Anonymous, Encrypted Browser Plugin...

Discussion in 'privacy technology' started by ecest, Apr 29, 2004.

Thread Status:
Not open for further replies.
  1. ecest

    ecest Registered Member

    Joined:
    Apr 29, 2004
    Posts:
    4
    I already posted this in another forum.. think it would be better here though...

    Posting an app that I found:

    http://risersoft.com/anon-encrypt.php

    it looks mainly like an Encrypted Tunnel to an Anonymous proxy... Might be useful to some.

    - derek
     
  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    After seeing at least thirteen spelling mistakes on that page, I decided to give the program a miss. (I messaged them about that).

    The "24/7 Live Support Chat Now Online" is rather misleading (since the link doesn't work) and I've got to question their use of the term "tunneling" when all they're basically offering is an "anonymous" server (their own).

    Nothing is said about what type of "encryption" is used.

    Not real excited about this one. Pete
     
  3. dangitall

    dangitall Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    430
    Location:
    New Hamster, USA
    I'd have to go along with your recommendation on this one, Spy1. While it's conceivably possible for this company to be on the up-and-up, I'll pass. There are other services I'd try before RiserSoft.
     
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Hmmm...Risersoft use a browser plugin (restricting it to Internet Explorer users only), announce it on April 1st (just coincidence I'm sure...) and their Privacy Policy/Terms of Use links do not appear to work properly (just reloading the page on Opera).

    Really, I would be very reluctant to trust any anonymizer where the software source was not open for inspection. Without this, you have no way of knowing if the encryption is secure or if there are back doors allowing the provider to keep tabs on you. Open sourcing the client software should be possible commerically, since the company is really selling bandwidth and server access rather than software.

    For that reason I would recommend the Java Anonymizing Proxy (JAP) instead which can be used with any browser (and most OS's), offers encryption through multiple servers (called mixes), is open source and currently free to use (however it can be slow - though it is possible to check mix performance and switch to another one). Since it is open source, any attempt by the providers to circumvent it (as in this case) has a good chance of being found out, unlike with closed software.
     
  5. TheSnowGuy

    TheSnowGuy Guest

    There has been posts that JAP has been backdoored.....as yet I am not able to dig deeper into this.....so if anyone can comment on this issue it would be appreciated. An if possible provide some hard evidence that we all can verify.....thank you.
     
  6. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Check the press releases here and here for details. The developers were subject to a court order from the Frankfurt District Court (which could not be disclosed publicly) to put in a backdoor to monitor access to a single IP address. However, this needed a change to the client software and since it was open-source, the code for the backdoor was spotted.

    This has now been overturned (German press release - Google translation) so all should be well, until the next time...
     
  7. TheSnowGuy

    TheSnowGuy Guest

    P

    The info/links you posted are most appreciated.....we definitely read them.
    Yes, no doubt there will always be a "next time"

    Thanks
    Snowguy
     
  8. dangitall

    dangitall Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    430
    Location:
    New Hamster, USA
    Thanks, Paranoid2000, for the news of the backdoor decision having been overturned. I may give JAP a shot now. I was ready to sometime back, but that backdoor caused me to pull back.
     
  9. ecest

    ecest Registered Member

    Joined:
    Apr 29, 2004
    Posts:
    4
    Wow; you guys are so wrong, its not even funny. :eek:

    I emailed them, they use SSL for Encryption.

    I ordered the high speed lic for $15 / m; and I am getting 400KB/s downloads! I guess its easy to bash a company when you dont know anything about them yourselves though.

    JAP; no kidding its slow. Its JAVA! Not to mention insecure as a open bank valut.

    - eCest
     
  10. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    If they use SSL then why on earth do they require a browser plug-in? An SSL-based encryption service could operate either using standard browser proxy settings or via special URLs (e.g. https://encryption-service.com?page=www.the-web-site-I-really-want.com). These would offer the advantage of being available across every browser (not Internet Explorer only) and every Operating System (Windows, Linux, OS-X). This sounds like either a sloppy design decision or just dumb business sense.
    Being written in Java is nothing to do with it. Java can actually run faster than C++ (see the Java vs C++ "Shootout" Revisited for details) and offers the advantage of cross-platform availability - you can run JAP on Windows, Linux and OS-X. The problem is that there is limited bandwidth available to access the mix servers which has to be shared between all those accessing it. Also a mix can involve encryption and decryption through multiple servers slowing things further.
    For general web browsing the highest speed I have encountered is 20KB/s without a proxy. JAP can match this during quiet periods but in peak times you should expect 5KB/s or so. However you can set up your system to do downloads directly (gaining the speed) while using JAP for Web access, which is an acceptable compromise for me (and avoids loading the mixes with large file transfers to others' detriment). However it is your money - and if you choose to spend your time on an unproven service then that means more available bandwidth on JAP. :)

    By the way, Anonymizer (who do have a track record) charge $29.95 for a full year's access to their Private Surfing service and $99.95/year for their TotalNet Shield service (which covers all network communication via an SSH proxy) - a superior (and cheaper) service than what Risersoft offers. Another alternative would be COTSE who charge $5.95/month for anonymous web, email, Usenet and webhosting. Still think you got value for money? :p
    Really? On what basis do you make this judgement? Do you even know how JAP works or what encryption algorithm it uses? (for the record it uses 128-bit AES with the session keys encrypted with 1024-bit RSA - see this (rough) FAQ translation for details and check the Digital Cryptography: Rijndael Encryption and AES Applications for more details on AES).
    Your post about JAP sure proves that point. However choosing an anonymity provider should be a serious decision since you will be placing a good deal of trust in their service and their willingness to protect you should you attract the wrong type of attention. Your statement also suggests that you have inside knowledge of Risersoft which casts into doubt your ability to offer an independent opinion (especially since you have made just 3 posts here - all on Risersoft's service). Just to be clear on this, do you have any connections with Risersoft? (aside from purchasing a licence).
    You need to lighten up then - I spent almost ten minutes laughing at your post. :D
     
  11. ecest

    ecest Registered Member

    Joined:
    Apr 29, 2004
    Posts:
    4
    Regardless of what your opinion is, Java is insecure, and very slow.

    Go to google.com and search for "java insecure" and you will see. :rolleyes:

    5KB, 20KB? Did you know there is a reason why people are upgrading to broadband and getting ride of dial up? Haha. 5KB/s thats pretty funny. :D

    And if its so easy to setup SSL enabled proxies why isn't everyone doing it? Why are people looking for secure anonymous solutions? Furthermore; the client app is just a frontend to the Secure Anonymous Proxy. You are buying the service, not the app. And its kind of hard for the average user to setup a ssl/secure proxy, and interface with it. Then on top of all that make it anonymous. How can it be anonymous when its running off their local machine? :eek:

    Much to learn young one.

    - derek
     
  12. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    A friendly warning... before a mod decides to step in...
    These kind of remarks are WAY out of line. PLEASE restrict your language to a CIVIL level. [and by the way... P2K is MUCH more experienced in security than most people claim to be... IMHO...]

    Ask GOOGLE.... ask them why they chose https for gmail

    what exactly are you referring to? SSL? if so... gmail again!
    if you're referring to JAP... then it's because they want to provide a completely safe channel... they like to authenticate in a particular way.
    Don't you install some stuff [dlls and what not] for risersoft plugin? why not the exclamation marks there?
    plugins+IE = invisble behaviour ave. users CAN'T comprehend.
    Derek, I could go on and on, but you MUST understand... OPEN SOURCE is better... it is available to public scrutiny.
    What guarantee do you have that risersoft is NOT a spyware product?
    Anyways, I don't want to convince you that product X is better, I only want you to consider the possibility that jap may actually be safer than some other commercial products.

    P2K...
    No one mentioned T.O.R. network yet?
    strange.
     
Loading...
Thread Status:
Not open for further replies.