-----BEGIN PGP SIGNED MESSAGE----- I also agree that Netscape and similar browsers are a good target for crypto applications. I am working on a program (tentatively called webcloak) which runs on your PC next to your browser. You set the proxy in the browser to point at this program. This is a dialog box in Netscape and I think most browsers have this support. Then all of your communications go through this program. Unfortunately progress has been slow as I have been having to learn Winsock programming and re-learn Windows programming. But I do have a dummy program working which will pass commands through. It does not encrypt anything yet but simply redirects commands to a web proxy running on the net. Soon I will work on adding encryption, but the next step is to add dialog boxes to choose the web proxy to use. Right now it is hard coded in. Someone posted recently that the formerly open web proxy at http://www.proxy.aol.com:80/ is no longer responding. Also, a list member was running one for a while at http://spirit.aud.alcatel.com:8082/ but that is no longer working either. I have been looking for proxies by searching the incoming connection logs on this commercial system. I figure that some of the more frequently appearing hosts may be proxies. I telnet to them on port 80 and type "GET http://sony.com/". This is just a URL I use because it is short. Usually nothing happens but I have found a couple of proxies that still work. At this point I don't want to publicize them because they might be shut down as a result. I think running open web proxies (and another kind of proxy I will describe in a future message) will be a good thing for Cypherpunks to do. I know not everyone can do it; it takes more privileges and clout to keep a server running than to drop in a mail filter. But for those who do have the ability to leave background processes running I think these will be the remailers of the future. I hope some list members will start doing this. As another solution, I have developed a Perl script which anyone who can run CGI scripts can use to become a web proxy. Fortunately (and somewhat mysteriously) this commercial system lets me do that. Basically if you want to connect to http://www.mcom.com/ you instead connect to http://www.portal.com/~hfinney/webcloak.cgi?http://www.mcom.com/. The name of the CGI script and "?" is prepended to the desired URL. The script then receives the part after the "?" as its argv so it opens the URL and passes it back. So if you can't run a server but can install CGI scripts then you can run this "poor man's proxy". Unfortunately the standard proxy protocol will not work transparently with this; the CGI script and "?" pasting isn't done automatically by browsers. However my PC "webcloak" program does work with this kind of proxy; it pastes the required prefix string at the front of each URL. So if people do start using this approach the CGI proxies may be part of the solution. Soon I hope to be far enough along to ask people to start testing some of this software. Once I get the webcloak program able to be reconfigured by the end user I'll ask people to try it to see if it works on anybody else's PC than mine. It should hopefully work with anything that uses Winsock. Eventually I hope to see a lot of people running web proxies and privacy proxies (which just pass requests through to other web and privacy proxies - these are very simple connection redirectors, but do encryption and decryption for privacy). The end user can connect to a web site and update his list of proxy servers. Then when he fires up his local proxy interface program it can ping the various servers and print a summary of their response times. He clicks on the ones he wants, setting up a chain. Only the last one in the chain needs to be capable of proxying http requests, the others just pass data through. The local program connects to each of the proxies and negotiates a session key using PK encryption. This will be cached and used over a moderately extensive period of time, at least a few minutes. We can't possibly do a PK decryption for each link in a proxy for every .gif file in a page. That would be too slow. So instead it will just send a cache identifier to indicate which encryption key is in use. This is all pretty ambitious as you can see, but I am trying to do it incrementally. Even a basic system without encryption and where the user has to edit a text file to choose his proxy chain will provide some privacy protection. So I hope I will be able to interest people in providing the infrastructure needed for privacy protection on the Web. Hal -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBMA3umxnMLJtOy9MBAQHpSQIAvI/YB9JmGgwIaFWxCegAUtZ94eIHvOFU wVQPdXlvaLup8Kjcx1wTPm/oib8u7Ema+6eb/MGsQWrnYtCO8emoew== =zx5U -----END PGP SIGNATURE-----