On Thu, 26 Dec 1996, Alexander Chislenko wrote:
This seems complimentary to anonymous browsing (e.g., www.anonymizer.com). I doubt that ciphering the site list can assure that the site can't be found, as somebody could match incoming and outgoing requests. A chain of "Anonymous Rewebbers" / Recloakers could help here. An important thing here would be to make sure that the search engines can still find the sites. Other difficulties would be caching and getting credits for ads.
Do you think it's worth doing?
This sounds a lot like Ray Cromwell's program, "decense". It's more or less the web equivalent of the penet remailer. It is possible to attack even if requests and responses are encrypted with traffic analysis. The main objective of such a system would be to make it very difficult to match a "real" URL with the "anonymous" one, but not virtually impossible. Encrypting the site list won't help because the key would have to be stored somewhere on the system. Many web servers have a security hole in them where the source code for a CGI script can be requested instead of actually executing the script. It's not a good idea to assume that the executable will not be readable by anyone. Decense is available at http://www.clark.net/pub/rjc/decense.html Mark -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked