ProxyMesh uses various security measures to protect your data, including encryption, firewalls, and access controls. We store information you provide to us on a computer system located in a controlled facility with limited access. Employees view your data only on a need-to-know basis.
Login and account pages can only be accessed over HTTPS. Eavesdroppers are prevented from extracting your password, and your data is always protected in transit.
We offer the option of two-factor authentication (2FA). When you enable 2FA, logging in to your account requires a secondary code from an app or mobile device.
Each time you log into your account, a different code/token is sent to your app or mobile device. You will be required to enter this secondary token to complete login.
Note: If you want to discontinue using 2FA, you will need to Contact Support to disable it.
For more information, see the blog article Securing Online Accounts with 2-Factor Authentication.
All passwords are salted and hashed using a secure hashing algorithm, so that your password cannot be read by anyone else. These measures provide a strong defense against brute-force attacks.
Brute-Force Login Protection
Both for the website and for the proxy servers, if someone tries to log into your account too many times in a row, failing each time, then their IP is automatically blocked for several hours.
Note: Your IP will also be blocked temporarily if you try to connect to a proxy server too many times without authentication.
We do not store any of your billing information. Instead, it is safely secured by trusted 3rd party services. For credit or debit card billing, we use Stripe. For non credit/debit card billing, we support PayPal subscriptions.
Unlike an open proxy, the ProxyMesh proxies can only be accessed by authenticated users. For the highest level of security, we recommend IP authentication so that your account credentials are never transmitted over the network.
The higher level plans support sub-accounts, usable as an alternative to your main account. If you are using username:password authentication, then using a sub-account can be a way to protect your main account credentials. Sub-accounts support the same security features as regular accounts:
- HTTPS account pages
- two-factor authentication option
- hashed passwords
Servers directly under control of the ProxyMesh system employ standard protocols to protect the security of data in transit. ProxyMesh does not store request bodies, and only stores request logs to monitor the performance and functionality of the proxy servers, and to bill your account based on usage. These logs are kept for no longer than 30 days, and are only accessible by authorized support staff.
HTTPS CONNECT Method
Using the HTTP
CONNECT method, the servers can securely proxy HTTPS/SSL connections between you and an HTTPS server. All communication between your client/browser and the secure site is encrypted; the proxy server's function is limited to moving the data back and forth, and does not even detect what method of request you are using. Most HTTP client libraries support the
CONNECT method for HTTPS requests over HTTP proxies.
Access to the ProxyMesh open proxy server is included free with every ProxyMesh account. Our proxy server can forward your requests to a list of known open proxies. Be aware that, because ProxyMesh does not control the open proxies, someone running an open proxy could potentially "snoop" on your data.