Security Basics mailing list archives
Re: Anonymize internet access
From: "Jeffrey F. Bloss" <jbloss () tampabay rr com>
Date: Fri, 23 Sep 2005 17:27:17 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 22 September 2005 12:40 pm, Saqib Ali wrote:
If this is for several users in an enterprise, try: Publish IE/Firefox on Citrix, and use Anoymous Citrix users accounts. Clean Anonymous user space after logoff. Best way to anonymize internet access. Tunnel ICA (Citrix protocol) through SSL.
I know nothing about Citrix. They appear to be a service that offers VPN to
their machines, then proxy connections to the outside. That would dictate the
connection between you and them is already encrypted, and "tunneling it
through SSL" would seem pointless.
OTOH, tunneling an SSL connection to an end location or a forwarding server
through the VPN connection to Citrix might be very useful. It would obscure
content from Citrix, as well as anyone between Citrix and that SSL
connection's end point.
All that said, The OP stated a preference that the service keep no logs. Does
Citrix log? How do you know?
The simple answer is that you do not. You can't, unless you're Citrix. They
can claim anything they want. It's meaningless in essence. This is true for
any such single point of contact. None of them can be assumed to be anonymous
in any way, and none of them are the "best way" to anonymize connections to
the internet.
The closest thing you're going to get to real anonymity on the internet is the
mixmaster remailer network, tor, and other similar mix/onion routed setups.
They're the only things designed to afford any true privacy at all, even in
the case of a partial compromise of the network. IOW, because of the "blind"
nature of such protocols, individual nodes in a given chain have no way to
log any useful information. The issue of "do they" becomes moot.
- --
Hand crafted on September 23, 2005 at 17:14:04 -0400
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Groucho Marx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDNHM6RHqalLqKnCkRAg6OAJwMptiF0H2KGlWknuErDniWn+3x6gCcD2to
jqotW6FF6Vu5dIXFGwhSyAw=
=mD+k
-----END PGP SIGNATURE-----
Current thread:
- Anonymize internet access Cesc Santasusana (Sep 22)
- Re: Anonymize internet access Saqib Ali (Sep 23)
- Re: Anonymize internet access Jeffrey F. Bloss (Sep 26)
- Re: Anonymize internet access Saqib Ali (Sep 27)
- Re: Anonymize internet access Mr-Oss (Sep 26)
- Re: Anonymize internet access Jeffrey F. Bloss (Sep 26)
- Re: Anonymize internet access Adam (Sep 26)
- Re: Anonymize internet access Jeffrey F. Bloss (Sep 26)
- Re: Anonymize internet access Jonathan Pauli (Sep 26)
- Re: Anonymize internet access Alexander Klimov (Sep 28)
- <Possible follow-ups>
- Re: Anonymize internet access aeast (Sep 26)
- RE: Anonymize internet access Joshua Graham (Sep 26)
- Re: Anonymize internet access Jeffrey F. Bloss (Sep 26)
- Re: Anonymize internet access Michael Painter (Sep 28)
- Re: Anonymize internet access Jeffrey F. Bloss (Sep 26)
(Thread continues...)
- Re: Anonymize internet access Saqib Ali (Sep 23)