyone hooked on our proxy, and in a year or 2, change the user agreement to collect that sweet data. -Google
Internet II
And how do you collect more data from an end-to-end encrypted data stream in the proxy vs just doing that in the browser?
I'm assuming Google will still have to comply with Communications Assistance for law Enforcement Act (CALEA) so they wil be able to figure out what you are doing.
Why on earth would the CEO of annoying ads offer a proxy?
So they can sell the premium.
The problem with proxies and VPNs and all those services that use a single shared IP address or a handful of IP addresses among lots of users is, as soon as one of those users get the IP blocked from some website or service, it blocks everyone else using that proxy or VPN IP address as well. On top of that, a lot of websites and services simply block all IP address pools that are assigned to services like VPNs and Proxies. Even renting your own VPS server with a dedicated IP usually doesn't work, because everyone can still see that the IP address that was assigned to your VPS, belongs to a pool of IP addresses that the VPS provider owns, so it still gets blocked when websites and services choose to block connections from those types of IP addresses.
Awesome tutorial @NetworkChuck. Your videos are easy to consume and learn new tech tricks.
P.S. It's a bit funny situation about Google statements about privacy: they will protect your privacy, in order to sell your data themselves
😄
Love it!! Yes I have my own proxy, with vpn and just put my whole home network on its own wifi channel. I also like that I can monitor it all from my S23 Ultra.
@NetworkChuck for this to work wouldn't you need to ensure that your proxy provider/hosting company isn't providing you with your own IP address?
Its the Datacenter Ip so there cant get your location but it is still only your own Trafik
@@ttonin33not necessarily? Many hosting/server packages may come with their own IP either as default or for a higher tier subscription.
Just fired up my proxy in NL! Bedankt! Enjoy your time in Japan!
Do this and you will likely be blocked by many sites as a lot of them block corporate IP addresses which services like Linode use. Good luck using streaming sites too.
Chuck has 3.5+ million subscribers so he knows what he's talking about! He's sharing his knowledge to help us! Why are you putting him down?
@@swallowedinthesea11 Suggesting to do something does not overshadow what factually happens if you do something that really isn't a good idea in the first place. He's still human like the rest of us and does not exclude him from criticism just because of internet popularity. In the tech industry it is essential to share problematic approaches in the ecosystem, which absolutely is the case here and why I am sharing the issues with what he is suggesting that his 3.5+ million subscribers do here. If your hot take is all I am doing is putting Chuck down (which I'm not), then you are biased and very obviously missed the point entirely! Feel free to waste your time and money to do what he suggests here against what I've commented as problematic and prove my 30+ years in this industry wrong. I'll wait.
@@swallowedinthesea11This is a sponsored video from Linode. He gets paid, if as many of his 3,5 million subscribers as possible click thought and get the "free trial". If twisting the truth a bit and making his solution look better gives more clicks... well.. that's the game. He doesn't care about your privacy. He cares about clicks.
The immediate and obvious question is "what does Google get from this?". When a service is free, you're the product, not the customer.
Stacey's mom got proxies goin on
I'd like to set up my own proxy server on my own hardware however if I'm the only one using my own proxy server... Doesn't it kind of defeat the purpose? I don't want to really use somebody else's hosted proxy server on their own hardware.
Eh, honestly. You're just trading them tracking your residential IP.... to them tracking the IP of your VPS.
Either way, it's still a stable-ish address. I daresay, it would be *more* stable then a residential IP, given that many ISPs use CGNAT for v4, and v6 has privacy extensions + many residential ISPs also do dynamic prefixes.
Meanwhile most VPS services will have stable addresses for the lifetime of that instance. And I doubt many people will be uh... zealously recreating instances and reconfiguring networks/devices to the new IP (or using dns I guess).
The way I see it, this wont protect you from tracking, unless you routinely rotate addresses on your VPS somehow.
Though, sometimes the VPS companies can have way better routing then your ISP, so it *might* paradoxically, improve your internet experience.
But it WILL give him clicks on the linode sponsorship/affiliate deal.
I need to watch this before TH-cam takes it down
This is just another power grab for a big tech conglomerate. What better way to collect user data than to funnel all traffic through a server they control? No thanks.
Love the bit where you checked if SSH was installed on the server you were SSH'd into.
...
...
If you don't want Google tracking everything you do. Don't use Chrome!
It's really the same with every other browser. Trusting Mozilla has become harder and harder given they talk a lot of smack and how privacy oriented they are and then do things that are questionable at best like integrating fakespot and then "suggesting" users to try it while hiding the privacy implications in a lengthy legal document instead of clearly saying that this has pretty big privacy implications for users who enable it.
Well, I am definitely going to give this one a go. Playlist, they will not know where I’m gonna go. Thanks. Thank you for the channel
Won’t two proxy hop still make the first proxy know where the destination address will be? Unless the traffic is encrypted?
Depending on the implementation, it could be made nearly impossible without talking to both servers. For example, Google's server can accept a connection from your IP, it will know who you are, but it can just forward the packets to a specific end-point, like cloudflare. It doesn't need to look at your packet because all packets go to cloudflare, so then that server can be assumed to "not know where the destination is" because that traffic could also be encrypted between yourself and cloudflare. Cloudflare however does need to know where you want to go, so it will open the packet and read the destination, but it will see google's servers as the source, not you, becuse that was the server that sent the packet. This way CF doesn't know who you are and Google doesn't know where the data is going.
2 items: Google IS one of ONLY a handful of companies that is trustworthy AND turning the feature flag on/off is so, So, SO simple. Best solution I've ever heard for a proxy. Great!!!
Really? This seems like a half baked response to Apples iCloud Private Relay that also includes DNS request and encryption they implemented into Safari years ago.
I trust Google as much as I trust our government or even China's government.
To be fair out of those three I think I trust the Chinese Government the most.
Will this proxy anonymise the hardware data embedded in the request? Because hardware data can be associated with you.
100% google is looking at that proxy data.
You could easily set up your own vpn in the same way. It's super simple. And it can be used with all the apps on the pc, not just browsers
I love Google's data center videos where they show you how many layers of security there are protecting your data before they sell it off. Google: Wants to protect your privacy
@NetworkChuck: Have fun in Japan. Nights are starting to get a little cold here, so be prepared.
Please dial down background music a bit so we can hear you clearly. Thank you for the awesome content.
Music was gone after 2 minutes, but the initial 2 were a bit hard to listen to the words.
I love you man! Keep us sharing more tricks like this.
Thank you and take my love.
Hey Chuck. I need to route all my traffic (TCP and UDP) from all apps on my PC not just chrome or firefox through linode. Can you make a video teaching how to setup a router at home to forward all traffic from your PC to the ssh tunnel on linode? This way you don't have to change the SOCKS configuration of any particular app and also the apps that don't even use the SOCKS configuration will happily send the packets through the tunnel unaware of it.
One important note: Google's Proxy only applies to 3rd party hosts. Meaning your real IP remains visible to the 1st party site you are visiting. It's only intended to limit cross site tracking. Same site tracking and abuse remains a thing.
you certainly already take care of that but, we see the shadows socks config password on few frames during the demo
love your content ! keep going !
Years ago I made my pc appear to be in France so I could buy a wav music file that was only as an mp3 in the UK.
I like your style, very informative and well spoken. Subscribed
'rate limit tokens per account' so at what point are they going to start charging us for extra tokens?
I love your videos and your enthusiasm. Can you please turn down the background music volume? Thank you, Chuck!
I don't trust Google telling by their aggressive moves to force us watch ads on TH-cam and slowing down Firefox artificially.
The first way is surprisingly simple,
Thanks!
Google could very EASILY do a MITM with TLS inspection even. They own a fully trusted Certificate Authority .... So the idea isn't far fetched at all ....
Then why are you here again?
@@partyfavors9238 Good question, why are you here?
going through proxy with cloud server itn't that would imply high cost on traffic through the cloud server?
This channel deserve 100 million and beyond of subscriber's
You said that unlike VPN, a proxy doesn't use encryption, which is true in general, but in the case of an SSH proxy. the SSH traffic is encrypted, meaning this proxy is using an encrypted connection, so depending on the bandwidth, the smallest possible VPS may slow you down considerably.
Would they try and rate limit you for no reason as well? Sounds annoying
14:17
Welcome to India Chuck!!❤
Have you done a video on the billion dollar lawsuit against Google for privacy violations concerning the incognito feature of the chrome browser?
3:05 i love how u r trying to say without actually getting counted as saying
Think I just got whiplash from all the sudden camera angle changes
Hi! Great video it was so helpful. I do have a question thought, when u use the first method, do u have to repeat the steps several times as you log into your device, or is it a one time thing?
Thank you!
I'd recommend specifying the bind_address with -D.
(-D [bind_address:]port)
From the man page:
The bind_address of ``localhost'' indicates that the listening port be bound for local use only, while an empty address or `*' indicates that the port should be available from all interfaces.
Which sounds like it binds to all interfaces by default. This would not be good. That way if you're connected to public network, you just exposed the SOCKS proxy to it. Not only does it allow people to use it freely for internet access, but it also allows access to LAN and localhost, which may be dangerous.
The proxy with the client...does that proxy all traffic or just web traffic?
I find this extremely interesting and fascinating. This went a little fast and I need a little more schooling on this stuff to follow along at this speed. Great video. Subbed and liked.
How is them tracking your proxy IP that different to tracking your actual real IP? can't they just join the same information together against the proxy IP as your real one?
@NetworkChuck
iam worried that setting up our own proxy will basicly be neccessary when google forces this.
but to many unanswered questions here.
1) how does it affect ping
2) how do games react to this, potentialy triggering their DRM or locking themselfs?
3) -D statement compressed vs uncompressed why save bandwith? what is faster if you actualy want a low as possible reacting/ping time.
Thanks so much Chuck, I am really looking forward to implementing a proxy like this for my network!
thank you so much , i will try this weekend , i always wanted to do this