04-22-07 12:13 AM
I installed and run JAP (see below) but I'm wondering, though my
browser data is encrypted once the data goes to the JAP servers, can
my sysop read the data I upload? If so, how can I prevent this? I
don't think JAP uses a secure (https) encryption for the browser.
RL
http://en.wikipedia.org/wiki/Java_Anon_Proxy
va Anon Proxy, also known as Java Anonymous Proxy, JAP Anon Proxy or
JAP, is a proxy system designed to allow browsing the Web anonymously.
It is based in Germany and was originally developed as part of an
ongoing project of the Technische Universit=E4t Dresden, the Universit=E4t
Regensburg and Privacy Commissioner of Schleswig-Holstein. Written in
the Java programming language, its slogan is Anonymity and Privacy -
Anonymity is not a crime.
Cross-platform, free, and designed to be easy to use, it sends
requests through a cascade of encrypting mixes, thereby hiding the
origin of any connection. JAP is available for all platforms that
support Java (Windows, Linux, MacOS, OS/2,...).
The JAP client program allows the user to choose among several Mix
Cascades (i.e. a group of anonymization proxies) offered by
independent organisations. Users may choose by themselves whom of
these operators they will trust, and whom they won't. This is an
important difference to peer-to-peer based anonymity networks like Tor
(anonymity network) and I2P, whose anonymisation proxies are anonymous
themselves, that means the users have to rely on unknown proxy
operators.
The speed and availability of the service depends on the operators of
the Mixes in the cascades, and therefore varies. More users on a
cascade improve anonymity, but a large number of users might diminish
the speed and bandwidth available for a single user.
Use of JAP is currently free. However, financial backing for the
research project has run out, so it will switch to a for-pay model in
order to cover the costs of running the servers and for developing the
software. The payment system is currently being tested. However, it
has been announced that a basic level of service will always be free
to use, in order to provide anonymity and privacy to people who cannot
afford to pay. The AN.ON developers also work on an improved blocking
resistance function that makes it easier for users from restrictive
countries to get a connection to the system.
The online activities of the user can only be revealed if all Mixes of
a cascade work together by keeping log files and correlating their
logs. However, all Mix operators have to sign a voluntary commitment
not to keep such logs, and for any observer it is difficult to
infiltrate all operators in a long cascade.
In 2003, the German BKA[1] [2] obtained a warrant to force the Mix
operators to log the activities of a specific criminal. In case of
serious crimes committed via JAP, the German Mix operators can be
forced to log the user IP addresses for specific web requests for a
limited time. This has led some people to distrust the software,
especially when rumors came up about a 'backdoor' [3] in the JAP
software. Unlike some internet articles state, JAP itself never had
any kind of 'backdoor', instead an additional 'feature' was added to
the Mix server code that enables operators to revoke anonymity if they
all work together and recompile their software. As stated above, this
is completely covered by the AN.ON threat model and no security leak.
Currently, further research is done by AN.ON to make this
functionality even more privacy-friendly [4].
As a reaction to the threat from local authorities, the system has
spread internationally. If the Mixes of a cascade are spread over
several countries, the law enforcement agencies of all these countries
would have to work together to reveal someone's identity.
Since May 2005, JAP can also be used as a client for the Tor and since
2006 also for the Mixminion network. These features are still in alpha
stage.
Note: The GNU/Linux package of JAP is named anon-proxy.
[ Post a follow-up to this message ]
| 
