How Effective Is SafeWeb? 9
Microsift asks: "I just found this site a couple of days ago and it seems pretty cool. It claims that it encrypts everything that goes through your browser so that no one can tell who you are or what you are doing. Does this kind of technology work? Why isn't everyone using it?"
Just a proxy (Score:2)
Anonymizer? (Score:1)
Fairly good, but at least one major issue! (Score:3)
The major issue I have is that SafeWeb works as a SSL man-in-the-middle. This dramatically changes my scope of trust. At first you might think you just have to trust them to keep you anonymous. But this SSL issue means you also have to trust that they do not view or modify any SSL traffic from the target site. I'm not sure about how to still keep your location private, but I would much prefer some method of doing end-to-end encryption with the target site.
Here are a few other thoughts about the technical details. One area of concern is how through are they about redirecting web requests, for example I was thinking this currently would not foil a web-bug. There is also little SafeWeb can do for you when you voluntarily breach your anonymous veil, except for the cookie management. Don't expect this site to work as a means of getting past censorware, because you can bet they will block it under every category!
I wonder what type of servers they are using. Sounds like they need lots of SSL processing (fair disclosure, I've helped design commercial SSL Accelerators). That will probably make this website a bit more expensive to run. I also wonder about internal security, both because of the SSL issue, and the fact you would expect spies to be interested in knowing more about anyone who wants to be anonymous. In particular, obtaining the SafeWeb SSL private key could be potentially quite valuable.
Finally, you should consider the trust and business models. As mentioned above, you have to trust SafeWeb, as a company, not to store or reveal your information. I'm a little cynical about advertising supported businesses, because I think they have lots of motivation to increase the amount of information they know about you. Still, their privacy statement as it stands now looks good. If you plan on using SafeWeb (for non-SSL transactions), I'd keep a careful eye on the privacy statement to make sure it remains good.
Anonymous Proxies (Score:1)
Proxy List (Score:1)
PROXYS-4-ALL [cgi.net]
Re:Fairly good, but at least one major issue! (Score:2)
The basis idea is that thye act as a full-scale proxy for all your requests. That means that everything you do goes through them. And they are pretty thourough. every url gets changed on the pass through, if it's just going via a cgi-script, and then there are a few companies that actually act as right-out http-proxies.
Anyway...
Here are a few other thoughts about the technical details. One area of concern is how through are they about redirecting web requests, for example I was thinking this currently would not foil a web-bug.
Yeah. they do actually. The web bug acts just like any other document being requested. The people who placed the web bug will only get SafeWeb's redirector machine ALOT. But not you.
I wonder what type of servers they are using. Sounds like they need lots of SSL processing
Yeah. you're definately right on that one. In fact, they need alot of processing just to reinterpret all the html data... It's a huge effort, and I'm not sure how SafeWeb is handling cost, but I find it very unlikely that it's a model that could possibly succeed using just ad revenue. It's really compute-intensive (and bandwidth-intensive) to have everyone's traffic run through and edited by your machines.
That's all I've got for now. I'm sleepy. -Andrew
security holes? (Score:1)
A la: http://www.alcrypto.co.uk/java/ [alcrypto.co.uk]
Has anyone heard of any still un-fixed holes in safeweb or anonymizer??
Here's why I won't use these stuff. (Score:1)
_ALL_ your traffic is going through the service. And if you have an account with the service, they can really know what you are doing.
In comparison sure your ISP could spy on you, but it takes more effort, and most ISPs have better things to do - most don't have enough staff, so who's gonna do the spying?
So the only difference I see is that you end up with slower connections and instead of the ISP being able to spy on you, the "anonymizing service" can.
Why bother getting slower service for little gain?
Cheerio,
Link.
Does the URL reveal details? (Score:1)
https://www.safeweb.com/o/_i:_o(154):www.slashdot
Does https mast the url? If not all someone would need to do is look at the full url to see where you were visiting.