Don't Fear Internet Anonymity Tools

dangitall,

I believe you are referring to the article recently that mentioned Anonymizer being offered free to dissidents in countries like Iran. There was a mention or hint of some US government connection. I don't recall the link, it was provided here on Wilders (maybe from Ronjor or the Mul). I searched for it but couldn't locate it.

 

No, I don't think so. The article I recall predates my coming here, back when I was looking into various anonymity tools.

 

Hello to all of you !

I can feel the heat here...

On the top, this board is full of knowledgeble guys and gals. Everyone has a full right to express their views. All views are in general. Any views is not related to any specific person or things.

Well, In my perception, now days there is no privacy et all. If you're on the net then there is no meaning of privacy no matter how much protection they have. Smart guys are breaking our privacy because they knows how to do it ? Law enforcement agencies are doing because they have power to do... so nowhere you are safe.

Daisy, the use of only one remailer is also insecure. If that remailer is compromised, you have no security because the operator knows both the originating and final addresses. Chains of remailers with encryption are better, but still vulnerable. Messages can be traced through these remailers, because incoming messages are forwarded directly after processing. When a message arrives, another leaves immediately. With no further information the attacker knows that these are the same message despite any precautions that may have been taken. This can even be done retroactively using mail logs..

Newkid

 

Sorry OT but where does one download JAP? I googled for it but turned up: anon.inf.tu-dresden.de/index_en.html - which is on a blocklist for some reason. If on a blocklist must be for good reason - no?

**edit - I found this

- seems some makers of current blocklists still consider the possibility.

 

See: https://www.wilderssecurity.com/showthread.php?t=33867

and: https://www.wilderssecurity.com/showthread.php?t=14240

 

Thanks. Looks like I will edit that block and maybe address this at bluetack or whomever is including this url in their blocklist.

 

Got it installed and working but I don't understand how some of you report

To a degree? I'm on 3000/256 cable and I now feel like i'm on dial-up. Is there something (setting) i'm missing?

**actually worse than dial-up as it took over a minute to come here to post this

 

Sorry LynchKnot, that's the price of using a free anonymizer. Even the pay ones are slow too. But i'm just wondering why you would even bother using it to post here?

 

hehe, I don't know. I'm just playing/experimenting I guess. I don't go much anywhere else but the same 14+ boards i'm a member of. I may follow links from some art site or something like that but that's about it. So what's this good for then, porn sites?

 

I use JAP to give me some privacy from my isp keeping track of everywhere i go and everything i do. In this world of evaporating privacy i feel it is essential to make a grab for the last bit of privacy we have left. And no i don't do anything illegal or surf porn sites. I just feel i have a God given right to have my privacy while i surf online, and if there is anyone who doesn't understand that then too frigin bad, that's your problem!

 

Using JAP and feeling secure...
Dont you know about this - http://www.securityfocus.com/news/6779 ?
or this - http://www.infoanarchy.org/story/2003/8/23/101322/284
Big "anonymizer" sites are always a magnet for law breakers and enforcers. I would trust public proxies instead.

edited by Detox - the "show IP images" are cute and harmless, but cause panic almost every time!

 

Congratulations well, well - you've picked up a year-old reference without checking for updates. See my previous post for more details.

Public proxy servers do nothing to obscure the traffic between your PC and the proxy itself - they can only hide your IP address from sites you visit. Your ISP (and anyone else with access to network traffic between you and the proxy - along with the proxy operator) can observe and log your activities (sites visited, search terms used, etc) just as if they were looking over your shoulder.

The only protection is having all traffic leaving your PC encrypted - and JAP does this. An https proxy would also work, but you are still relying on the proxy not logging your actions. With JAP you have the option of using more than one server (so everyone in the chain has to co-operate to track a user) and the client is open source (so past and future backdoor attempts can be discovered).

Since the main topic of this thread has been about preserving online privacy in the face of increasingly intrusive legislation, public http proxies really have no place in this discussion.

 

Hello again, P2K. I always enjoy reading your posts. They are always so informative.

Reagarding JAP, a few questions if you don't mind.

1. Are you saying that it encrypts everything between the local PC and the web server?

2. Does JAP use any servers between the local PC and the web site being viewed?

3. What does this mean (Here is a quote from their website)? "It does not protect you against an adversary who has the capability to observe all communication links on the Internet."

 

Hello there D&C,

For details on how JAP works, may I refer you to their Architecture page? The encryption is done between your PC and the JAP mix servers - at the final mix, the traffic is decrypted and sent on to the website (this stage cannot be encrypted since the website will be expecting standard traffic). Any response will then be sent to the last mix server which then encrypts it and passes it down the chain until it reaches your PC.

JAP can use multiple mix servers in a chain but the default mix (Dresden-Dresden) is just one server I believe. Details of other mixes can be found here.

 

Thanks, P2K. I'm using it now! I see his eyes turning red as I surf. It says my level of anonymity is FAIR. I'm going to have to read up on how to increase it.

 

Well, P2K, I've been reading the JAP site, and I must say that most of what I read went way over my head. I also read a few threads from their forum, and this one scared me. Comments?


I also continue to receive the error message below when starting JAP. But then JAP starts and seems to work fine.

Edit:

Also, if I were to connected via JAP to a web site using HTTPS (SSL), can I assume that my connection is still 101% secure?

 

I am still not comfortable.........

Open-source software is obviously a good thing. However, in this situation, don't more than a few people still question what goes on at the human element on the other side of some of the mixes with JAP?

Also, honest question here for knowledgeable JAP users: Who initially funded JAP? I honestly don't know. I've only heard the rumors and would like to hear from anyone involved (as it appears there might be someone associated with JAP participating in the thread).

 

Hi Daisy, The error can be ignored, but your are NOT surfing anonymous.
"Jap" has (not so long ago) given logfile information to the authorities.

That means that there ARE logfiles (which is not needed , see my previous posts) and your ip is logged.

So if you really want to surf anonymous, go to an Internet-cafee,
in your Peter Sellers (Pink Panter movies) disguise, pay cash,
wear gloves, don't show any real ID-card or info.
Switch three times of cars/trains/planes before you go home.

good luck,

BTW your ip is now logged, your are traced, your NSA file is 253 Pages long,
all your bankaccounts are known, profilers have worked months already,
on why you would need anon proxies.
Your family and friends are screened, and one of your neighbours is payed,
to keep an eye on you, and all the shops were you buy things,
must make a list of that, and send it in to the government.
Other countries have already found leaked information regarding you and are starting their own investigation.
Your European code names is: "verbijstering en verward"
your chines code name is: ^)*&^*&^
Korean code name is: IIP{}LLKKO&^*
This thread is watched by agents all over the world (but they get payed for that).

 

For people that can read German or use an translate engine:

http://www.heise.de/newsticker/meldung/41690

In Dutch
http://www.internetjournalistiek.be/dossiers/detail_zoeken.php?nieuwsid=99
(fast search: find 'jap' in that page)

The quote translated:
JAP was forced by the German Judge/court
to create a 'backdoor' or possibility for the German Police to catch surfers
that ar visiting certain websites.

In the newspapers here, it was made clear that they already used that option.

 

A link in English (from 'JAP'): http://anon.inf.tu-dresden.de/index_en.html


Another thing is, that if you connect to an anon proxy from JAP,
and "JAP" (their anon proxy) is being monitored, that your ip connection to JAP
is perhaps crypted, but your ip is known.
If "they" are able to monitor which connections that JAP is making to the outside world (WWW)
One is the websites Jap is visiting (in a few millisecs) is the one for you.
then those connections are NOT crypted.

so .....

 

SourceForge allows anonymous posting - which means you get some real idiots chiming in. Read the complete thread and draw your own conclusions.

How are you starting JAP? My shortcut for it is "D:\Program Files\Java\j2re1.4.1_04\bin\javaw.exe" -jar "D:\Program Files\JAP\JAP.jar" (I installed Sun's Java Runtime Environment separately since I have other applications that use it). Using a similar shortcut (adjusting for where you have installed JAP and Java on your system) should stop this error.

As long as your browser is configured to use JAP for HTTPS connections as well as HTTP, these will go via JAP (and as far as your ISP is concerned, there would then be 2 layers of encryption to deal with). JAP have a test page you can use to check your browser settings. If you use a download manager (GetRight, LeechGet, etc) then this will need to be configured separately to use JAP but I would suggest doing file downloads "in the clear" just to reduce traffic load on the system (unless you are downloading something potentially embarrassing).

JAP is currently a research project (as mentioned in their information page) but they also accept Paypal donations.

The police obtained a court order which was later overturned. Please see my previous post on this.

JAP is not going to (and does not claim to offer) perfect anonymity but it is the best compromise between security and usability - and is far better than visiting an Internet cafe (where, in the worst case, the PCs themselves could have keyboard loggers installed with or without the owners' knowledge to catch passwords) or browsing in the clear.

 

Here is my shortcut: "C:\Program Files\Jap\jap.exe"

 

You can't - directly. It depends on the number of people using the service (the more the merrier) and it is an indication of how easily someone could attempt to track a user by using traffic analysis to match connections coming into and out of a mix.

For example, suppose that there are just 2 users - one sending data constantly (a heavy web browser) and the other hardly sending data at all. If someone was monitoring what went in (encrypted) and what came out (non-encrypted) of the mix server, it would be easy to tie the outgoing and incoming traffic and therefore identify what each user was doing.

However when you have several hundred users on the service, this becomes much harder - and if the system adds variable delays (so a non-encrypted connection starts 0.5 seconds after the incoming encrypted one) then this makes it harder still (but at a performance cost to the users).

 

There should be a jap.jar file in the same folder and you should have Sun's Java JRE in another folder. Once you identify those, try creating a new shortcut like the one I listed above.

 

From the JAP Info page:
"The costs thereby incurred are currently covered by a research project."

That's convenient. A "research project" has to be funded by someone, somewhere. All the costs incurred by a free service like JAP cannot all come thorugh Paypal donations.

What we do know (but is not spoken of by JAP) is that JAP is funded by the German Research Foundation and the Federal Ministry of Economics and Technology. The rumors have been that the university-driven GRF is itself a project of the Bfv/BND (German intelligence).

That's not "conspiracy thinking" it's just called "Follow The Money."

I'm not advocated not using JAP, only supporting the right to the free-flow of information and the right of the user to know all the facts. Knowing the facts, the user can decide if it's something they want to use.