At 07:13 PM 4/26/96 -0400, Black Unicorn <unicorn@schloss.li> wrote:

Has anyone developed such a beast yet?

Good timing for the question! As Perry pointed out, the CERN httpd provides basic proxy functions, but it doesn't do the anonymizing job of deleting/replacing information your browser may output to a CGI script, so it's only a partial solution. The pre-beta-test anonymizer proxy Sameer mentioned does the main protocols, though doesn't anonymize https: yet; doing the job right is difficult or impossible without support in the browser for features such as double-encrypted SSL sessions (one layer of encryption between the browser and proxy, and an end-to-end connection between the browser and the destination server.) [Jeff - any chance of this unlikely feature being supported?] I tried doing an https: connection to the proxy, but something wasn't in the directory it expected; that's what betas are for :-) Alternatively, maybe an SSH connection could work?

Will we have as extensive a WWW proxy network as remailer network?

That's partly a technical question, and partly a social/economic one. The technical parts are whether it's easy to install an anonymizer on your web server (at least for Unix and maybe NT users), and whether there's a big drawback if you do, like performance hit or extra charges from your ISP. There's also a technical issue of whether anon-proxies will be quiet underground things, or whether there'll be some convenient coordination mechanism, such as random.anonymizer.com being a DNS hack that picks a random anonymous server that can be temporarily registered by just starting an anonymizer application. The social parts of the question are how we get people to _want_ to install it, and how we get them to keep running it once it gets annoying. A good PR job can help, especially if installation+registration is a one-or-two-button thing; using one anonymizer nags you to install your own. Perhaps somebody will find a convenient way to add only-mildly-annoying advertising to the anonymizers, or to collect digicash without discouraging users, giving some tradeoff between social responsibiity and crass profit motives, and allowing a spectrum of anonymizers to operate. Of course, especially with some profit-making services (e.g. the Anonymous Porn Proxy or the Hemp Buyers' Privacy Connection) the server may have trouble convincing customers that the anonymity is really being preserved, whether from government subpoenas, junkmail and credit card fraud, or future resale to Blacknet. The other side of the propagation problem is keeping proxy providers willing to run their services after they have problems because of how their service is used. One problem is spammers and other abusers. Suppose somebody uses your anonymizer to connect to a web-posting page or mailto: and spams a big mailing list or newsgroup with objectionable material, like the <perjorative deleted> spammer who sent hate mail from my remailer to the various gay newsgroups signed with some innocent bystander's name. At best you get flamed; at worst your ISP drops your service. Or the spammer signs the guestbook at whitehouse.gov in an interesting manner. Another problem is users whose behaviour attracts attention. Maybe it's the highly legitimate user who checks out the tax forms on irs.gov for taxable activities the IRS didn't know were involved in, like overseas banking and stocks when _your_ tax returns all said "broke college student" (just _try_ explaining anonymizers to the compuer-illiterate IRS clerk.) Maybe it's the user who wants to avoid junk email when she checks out the Make.Money.Fast.multilevel.religious.technology stockbroker service. Guess who's now on Their lists. Maybe they used the anonymizer to view child pornography from kidporn.sting.postalinspector.memphis.usps.gov, and the Post Office Police come kick your door down. Or maybe they were checking out the schedule at the Cannabis Buyer's Club using your anonymizer just in case the FBI wiretappers wanted to enforce laws that the S.F. Police don't bother people about. Some of these problems can be helped by things like transient proxy servers, if we build a convenient way for them to hook in for a while and drop back out. On the other hand, if you're waiting for me to write all this code I'm suggesting we need, you'd be better off hacking some more easy partial solutions that can be deployed, tested, and replaced with the next edition :-) # Thanks; Bill # Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215