Hi, developing on a project which uses Tor, I hope to get some opinions from you. I'm working with the mobile business group at my university in Germany. We are developing a platform for location-based and context-based applications. We also want to provide security and anonymity to the users of these locaion- and context-based services. Beside using pseudonyms, we want to apply an anonymizing service like Tor. Our tests with some quite fast mobile devices (PDAs) showed that Tor could not (yet) be applied directly on the client. In the first place performance of the PDAs is too low for the (many) publice key operations, and secondly setting up a circuit causes much traffic which takes long and costs money; e.g. the OR list is quite big. So we switched to a different architecture: now there is gateway to which the user connects to and which does all the anonymizing for him. This means we have a single point of failure, but we only need to connect securely (TLS,VPN,...) to the gateway. Additionally we want to enable the user to choose the way of anonymizing, e.g. using Jap or Tor. Because of this and because we use the gateway for some other things, we had to design our own protocol which is similar to Socks, but has some additional parameter for the anonymity configuration. So our architecture looks like this: the mobile client connects securely (by VPN) to the gateway, then it sends a Socks-like connect request along with the configuration parameters to the gateway, the gateway sends a request to the chosen anonymity service (e.g. talking socks5 to Tor on port 9050) and after the connection has been established the gateway forwards all incoming data. What do you think of this architecture and of anonymity on mobile devices in general? There was a system called mCrowds which implemented Crowd's Jondos on WAP-gateways. Does anyone know it? Christian ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]