Proxy servers, how does that work?

I watch a film in which some high level government official’s child is kidnapped in Washington D.C. and the kidnapper calls to talk about his demands. Naturally every three-lettered agency in D.C. is listening in with an earpiece and the caller’s phone and location are being traced.

The operative instruction given is always: "Stay on the line keep him talking. Then finally the kidnapper hangs up and the techie reports: “Nope, I tracked it through 25 different proxies and 25 different countries. Untraceable”. I’m sure you’ve seen this same plot development scores of times.

So, how does this proxy thing work? Is it real or just stuff Hollywood makes up for an exciting plot twist to keep the action moving along?

  1. Do not need answer fast
  2. Not planning to kidnap anyone, just wondering.

You have put more thought into it than the screenwriters. However, there is a grain of truth in it, insofar that there is a science of traffic analysis that can potentially strip away anonymity by, well, analyzing the network traffic. Like if A sends a message every day at 4:45 a.m. and each time B receives a message of the same length shortly afterward, you might figure that A is talking to B, even though the messages were encrypted and sent through a proxy server. Conversely, if A and B deliberately take countermeasures to defeat traffic analysis then even the “three-lettered agencies” will need quite a few resources to defeat them, which is why they massively invest in computing power, signals intelligence, data storage, cryptological research, etc.

Some writers never really left the 1950s, as far as phones are concerned, and rely on tropes which worked passably well when all calls were completed by machinery physically clicking into place in ways which could be visually inspected by people going into the back-rooms of the Central Offices the call passed through. That was the essence of phone tracing; Three Days of the Condor (marked down from six) has a scene which involves it.

What does this correspond to in post-1980s technology? Absolutely nothing. Modern network connections don’t have full path information, just sender and recipient. If the data passes through a proxy, the original sender information is gone. It can’t be traced back to the real origin because there’s nothing to trace; it would be like tracing a letter that’s been removed from one envelope and put into another. So governments which want to trace a network connection which passed through a proxy would subpoena the records the organization which runs the proxy kept. What, they don’t keep records? Trail’s dead unless they find some other information. There are proxy systems which not only don’t keep records, but which also route data in a complex fashion such that individual systems within the network don’t see anything like the full path. TOR is one of them.

But TOR (or anything else halfway-realistic) would break the trope, and force writers to do the worst, ugliest, most despicable thing imaginable: come up with a new idea!

I wouldn’t quite say that. The switches are still monitored, same as ever. And, of course, all data is recorded. So the would-be kidnapper or human-rights activist has to start by masking their communications. A well designed proxy network will facilitate this, but in Hollywood all the agents have to do to trace you is type really fast while random computer code scrolls by.

We see this al the time in shows like NCIS. The computer whiz has a map on his screen showing tracks bouncing all over the globe. He then says *“Nope, I tracked it through 25 different proxies and 25 different countries. Untraceable”.*He will also make a comment about how highly skilled the other guy is to do that.

I realise that this show only has a tenuous relationship with reality, but as a one-time user of TOR, I can see that not only could he not track it, but that the other guy needs no more skill than the ability to download and use some simple software.

Some of the far-fetched stuff they did, like turning peoples’ phone cameras on remotely etc, has turned out to be not so far-fetched after all though.