Anonymous proxy questions

I believe the above is their privacy policy for their site & data they collect for sales purposes. Secondly they don't keep logs & have anonymous hubs. Thirdly, the user can encrypt their ip connection using the software if they wish. This sounds pretty anonymous to me. It would be nice if someone representing Tenebril would clarify but they may not read this forum.

 

Woody777: common!

 

It is tragicomic to me that those discussion goes from some facts about credibility of JAP in past to attacking another similar products without any facts and prove.
If they say we do not keep logs then you can assume that they tell your true.
Other speculation are simple speculation without any prove and does not make any sense to me.

 

I said it's a game of semantics. They say they keep no logs with personally identifiable information. BUT, they admit (in their terms of service) that they DO keep logs and sites visited by your IP address. So I'm not accusing them of doing anything that they don't already admit to. I don't have to "assume that it's true" that they keep logs, as it is right there in their Terms of Service that they do. Nothing tragicomic about pointing out old marketing tricks.

 

Please review the thread title and initial posts - discussion of other services is perfectly on-topic and their credibility is only "tragic" if you have a stake in them (either as a user or investor).

Assume? That's quite a turnaround for someone who distrusts JAP even though they fought (to the best of their ability) a court order and only gave the bare minimum of data needed. A site that implies one thing but actually does something else should be far less trustworthy and the T&C's for Ghostsurf and SecureStor quite clearly indicate their anonymity is far more limited.

In Tenebril's case ("analyze users' movements", "share aggregate demographic information with our business partners") these terms would not be out of place on an adware/spyware clickthrough. People seeking anonymity should pay careful attention to these since their actions would likely be monitored more closely than with their ISP.

 

Hello

Having become interested in proxies recently, i gave 'Tor' & 'Jap' a tryout but as you already know, they can be very slow and sometimes, painfully slow. But i do understand the point that some of you are trying to get across as far as trusting Open Source vs Commercial proxies goes. I do get it. Anyways, could someone have a look at the SmartHide Privacy Policy here - http://www.smarthide.com/privacy.php and let us know if it's any different than the others. Trust issues aside, it is amazingly FAST and has improved my upload speeds from 40-50 to over 200. But again the sticking point - 'Trust Issues'! My take is there must be some type of logging involved in order to enforce what is deemed not allowed in the Privacy Statement.

Would be Appreciated Thanks!.

 

Looks to be a "standard" agreement with the same level of privacy that you would expect from most ISPs. Of course, this then raises the question of why you should pay for their services but you may wish to ask them that directly.

If you're looking for general advice and recommendations on commercial proxy services, then Gerard Morentzy's posts on page 2 of Could use some advice re: anonymous surfing should be worth reviewing.

 

I'm really not gonna to argue with you. As i have already said both site (for both product GhostSurf and Secur state that they do not keep logs. And its completely strange to conclude "A site that implies one thing but actually does something else" .
You can believe or not. And i would believe you only if you show me prove that their statement are untruth.
Anything else is not any prove and not any evidence. Just speculations.
Their privacy policy about data that they collect is as Woody said for sales purposes and for their site.

 

Thanks Paranoid2000

Just finished reading that entire thread and it was very interesting. Seeing as it was close to 2 years ago, if you would, could you update us as to where proxies are now compared to the time of that thread?. Improvements, more secure, etc?.

Thanks

 

I'm not aware of any significant changes - Tor and JAP still have the same architecture. I don't use commercial proxies (for the reasons covered both in that thread and here) so can't give any specific advice on them. If you want to check for new information, then a Usenet group like alt.privacy.anon-server would probably be a good place to start.

 

Is JAP still free?
I've just downloaded JAP (previous version not used for a couple of weeks and lost when I reformatted this setup), and it won't let me anonymise without creating an account and it's asking for payment. Last month when I used JAP for the first time, I never had to do any of this.

Regards,
Londonbeat

 

Jap still offers some basic free service last time I tried it.

The linux version will not run at all for me and the windows version crashes and is very unstable.

The older Jap version worked better.

Tor is still the more reliable of the two. It may be slow at times but at least it works.

 

I think it was asking you to participate in the testing of the new payment system. If declined, you should still be able to use it for free. Looks like funding is running out and it might migrate to pay for usage in the near future.

 

I keep pressing 'no' to the prompts to create an account, but if I do the anonymity setting stays at 'off', everytime I try to change it to anonymity 'on' it prompts me to setup an account to pay... I'll have another try see if I can get it to work.

Regards,
Londonbeat

 

Just installed it again in another snapshot and after declining the prompts and selecting server with no costs, it works fine and tested it on ip identifying sites.

 

I've tried again and got it working fine, but I had to register an account and it prompted for fictional account details to test payment system (I guess I downloaded the development version by mistake). You register a load of fake (it tells you to input fictional account details) detaills and then an account is registered giving you a number of megabytes, I found more info here at bottom of page: http://anon.inf.tu-dresden.de/PaymentTest_en.html

It does emphasise that it is free and you should input fictional details, so you don't have to pay yet, but looks like they are thinking about charging in the future.

Regards,
Londonbeat

 

I would value peoples opinion on an application that I have recently subscribed to its called Anonymizer and is a proxy router. I find that it works well but since its servers are in California USA and I am in the UK, I find that it slows down the opening of websites considerably. Do you think that it is worth having? There is a $29 dollars a year Annual subscription also, is there a better alternative?

 

1. The German law prohibits logging of any data expect they are used for payment issues.
2. The German law allows the police (directed by a judge) under certain circumstances to eavesdrop telecommunication. This is only possible if there is a investigation about some special severe crimes like murder, war crime, crime against the state and some other. Of course also in case of investigations concerning child pornography. This investigation must be against a certain person.
File sharing, misuse of forums, and other typical "internet crimes" are not on this list, except they have been done as a gang.
3. The German law allows the police (directed by a judge) to confiscate data in case of crime of minor severity.

The question of source or closed source is not the main point. E.g. if anyone drives a lot of TOR severs he is able to log communication even if he is using open source. The main point is why did anyone runs a server. In case of Steganos or the other providers the answer is clear: They want to earn money! They are not interested in logging data, get accounts for porn sites, catching terrorists or what ever. Any public information about confiscation of data or eavesdropping is bad (or deadly) for the business. This is one of the best reasons to trust such companies.

ms64o

 

That's correct. 'Money!.

Just another reason why not to trust them!. In order to enforce their rules, logs must be kept. And if logs are asked for, customers of these pay for services will never know because the company doesn't care. Just like you said, it's all about making money, not about providing a free service because one has a right to privacy as long as it's not being abused illegally!.

 

A good point to make in favour of anonymity services (and ISPs) based in Germany. Can you include a link to the legislation in question?

Logging on its own isn't enough. To identify what is going on, you need to be able to link the incoming (encrypted) connections with the outgoing ones. While this can be done via network analysis (matching connections with similar traffic patterns) this becomes far harder when you have large numbers of connections from different users. Tor makes this harder still by allowing outgoing connections to be shared. The easier option is then to modify the anonymity software to report the links or to form a separate backchannel (this is what happened with JAP) - open-source clients allow others to catch out any such changes.

Well you could argue the exact opposite - for such companies it is the publicity that is harmful, not the disclosure itself. So an unethical company could well "do a deal" with law enforcement to surrender data privately in order to avoid any public court action. And as Tobacco and others have pointed out, the need to keep (and track) users' accounts means that commercial services have to perform a higher level of monitoring than free ones, regardless of any legal action.

 

I'm with Paranoid2000 and would like to see what kind of legislation could possibly say that. These paid services do nothing more than act as your surrogate ISP. An ISP cannot be run without logs. For technical support alone, logs must be kept. Not to mention bandwidth abuse, how much storage you are using if server space is offered, webmail service, etc. There simply could be no law to say that an ISP "can't log," except for payment issues. If that were the case, there wouldn't be any ISPs in Germany.

 

You will find the law here: http://bundesrecht.juris.de/tkg_2004/__96.html.
There is also a descission by a german court against t-online: http://www.ag-darmstadt.justiz.hessen.de/C1256BA7002F9EC4/CurrentBaseLink/B9EAB4DD2A4E426EC1257031004D3209/$File/Urteil%20AG%20Darmstadt%20300%20C%20397_04.pdf
a raw translation of the main point:

1. The respondent is adjudged to omit, storing of the dynamic IP adresses which are attached to the suitor during the use of its internet access, as soon as they are not longer needed for acounting.



ms64o

 

There are so many holes in that section that you could drive a truck through it. In no way does that keep an ISP or anonymity service from general logging.

 

Having reviewed an online translation I'm rather inclined to agree. It really specifies conditions under which logs may be retained and these include account management (sections 97 and 99 - 99 appears to deal with keeping a service history and seems to have an exception for anonymous services though) and preventing abuse (sections 100 and 101 - the wording seems more applicable to voice rather than data communications though).

So while the general tone is "log retention not allowed except for..." the circumstances allowed do provide considerable scope for providers, especially commercial ones. On the other hand, it is better than the far more specific logging requirements required in many other countries - assuming that that legislation has not been superceded.

Ultimately though, it seems to confirm that users need to rely on system design (and provider trustworthiness) rather than legal protections for online anonymity.

 

If my online privacy was of greater importance I would never trust a single entity like a commercial anonymizer. In fact I suspect there must be a secret agreement between such services and government agencies: we'll let you do the business and make money but we have to know what those people have to hide. Anything that's against the law and what might compromise national security you have to extradite to us. Deal? Deal!
Their competition do keep logs, but they don't. Yeah, right. If you trust politicians you can also trust these people. Wake up, all of them keep logs (otherwise they couldn't control the system) and are willing to cooperate with TLAs to show them they're good guys and have their blessing to run the business.
There's no such thing as 100% online privacy, but the best you can do IMHO is to use Tor (open source and decentralized).
To me, JAP has lost it's credibility with that backdoor thing
http://www.theregister.co.uk/2003/08/21/net_anonymity_service_backdoored/