JAP Anon Proxy
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: JAP Anon Proxy

  1. #1
    Senior Member
    Join Date
    Feb 2002
    Posts
    130

    JAP Anon Proxy

    Hi all,
    Just thought that this looked like an interesting way to surf anonymously. I know there are a lot of prgrams out there but this one seems to encrypt the request and it looks like they actually have their own servers (rather than just using poorly configured servers on the net). Anyway, see what you think JAP Anon Proxy

  2. #2
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535
    Looks good.
    All it needs is a nice tray icon, so it don't clutter my task bar..

    I'm testing it right now..

    Perhaps I'll review it (more indept) in a week or so..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  3. #3
    It's a gas!
    Join Date
    Jul 2002
    Posts
    699
    Yeah looks like a nice find!
    No net access at the mo so ill give it a go next week to see how it fairs compared with my current proxy!

    Thanks for the link

    Cheers

    r3b00+

  4. #4
    Senior Member
    Join Date
    Aug 2001
    Posts
    100
    fine (if you have java installed...)
    i'll download and test, thanks for the link
    by the way what about multripoxy?
    get it at: www.multiproxy.org also not bad...
    \"Knowledge is the Real Power\"

  5. #5
    Senior Member
    Join Date
    Feb 2002
    Posts
    130
    Sorry, forgot to mention you need java installed, multiproxy is fine, but I think you have to use your own proxy list (which if you find them on the Net are probably just insecure servers that are probably not strictly speaking legal to use). JAP Anon Proxy also encrypts data, I don't think multiproxy does, well at least I could not get it to

  6. #6
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    UKnetSec.. wow.. thanks.. this is a damn good find.. and a open community project.. as they would like to branch out as well..
    We are looking for partners–ISPs, IT security companies, networking companies, privacy commissioners–who are willing to operate a Mix and would like to support the idea of providing a world wide anonymity service. We are open to partners who want to discuss commercialization of our service.

    The client program (JAP) is running on the Java platform. JAP works on all major platforms, for instance Windows, Macintosh, Linux, Solaris etc. The Mix-servers are written in C++ and work on many different platforms including Windows NT, Linux, Solaris, Irix and other Unix-like operating systems.

    JAP and Mixes are Open-Source software. Everyone may inspect it and make sure, that the software provides the expected functionality and does not have hidden trapdoors.

    and quite true.. and their encryption with their use of "mixes" looks like it very well could be the most secure setup that i've seen. the only downfall could be bottlenecks in the amount of traffic goint thru.. but if more partners were to join and give it more bandwidth, it could only get better.

    How it works
    JAP acts as a local proxy between the browser and the insecure Internet. All requests for web pages are handled by JAP and are encrypted several times. The encrypted messages are sent through a chain of intermediate servers (named Mixes by the inventor of the theoretical background, David Chaum) to the final destination on the Internet.

    Multiple layers of encryption protect all messages. A Mix collects messages in a batch, totally changes their appearance (removes one layer of encryption) and forwards them all at the same time, but in a different order. An adversary may observe all communication links, however he cannot determine a relation between incoming and outgoing packets. A surfer remains anonymous within the group of all users of the service.
    I like this part the best.. from their FAQ's http://anon.inf.tu-dresden.de/help/FAQ_en.html
    Is it possible to retrace a JAP anonymized connection if a judicial decree is enacted ?
    The legislator forces providers of telecommunication services to make log files available to the respective authorities in case of a persecution. But the legislator does not force anybody to create log files with user-related data that is not necessary for providing a service.

    A retrospective tracing is almost impossible. If any authority wants to uncover a connection retrospectively, it has to observe and record all incoming and outgoing data streams of all mix-servers and this data will have to be deanonymized by every single mix-server-provider. Proceeding this way would be useful only as long as the public keys of the mix-servers are valid. After replacing the old keys even the mix-server-operator is unable to decode the old data because the old private keys are deleted. In the current state this is not yet implemented. How often the public key is changed, depends on the mix-operator. In the final state it will possibly be done every few hours.

    An observation online, i.e. an authority wants to deanonymize a connection immediately, requires a judicial decree to make every mix deanonymize a particular message immediately. For that purpose the first mix has to assign a particular input to the output of the concerning channel and has to log this information to tell the second mix which input to uncover and so on. Logging of all input-/output relations of all mixes is probably in disacordance to data protection laws.

    Couldn't the anonymizing service be misused to control people by the government for instance ?
    In contrast to common anonymizing proxy servers, JAP also provides anonymity and protection from observation against the operator of a mix-server. Therefore every observation of users, even by the government, will be made more difficult by the use of JAP.

    The very easy to use (without installing any software) web based anonymizing proxie servers should be used very carefully. Especially when its provider is unknown. He could observe all your connections. In fact there have been anonymizing services with the primary purpose of collecting data about their users.
    and here's a tidbit of info from the bottom of this page http://anon.inf.tu-dresden.de/help/meter_en.html
    The more users are active and send or receive messages, the larger is the anonymity group. Every single message sent to the web is anonymous within this anonymity group. Assuming that the attacker controls a certain number of users or simulates apparent users, his difficulties with controlling all users but one increase with the growth of the anonymity group.

    In future versions, the protection will be increased by a new registration procedure. The users register at the mixes by so-called tickets, i.e. digital permissions given to pseudonyms by use of so-called blind digital signatures.
    again.. UKnetSec.. thanks a lot .. quite a few folks I know will be interested in this.

  7. #7
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535
    Thanks indeed,

    I read some nice articles about the mixmaster remailer system wich this proxy is based on..
    http://www.geocities.com/CapitolHill/2358/mixmaste.htm
    http://nerxs.com/txt/mixmaster-faq.txt

    I tested some stuff out by surfing to cgi's on my own server.. the traceroute got me to the TU in Dresden Germany, allright !!

    and nmap showed me this..

    Code:
    Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
    Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
    All 1601 scanned ports on proxy2.anon-online.org (141.76.1.122) are: filtered
    Too many fingerprints match this host for me to give an accurate OS guess
    
    Nmap run completed -- 1 IP address (1 host up) scanned in 477 seconds
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  8. #8
    Senior Member
    Join Date
    Feb 2002
    Posts
    130
    sumdumguy : Glad you find it useful, I have been using it on my home machine and although the bottlenecks are evident sometimes, I find 90% of the time the slowdown on web surfing is not more than a second or so ... and I can be anonymous (well at least more anonymous). Just got to remeber to turn off most of the active content on my browser cause I think people can get your info by using that too. I found the link to the site in a magazine I was reading, its here if you are interested http://www.livepublishing.co.uk/content/pcextreme.shtml the february isssue is the one that contained it, which is the one that is being shown at the moment.

  9. #9
    Senior Member
    Join Date
    Nov 2002
    Posts
    339
    this is a great proxy, however i am now faced with the problem of when i do a google search every thing is in german, and i know i installed the english version but google is in german.just wanted to know if there was anyway to correct this.
    Don\'t be a bitch! Use Slackware.

  10. #10
    Senior Member
    Join Date
    Feb 2002
    Posts
    130
    I have never heard of a proxy changing the language of google, if you are sure you are going to www.google.com and its still coming up German there is a preferences tab in google where you can select language. I take it that when you do this it saves it in a cookie or something on your machine, might be worth taking a look in your cookies folder, or just clearing them.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides