[Ryan replied on the list to a private email I sent him. I'm sending the original letter to provide context for his reply.] Peter Trei

---------- From: Trei, Peter Sent: Wednesday, November 21, 2001 10:15 AM To: 'Ryan Lackey' Subject: RE: "quitting havenco", not quite!

---------- From: Ryan Lackey[SMTP:ryan@havenco.com] Sent: Tuesday, November 20, 2001 5:48 PM To: Trei, Peter Cc: 'cypherpunks@lne.com' Subject: Re: "quitting havenco", not quite!

...

Ryan and the other HavenCo folks deserve *massive* kudos for this. (now, when is the HavenCo remailer going online? :-)

The remailer has been up since 16 September 2001, and was announced to this list among others. http://remailer.havenco.com/

Oops! (more kudos to you!)

Followed by: (I have them for myself now, not commercial-grade yet) * Anonymizing proxy on Sealand, cover general traffic as well as havenco-destination traffic. Free and no ads to havenco-destination sites; free and ads and rate-limiting to elsewhere, or subscription.

Now that Safeweb is down, this would be really nice. A suggestion:

Protecting traffic between the end-user and the proxy is as and sometimes more important to the user as protecting the target user from the target web site.

Safeweb did this pretty well, using SSL between the user and safeweb, and rewriting the URLs as encrypted strings. (There was a javascript frame on the end users browser, but I'm sure you know all that). Protecting the target URLs from observation is almost as important as protecting the content.

Thus, once Safeweb was going, an observer on the firewall could find nothing except the volume of traffic between the user and safeweb.

Of course, safeweb went tits-up, so their economic model (they were ad-supported) is questionable.

There are a couple other systems out there that are similar; www.the-cloak.com for one.

I've a small list of links on this, if it would be helpful. For example: http://www.jmarshall.com/tools/cgiproxy/

Peter