A number of cypherpunks have asked me about the current JAP situation. Here's the scoop, as I know it. (I've sent mail to some of the Dresden folks, but haven't heard back yet.) This thread on Usenet contains the pertinent information: http://groups.google.com/groups?selm=f938f87a44e64d6776c635b979aa1c48%40remailer.frell.eu.org&oe=UTF-8&output=gplain The Java Anonymous Proxy is a real-time web mix system, (originally) designed to provide web browsing anonymity that couldn't be undermined by any one proxy operator. Well, no more. The JAP authors silently introduced a back-channel intended to compromise anonymity of users accessing certain sites, under the guise of an "obligatory update". They claim 30,000 total users. That's a large amount of people who are being lied to about their anonymity. (The JAP website, as of this morning, was still stating: "Since many users use these intermediaries at the same time, the internet connection of any one single user is hidden among the connections of all the other users. No one, not anyone from outside, not any of the other users, not even the provider of the intermediary service can determine which connection belongs to which user." Which would be true if not for the backchannel.) JAP's webpage: http://anon.inf.tu-dresden.de/index_en.html The JAP operators justify their actions (which were taken to comply with German law) by stating that their alternative was to shut the system down. There are a number of problems with this, the first being that anonymity systems which are contingent upon selective government approval for anonymity are ill-suited to a global Internet environment: What makes a court order from Germany, or England, or the US any more valid than a court order from another net-connected UN member, like China, or France? If we believe privacy and anonymity to be human rights, then we cannot build these sort of backdoors into the system and expect them not to be abused. Compare the JAP operator's actions with those of Julf Helsingius, operator of anon.penet.fi (the famous anonymous remailer/pseudonym server): http://www.penet.fi/press-english.html Julf closed down his system, which was inherently vulnerable to subpoena attacks since it stored nym to user mapping information, when he realized he could be forced to reveal any user's identity by almost any entity willing to abuse the global legal systems. Time has shown that was the right choice. Cypherpunk and Mixmaster remailers, already developed and deployed by this time, rose up in penet's place, and at this point it would be impossible for anyone to effectively compromise a user's identity via court order. (There are Mixmaster nodes operating in almost a dozen countries, and the system is truly designed to defeat rogue operators.) With the next-generation of remailers on the horizon (Mixminion and Mixmaster 4.0), ease of use should near that of Penet. Unfortunately, these are email solutions, and don't address the web browsing issue that JAP attempted to solve. Bad anonymity systems are worse than no anonymity systems. JAP has become a bad anonymity system -- mainly because it represents itself as being far stronger and more secure than it is. I am unclear on the JAP source code license. Perhaps it is possible to restore the code to the uncompromised version, and erect a parallel, trusted JAP network -- though the damage to its reputation is certainly severe. This goes to demonstrate again that crypto isn't the only consideration in an anonymity system: Anonymizer, for instance, is still a better choice for web anonymity than JAP, even though JAP offered mixing and independent operators. An anonymity provider should never represent itself as offering a greater level of protection than is actually offered -- which is the worst thing that the JAP team did (and is still doing.) --Len.