Secure Surfing - Anonymizer vs. JAP vs. ??

Discussion in 'privacy technology' started by Dazed_and_Confused, May 26, 2004.

Thread Status:
Not open for further replies.
  1. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    For those who have used (or are familar with) both Anonymizer and JAP for secure web surfing, which in your opinion is the best app? Or is there a better 3rd option? :doubt:

    I've used anonymizer for a couple of years, and at times it can be SLOW. :( However, I do feel it is rock-solid secure when using the maximum settings. And the toolbar makes getting in/out a snap. Never tried JAP, but I've heard good things about it, and it's (currently) free!
     
  2. lonewolf3367

    lonewolf3367 Guest

    I've been using JAP for a short time now and find it works very well. It seems a bit slow at times(not too often) but not too bad for a free anonymizer. Over all i am very happy with it and wouldn't go online without it now. It also works very well with Mozilla Firefox. They seem like they were made for each other. I have heard JAP is more secure than Anonymizer, but sometimes i wonder considering that at one time there was a back door in JAP. Though i would recommend JAP to anyone who is looking generally for a more anonymous way to surf the web. Not too shabby for a freebie. And i sure like free stuff! How about you?
     
  3. Ruffian

    Ruffian Guest

    JAP as i understand it is technically superior. However, there is nothing to prevent the government from pushing legal pressure on any annoymity services and place a backdoor.

    This can happen for Anonymizer too.
     
  4. *_*

    *_* Guest

    Yes but luckily JAP is not based in the USA. And is hopefully out of the reach of the US government. But the Germany government, that's another story.
     
  5. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    722
    Location:
    Cumbria, England
    I stopped using JAP quite some time ago as there was something to do with privacy issues.
    I cant quite remember what it was now but i`ll try and find it later.
     
  6. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    722
    Location:
    Cumbria, England
    Looks like the privacy issue was solved
     
  7. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    This, to my mind, is where the open source nature of JAP helps greatly. Any attempt to modify the client to allow any sort of tracking can be detected (and in the one case this did happen, JAP's developers made the changes blatantly obvious).

    This really should be a basic requirement for any anonymiser service - and should not be a problem for commercial services since they are ultimately selling bandwidth and server access, not client software.

    Another (commercial) alternative to consider is COTSE which offer a proxy which you can connect to using either HTTP or HTTPS. Not as secure as JAP but it does include web filtering and offers email and newsgroup access along with web hosting.
     
  8. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    I've been using JAP for long time now,
    and i agree on the fact that it is NOT a good idea,
    to use an anonymous proxy in the USA they are all UNSAFE !!!
    First of all you can use JAP with any anonymous proxy that you want,
    but take care because most of those are NOT REALLY anonymous.
    The only thing they do, is strip SOME of the environment variables that
    you use. (for example,your IP is set in more then one environment variable).


    So better go to an Internet-cafe, Libraray in Disguise (like Peter Sellers in 'The Pink Panter' movies) :>)
    Or use JAP (or another tool) with a (dial-up connection that is safe).
    choose a anonymous proxy NOT located in the USA.
    Better use a Anon-proxy chain.
    Don't use a tool as Steganos, that swiches every few seconds of anon-proxies.
    Because the more proxies you use after each other that way,
    (i don't mean in a chain here), the more chance/greater the risk that you have uses an UNSAFE one.
    Disable Javascript,Java etc. in your Browser.
    Use Mozilla with Prefbar or so but don't use IE
    Visit a website to check your tools/settings for example: http://leader.ru/secure/who.html

    An then this,

    It is true that it happened again and again that USA-government "forced" to hand over the log-data from anon-proxies in the USA.
    AND ... they did !!!

    What i don't understand is, that there are still people that believe this can really happen that wayo_O?

    If i would own a ANON-PROXY and there were paying customers on that,
    the logfiles would NOT BE filled, logging would be OFF,
    OR it would be automatically SCHRED on a few-seconds-basis!!!!!
    And i would bring the server down, if i couldn't work like this any longer!!!

    THAT also happened, a few times.

    I understand, that there are reasons why you don't want citizens to use anon-proxy's , but do you live in a FREE country or not o_O
     
  9. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Thanks for everyone's comments.

    It sounds like I'm hearing that JAP is more secure, but only because it uses resources outside the USA, outside governmental reach (eliminating snooping by governmental agencies)?? o_O Am I reading this correctly?

    What if I just want a connection secure from the bad guys (non-governmental agencies) to better protect financial transactions & correspondence, am I OK with Anonymizer in that case? Anonymizer uses encryption and secure tunnelling (whatever that means). It sounds secure. :doubt:

    I don't believe I heard anyone comment on the Anonymizer service itself. Has anyone actually used both JAP and Anonymizer and can give a fair comparison?
     
  10. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Going only a little OT, here's an interesting article about Ashcroft, Snoops and Gag Orders - The Secrets of Surveillance illustrating the ease with which the US Government can access Internet traffic details - and how difficult it is to get any information on such monitoring.

    Also note that the US Government does have a contract with Anonymizer to supply free access to Iranians. While this need not necessarily compromise Anonymizer's service to others, it does provide the government with some extra commercial clout on Anonymizer's doings.
     
  11. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Interesting article, Paranoid2K. Thanks! :)

    I'm not really too worried about the government spying on my activities, unless they are into stealing account numbers, passwords, etc. I'm just looking to keep this info from getting into the hands of low-lifes who make money the old fashion way - they steal it. :rolleyes:
     
  12. lonewolf3367

    lonewolf3367 Guest

  13. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Yes, very interesting. I think I'm going to stick with Anonymizer. Didn't like the article posted there about JAP. Thanks! :)
     
  14. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    *sigh* As previous posts in this thread (and elsewhere) have made clear, this was overturned on appeal and the backdoor order was lifted months ago (Eric needs to update his site here). The point I would make is that this was discovered due to JAP's client being open-source - if the same thing ever happened to Anonymizer or another closed-source anonymity service then no-one would ever know about it (especially given that recipients of National Security Letters - mentioned in the surveillance article linked to above - are barred from discussing them publicly!).
     
  15. What i'm wondering if JAP was backdoored once what's stopping them from doing it again in another way. I realize it's open source, but i bet a way could be found. With all those tax dollars to spend. They probably have top scientists on it now trying to figure it out. And if they did do you think they would tell us about it? Hmmmmm that's a tough one.
     
  16. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    P2K, I understand your point. However, I also know that secrets like that are the most fleeting.

    And since JAP is open source, I find it hard to believe there isn't some brilliant kid out there taking a break from writing malware and turning his/her attention to cracking this nut.
     
  17. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    One case only of the National Security List has been made partially public - do you really believe that this has been the only use of this?
    Good - this is what makes open source stronger and is why having encryption routines open to peer review is so important. Any weaknesses are then far more likely to be found and fixed. If on the other hand you are talking about someone attempting to put a backdoor into the client themselves, then I would point out that they then have to persuade others to download their client (which means offering significant functionality over and above the existing one) and hide such a backdoor deeply enough within the code to avoid discovery (it can be done but not easily).

    However since any such backdoor would need to make a connection to another server at some point this should be spotted by anyone running a firewall (JAPs own backdoor created a separate connection to the mix servers - but this technique could not be used by an outside attacker lacking mix log access).
     
Loading...
Thread Status:
Not open for further replies.