UKnetSec.. wow.. thanks.. this is a damn good find.. and a open community project.. as they would like to branch out as well..
We are looking for partners–ISPs, IT security companies, networking companies, privacy commissioners–who are willing to operate a Mix and would like to support the idea of providing a world wide anonymity service. We are open to partners who want to discuss commercialization of our service.
The client program (JAP) is running on the Java platform. JAP works on all major platforms, for instance Windows, Macintosh, Linux, Solaris etc. The Mix-servers are written in C++ and work on many different platforms including Windows NT, Linux, Solaris, Irix and other Unix-like operating systems.
JAP and Mixes are Open-Source software. Everyone may inspect it and make sure, that the software provides the expected functionality and does not have hidden trapdoors.
and quite true.. and their encryption with their use of "mixes" looks like it very well could be the most secure setup that i've seen. the only downfall could be bottlenecks in the amount of traffic goint thru.. but if more partners were to join and give it more bandwidth, it could only get better.
I like this part the best.. from their FAQ's http://anon.inf.tu-dresden.de/help/FAQ_en.htmlHow it works
JAP acts as a local proxy between the browser and the insecure Internet. All requests for web pages are handled by JAP and are encrypted several times. The encrypted messages are sent through a chain of intermediate servers (named Mixes by the inventor of the theoretical background, David Chaum) to the final destination on the Internet.
Multiple layers of encryption protect all messages. A Mix collects messages in a batch, totally changes their appearance (removes one layer of encryption) and forwards them all at the same time, but in a different order. An adversary may observe all communication links, however he cannot determine a relation between incoming and outgoing packets. A surfer remains anonymous within the group of all users of the service.
and here's a tidbit of info from the bottom of this page http://anon.inf.tu-dresden.de/help/meter_en.htmlIs it possible to retrace a JAP anonymized connection if a judicial decree is enacted ?
The legislator forces providers of telecommunication services to make log files available to the respective authorities in case of a persecution. But the legislator does not force anybody to create log files with user-related data that is not necessary for providing a service.
A retrospective tracing is almost impossible. If any authority wants to uncover a connection retrospectively, it has to observe and record all incoming and outgoing data streams of all mix-servers and this data will have to be deanonymized by every single mix-server-provider. Proceeding this way would be useful only as long as the public keys of the mix-servers are valid. After replacing the old keys even the mix-server-operator is unable to decode the old data because the old private keys are deleted. In the current state this is not yet implemented. How often the public key is changed, depends on the mix-operator. In the final state it will possibly be done every few hours.
An observation online, i.e. an authority wants to deanonymize a connection immediately, requires a judicial decree to make every mix deanonymize a particular message immediately. For that purpose the first mix has to assign a particular input to the output of the concerning channel and has to log this information to tell the second mix which input to uncover and so on. Logging of all input-/output relations of all mixes is probably in disacordance to data protection laws.
Couldn't the anonymizing service be misused to control people by the government for instance ?
In contrast to common anonymizing proxy servers, JAP also provides anonymity and protection from observation against the operator of a mix-server. Therefore every observation of users, even by the government, will be made more difficult by the use of JAP.
The very easy to use (without installing any software) web based anonymizing proxie servers should be used very carefully. Especially when its provider is unknown. He could observe all your connections. In fact there have been anonymizing services with the primary purpose of collecting data about their users.
again.. UKnetSec.. thanks a lot .. quite a few folks I know will be interested in this.The more users are active and send or receive messages, the larger is the anonymity group. Every single message sent to the web is anonymous within this anonymity group. Assuming that the attacker controls a certain number of users or simulates apparent users, his difficulties with controlling all users but one increase with the growth of the anonymity group.
In future versions, the protection will be increased by a new registration procedure. The users register at the mixes by so-called tickets, i.e. digital permissions given to pseudonyms by use of so-called blind digital signatures.
Reply With Quote