Secure Surfing - Anonymizer vs. JAP vs. ??

[Dazed_and_Confused]

For those who have used (or are familar with) both Anonymizer and JAP for secure web surfing, which in your opinion is the best app? Or is there a better 3rd option?

I've used anonymizer for a couple of years, and at times it can be SLOW. However, I do feel it is rock-solid secure when using the maximum settings. And the toolbar makes getting in/out a snap. Never tried JAP, but I've heard good things about it, and it's (currently) free!

I've been using JAP for a short time now and find it works very well. It seems a bit slow at times(not too often) but not too bad for a free anonymizer. Over all i am very happy with it and wouldn't go online without it now. It also works very well with Mozilla Firefox. They seem like they were made for each other. I have heard JAP is more secure than Anonymizer, but sometimes i wonder considering that at one time there was a back door in JAP. Though i would recommend JAP to anyone who is looking generally for a more anonymous way to surf the web. Not too shabby for a freebie. And i sure like free stuff! How about you?

JAP as i understand it is technically superior. However, there is nothing to prevent the government from pushing legal pressure on any annoymity services and place a backdoor.

This can happen for Anonymizer too.

Yes but luckily JAP is not based in the USA. And is hopefully out of the reach of the US government. But the Germany government, that's another story.

[Tony]

I stopped using JAP quite some time ago as there was something to do with privacy issues.
I cant quite remember what it was now but i`ll try and find it later.

[Tony]

Looks like the privacy issue was solved

Quote:

http://www.datenschutzzentrum.de/mat.../anonip2_e.htm

27. August 2003

PRESS RELEASE

First partial success for AN.ON

The District Court in Frankfurt /Main decided yesterday (Az.: 5/6 Qs 47/03) that the enforcement of the judicial instruction by the Lower District Court in Frankfurt to the partners of the AN.ON project given some weeks ago on request of the German Federal Bureau of Criminal Investigation is to be suspended.

According to this instruction, AN.ON, the mutual project of the Independent Centre for Privacy Protection Schleswig-Holstein (ICPP) and the TU Dresden for surfing the web anonymously, had to record the access to a particular IP address.The project partners have disabled the recording function they implemented according to the first court decision immediately after they were informed about the new decision.

Up to this point of time, a single data record had been recorded. In which way this record is to be handled will be decided after the final decision by the District Court. It is still kept by the AN.ON project. The project partners are going to publish a detailed documentation on the whole process after the final decision.

Information about AN.ON: www.anon-online.de

Information about the work of the ICPP: Independent Centre for Privacy Protection Schleswig-Holstein Holstenstraße 98 / 24103 Kiel Germany Phone: 0431/988-1200 / Fax: 0431/988-1223
E-Mail: mail@datenschutzzentrum.de
Homepage: http://www.datenschutzzentrum.de

[Paranoid2000]

Quote:

Originally Posted by Ruffian

However, there is nothing to prevent the government from pushing legal pressure on any annoymity services and place a backdoor.

This can happen for Anonymizer too.

This, to my mind, is where the open source nature of JAP helps greatly. Any attempt to modify the client to allow any sort of tracking can be detected (and in the one case this did happen, JAP's developers made the changes blatantly obvious).

This really should be a basic requirement for any anonymiser service - and should not be a problem for commercial services since they are ultimately selling bandwidth and server access, not client software.

Another (commercial) alternative to consider is COTSE which offer a proxy which you can connect to using either HTTP or HTTPS. Not as secure as JAP but it does include web filtering and offers email and newsgroup access along with web hosting.

[tuatara]

I've been using JAP for long time now,
and i agree on the fact that it is NOT a good idea,
to use an anonymous proxy in the USA they are all UNSAFE !!!
First of all you can use JAP with any anonymous proxy that you want,
but take care because most of those are NOT REALLY anonymous.
The only thing they do, is strip SOME of the environment variables that
you use. (for example,your IP is set in more then one environment variable).


So better go to an Internet-cafe, Libraray in Disguise (like Peter Sellers in 'The Pink Panter' movies) :>)
Or use JAP (or another tool) with a (dial-up connection that is safe).
choose a anonymous proxy NOT located in the USA.
Better use a Anon-proxy chain.
Don't use a tool as Steganos, that swiches every few seconds of anon-proxies.
Because the more proxies you use after each other that way,
(i don't mean in a chain here), the more chance/greater the risk that you have uses an UNSAFE one.
Disable Javascript,Java etc. in your Browser.
Use Mozilla with Prefbar or so but don't use IE
Visit a website to check your tools/settings for example: http://leader.ru/secure/who.html

An then this,

It is true that it happened again and again that USA-government "forced" to hand over the log-data from anon-proxies in the USA.
AND ... they did !!!

What i don't understand is, that there are still people that believe this can really happen that way?

If i would own a ANON-PROXY and there were paying customers on that,
the logfiles would NOT BE filled, logging would be OFF,
OR it would be automatically SCHRED on a few-seconds-basis!!!!!
And i would bring the server down, if i couldn't work like this any longer!!!

THAT also happened, a few times.

I understand, that there are reasons why you don't want citizens to use anon-proxy's , but do you live in a FREE country or not

[Dazed_and_Confused]

Thanks for everyone's comments.

It sounds like I'm hearing that JAP is more secure, but only because it uses resources outside the USA, outside governmental reach (eliminating snooping by governmental agencies)?? Am I reading this correctly?

What if I just want a connection secure from the bad guys (non-governmental agencies) to better protect financial transactions & correspondence, am I OK with Anonymizer in that case? Anonymizer uses encryption and secure tunnelling (whatever that means). It sounds secure.

I don't believe I heard anyone comment on the Anonymizer service itself. Has anyone actually used both JAP and Anonymizer and can give a fair comparison?

[Paranoid2000]

Going only a little OT, here's an interesting article about Ashcroft, Snoops and Gag Orders - The Secrets of Surveillance illustrating the ease with which the US Government can access Internet traffic details - and how difficult it is to get any information on such monitoring.

Also note that the US Government does have a contract with Anonymizer to supply free access to Iranians. While this need not necessarily compromise Anonymizer's service to others, it does provide the government with some extra commercial clout on Anonymizer's doings.

[Dazed_and_Confused]

Quote:

Originally Posted by Paranoid2000

Also note that the US Government does have a contract with Anonymizer to supply free access to Iranians. While this need not necessarily compromise Anonymizer's service to others, it does provide the government with some extra commercial clout on Anonymizer's doings.

Interesting article, Paranoid2K. Thanks!

I'm not really too worried about the government spying on my activities, unless they are into stealing account numbers, passwords, etc. I'm just looking to keep this info from getting into the hands of low-lifes who make money the old fashion way - they steal it.

Here's a link you may find interesting, Dazed. http://www.staff.uiuc.edu/~ehowes/main.htm
Then scoll down in the left column to 'Net Privacy' and click 'Web Surfing Anonymizing'.

[Dazed_and_Confused]

Quote:

Originally Posted by lonewolf3367

Here's a link you may find interesting, Dazed. http://www.staff.uiuc.edu/~ehowes/main.htm ...

Yes, very interesting. I think I'm going to stick with Anonymizer. Didn't like the article posted there about JAP. Thanks!

[Paranoid2000]

Quote:

Originally Posted by Dazed_and_Confused

Yes, very interesting. I think I'm going to stick with Anonymizer. Didn't like the article posted there about JAP. Thanks!

*sigh* As previous posts in this thread (and elsewhere) have made clear, this was overturned on appeal and the backdoor order was lifted months ago (Eric needs to update his site here). The point I would make is that this was discovered due to JAP's client being open-source - if the same thing ever happened to Anonymizer or another closed-source anonymity service then no-one would ever know about it (especially given that recipients of National Security Letters - mentioned in the surveillance article linked to above - are barred from discussing them publicly!).

What i'm wondering if JAP was backdoored once what's stopping them from doing it again in another way. I realize it's open source, but i bet a way could be found. With all those tax dollars to spend. They probably have top scientists on it now trying to figure it out. And if they did do you think they would tell us about it? Hmmmmm that's a tough one.

[Dazed_and_Confused]

Quote:

Originally Posted by Paranoid2000

... if the same thing ever happened to Anonymizer or another closed-source anonymity service then no-one would ever know about it (especially given that recipients of National Security Letters - mentioned in the surveillance article linked to above - are barred from discussing them publicly!).

P2K, I understand your point. However, I also know that secrets like that are the most fleeting.

Quote:

Originally Posted by Paranoid2000

...JAP's client being open-source...

And since JAP is open source, I find it hard to believe there isn't some brilliant kid out there taking a break from writing malware and turning his/her attention to cracking this nut.

[Paranoid2000]

Quote:

Originally Posted by Dazed_and_Confused

P2K, I understand your point. However, I also know that secrets like that are the most fleeting.

One case only of the National Security List has been made partially public - do you really believe that this has been the only use of this?

Quote:

And since JAP is open source, I find it hard to believe there isn't some brilliant kid out there taking a break from writing malware and turning his/her attention to cracking this nut.

Good - this is what makes open source stronger and is why having encryption routines open to peer review is so important. Any weaknesses are then far more likely to be found and fixed. If on the other hand you are talking about someone attempting to put a backdoor into the client themselves, then I would point out that they then have to persuade others to download their client (which means offering significant functionality over and above the existing one) and hide such a backdoor deeply enough within the code to avoid discovery (it can be done but not easily).

However since any such backdoor would need to make a connection to another server at some point this should be spotted by anyone running a firewall (JAPs own backdoor created a separate connection to the mix servers - but this technique could not be used by an outside attacker lacking mix log access).