-----BEGIN PGP SIGNED MESSAGE----- I posted some experiments on this a few weeks ago. Some existing web proxies, at least the one at CERN, will accept connections from anyone. Set your proxy server to one of those and you have a bit of anonymity already. There is a problem with trying to get much more anonymity than this - most connections are for a very short period. So there is not as much possibility for batching and mixing as with remailers. Only those connections which are actually active at the same moment could have their in/out mapping confused from the perspective of someone watching the redirector site. So generally our goals have to be somewhat more limited than with remailers. The way proxies work, as I understand it, is that normally when you connect to, say, http://site.org/dir/file.html, it connects to the special port number for http at site.org, then sends it the remainder of the URL, dir/file.html. When you use a proxy, it always connects to the proxy machine, then sends the whole URL (possibly not including the http:, I forget), e.g. site.org/dir/file.html. This way the proxy knows where you want to connect and does that for you. The nice thing about this is that it is already built in to most clients. The bad thing is that it does not lend itself to chaining. Ideally, the purpose of chaining is so that no single link in the chain knows both ends. That way no one person can betray your trust. But with the current client software the very first proxy server sees both your address and your destination, so even if it went on to set up a chain you would have to trust it. One idea that was suggested here would be to have a local proxy process, a very simple one which your fancy client connected to for all your net accesses. This would be where you would implement encryption, or new protocols for chaining, etc. This way we don't have to try to persuade client writers to incorporate our improvements; the existing proxy support provides the loophole we need. One nice feature, for example, would be a full 128 bit IDEA or RC4 encryption engine so that overseas Netscape users (or domestic ones who are stuck with crippled versions) can get good security. However, running this kind of local proxy or a general chaining proxy does require root access. Most systems will not let you create a low-numbered socket unless you are root. So this is not something which people will be able to do from their user accounts. Hal -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLvdN/RnMLJtOy9MBAQG4RAIAk6ngvAJvwagoMMyejrvUOJCLQ7Z1CSfm AatsyVIim9++Ehs8wMEXRRyAKp+7/tcOxC0B4f4jk2dqamsZl0YJew== =OQsA -----END PGP SIGNATURE-----