mailing list archives
Re: Anonymous Anonymity - Request For Comments
From: S_Dorn/CIB () BANKCIB COM
Date: Tue, 19 Jul 2005 15:59:35 -0500
Why not encapsulate the data portion by encrypting it inside a jpeg file,
or something like that? Trying to hide it inside HTML tags wouldn't be all
that hard to detect by using a specialized proxy or firewall. Proxies
already can filter out invalid html headers and line sizes, amongst other
things. Not to mention the overhead you'd be creating with all the HTML
tags in an effort to make it look like a standard web page. Considering
the data itself could be used to determine the originator, (names, phone
numbers, etc) you'll want to make sure that not only the transaction is
anonymous, but the content is as well.
Overall, quite an interesting concept.
gandalf () digital net wrote on 07-19-2005 12:57:24 PM:
Greetings and Salutations:
From: Craig Skelton <cskelton () gmail com>
Take a look at Tor.
One of the biggest problems with Tor is bandwidth disparity.
Many people have suggested that I take a look at TOR, and I have.
In fact I was able to talk to some of the authors of that system (I
need to add a reference to TOR in my paper). Extremely
knowledgeable I must say.
I have installed TOR on a network that I have pretty well locked
down. My router filled up the syslog file with packets to "strange"
ports when I started TOR up. If I wanted to block TOR it would be
The other issue (I think I understand TOR correctly) is that if one
of the "routers" is not a "trusted" machine (specifically the first
one) then a rogue "router" can "act" like it is the other "routers"
and will know the entire transaction. There is also a centralized
server to hold the addresses of servers (which could be
compromised). I don't want to have anything centralized. I propose
that all nodes are servers. I am trying to get away from trusting
anybody yet spreading the information around so much so that nobody
can piece together the information.
One other issue with TOR and FreeNet is searching. They do not have
searches integrated into the design. Someone has to produce a web
page that does the searching. The system I propose has searching as
an integral part.
I am looking for something that is almost invisible (i.e. port 80,
81, 443, 21, 22, 23, 8080 etc.) to any monitoring system. The
alternative is to do like AOLIM and just start trying ports until
something works. The other issue is making the traffic "look" like
standard HTML to bypass application level firewalls.
I like the idea of TOR, tho', and it is interesting and the people I
spoke to gave me tons of pointers on other issues with Anonymous
Systems. I will add / update to the file at:
Do not meddle in the affairs of wizards for they are subtle and
quick to anger.
Ken Hollis - Gandalf The White - gand... () digital net - O- TINLC
WWW Page - http://digital.net/~gandalf/
Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html
Trolls crossposts - http://digital.net/~gandalf/trollfaq.html
Woodworking For Geeks - http://digital.net/~gandalf/woodmain.htm