Tuesday, June 07, 2005

Encrypted Anonymized Websurfing

If, like me, you're known to be paranoid, or maybe just slightly geekish, here's something that may interest you: a way of surfing the Web in encrypted anonymity. Actually, there are two such methods I've used: the JAP proxy, from Dresden University of Technology over in Germany; and the Tor proxy, which is now hosted by the Electronic Frontier Foundation.

Without getting too deeply into the technicalities, or the differences between JAP and Tor, the idea is that you install their software on your system— free software, and open source, so you know what's in it. This software enables you to set up an encrypted connection with the first in a chain of computers out there. Your websurfing runs, encrypted, through a chain of at least three computers in between you and the website; and it is anonymous since any website out there will only see the IP address of the computer farthest from you in the chain.

In fact, under JAP not even the administrators of the chain are able to tell which packets of data belong to which users. There are several JAP chains available, though most of the up to 1500 users you'll find on JAP use the default connection.

Tor relies on "onion routing," which means that a separate layer of encryption is peeled away at each computer in the chain; there are over 100 nodes in the Tor network, and you will automatically shift every now and then to a new chain of three computers, with each node in the chain knowing the location of only the computer right before it and the computer right after it. Thus your location will be unknown, and practically untraceable, to someone several links "down-chain."

JAP is easier to set up, I've set it up on both Windows and Linux systems. It needs a newer version of Java to run; under Linux, I just download a .jar file, and run it from my menu or command line as follows:

java -jar /usr/java/lib/ext/JAP.jar

(or whatever the path to your .jar file is.) Under Windows, you might get it working this way; or there's a special Windows download available on the JAP proxy website. Try the big 12-meg download first, and only install from it what you don't already have. Install it, click on the JAP icon, and the proxy will come up in a little window. (Under XP you may get an initial error message; known bug, ignore it.) The use of JAP is fairly intuitive: just click on "Anonymity On," and within seconds you'll be connected. (Trust me, you want to leave "Forwarder" alone.)

Oh, one other thing, to use your browser with JAP you need to go into your browser's preferences, General | Connection (in Firefox) or Network | Proxy servers (in Opera) or Tools | Internet Options | Connections | LAN Settings | Advanced (in Internet Explorer, I think) and set your HTTP and HTTPS/SSL connections to run through 127.0.0.1 port 4001. JAP only supports regular (HTTP) and secure (HTTPS) websurfing, so you don't need to bother with FTP or other protocols.

As for Tor, I understand it also has a Windows download now available, but I've never used it. Under Linux, I just download the source code and compile it. Tor works in conjunction with another piece of free open source software called Privoxy. (Privoxy also functions very nicely in its own right as an ad banner and popup blocker.) Download and install Privoxy, and add the following line to the Privoxy config file:

forward-socks4a / localhost:9050 .

Don't forget to include that period at the end of the line. And since we're being cloak-and-dagger, you'll probably want to find section 1.5 in the Privoxy config file, and comment out the line "logfile logfile": this will prevent requests through Tor being logged to the Privoxy logfile on your hard drive.

Now run Privoxy, and run Tor. Being in Linux, I run each of them from the command line. You will get a message reading, "Tor has successfully opened a circuit. Looks like it's working." Now all you need do is configure your browser (see above) to run through 127.0.0.1 port 8118; and you're ready to go. Tor working together with Privoxy will handle almost any protocol you throw at it, not just HTTP and HTTPS; I've even gotten my chat program operating through Tor by pointing it at 127.0.0.1:8118.

You might get Tor working without Privoxy, but warning! In that case, your requests for websites would be sent in the clear, unencrypted, which is probably not what you want.

One interesting feature of Tor is its ability to handle "hidden services," services of unknown physical location which can be reached out there in Onionspace. Yes, there is a small but growing number of websites whose URL ends in ".onion"; and they can be reached only via Tor. Especially worth checking out are Notes from the Underground and the new Torcasting blog; you can find more such sites listed on KIRA.

Generally speaking, JAP and Tor are reasonably fast, though slower than your regular Internet connection; however, expect Onionspace to crawl like molasses.

Either of these proxies will shield you quite effectively from your ISP, from casual snoopers out there, and from the sites you visit. (As long as you remember to also turn off javascript while going incognito— ahem, javascript can give away secrets! Once you're "cloaked," you might want to check yourself out here, before you go any further.) I understand Chinese dissidents and the like rely upon services like these, with good results.

(Other hints, besides disabling javascript... Disable Java in your browser (OK to have Java running on your system). And empty your browser cache, and delete all cookies, both before and after a session.)

Nonetheless, before anyone gets the idea of doing anything illegal, I'm sure the three-letter agencies could crack this level of encryption/anonymity like peanuts in the shell. Plus, part of the funding for Tor came from the US Navy; and JAP has already been compromised at least once by German court order. I'm just saying.

Anyhow, I'd say if JAP and Tor grab your interest, check them out. Standard disclaimer: I'm not an IT professional, I'm not even a real geek, I'm just a longtime computer hobbyist. I put a lot more trust in Joe & Jane Q. Public than I put in those who walk the corridors of power. And I think one of the great things about the Internet is that it empowers you and me, without so much as a by-your-leave to the "suits." Any questions, leave a comment, and I'll help if I can.

Labels:

0 Comments:

Post a Comment

<< Home