KNOW-HOW Java Anonymous Proxy Anonymous surfing with Java Anonymous Proxy GHOST SURFING Many Websites log IP addresses and access times to identify users. If you don’t want to wind up as data in someone’s market research, the Java Anonymous Proxy will keep your surfing secret. BY TOBIAS EGGENDORFER nless you happen to be a VIP, anonymization service. An anonymiza- Users employ a variety of techniques you can drop into a baker’s shop tion service is a service that lets the user for surfing on the Internet without detec- Uanywhere but in your own home surf the web anonymously. The service tion (see the box titled “Private Surfing”.) town and pay cash for a loaf of bread obscures the user’s true IP address, pre- One popular privacy tool is Java Anony- without revealing your personal data. venting snoopers from following the user mous Proxy (JAP) [1], a portable proxy Nobody will record the way you move or around the web. that supports anonymization in Linux. attempt to discover your behavior pat- terns. In day-to-day life, anonymity is Cookies and Anonymity the rule. In contrast, the Internet allows JAP gives you maximum anonymity, but Many Websites require cookies to work seamless logging of visitor traffic on imprudent handling of cookies can endan- properly, so you may not be able to get websites. ger your privacy. Many Websites set cook- away with disabling them completely. This continuous data collection allows ies, which they use to identify returning This said, most browsers give you the for unique visitor identification; all it visitors. This is not a big issue assuming option of restricting the validity of any takes to identify a user is a short phone that cookies are set while you are surfing cookies to the current browser session. call to your provider, who is easily iden- anonymously. But if you provide user data, When you close the browser, the cookies or if cookies from previous sessions pre- are deleted, thus removing the danger of tified via a whois entry, to get your per- exist in your browser, any protection JAP inadvertent identification. sonal data. Governments have passed can give you is compromised. The remote Solutions such as Cookiecooker [9] are laws to prevent the most extreme misap- Web server will still be able to identify you suitable for mixing cookies from ad serv- propriation of personal data, but Internet despite the anonymization service. ers, but they can also lead to you being users with static IP addresses are still To help mitigate the risk, you could install incorrectly identified. Although Cook- easily identified on the web through a two browsers, one for anonymous surf- iecooker provides some protection simple whois request. ing and the other for “public” surfing. against this, there is always the danger To protect your privacy, you need to This would avoid mixing cookies and of ending up hijacking somebody else’s bring in heavy artillery in the form of an would reduce the risk of identification. session. 44 ISSUE 60 NOVEMBER 2005 WWW.LINUX - MAGAZINE.COM Java Anonymous Proxy KNOW-HOW control of a mix somewhere in mid- 1x encrypted 2x encrypted stream, there is nothing the attacker can do with the sniffed data. As multiple Response users route their data packets through each cascade, each cascade contains a nicely stirred cocktail of packets from y 1 2 G different users, preventing any conclu- JAP Mix Mix G G Prox Browser G E E E E T Webserver sions about the packet order. T T T Do you have neighbors who take GET URI 2x encrypted 1x encrypted delivery of a parcel in your absence and Time then hand it over to you saying “Hey, big Ideal: On the same computer parcel you got there” before going on to Figure 1: The message is encrypted separately for each mix, like a letter in multiple envelopes, speculate about what it could be? JAP and progresses through the mix cascade to improve anonymity. puts an end to this kind of speculation by chopping the data into 998-byte JAP encrypts all requests and sends them If a mix in this cascade decrypts a chunks and padding smaller chunks to a mix – an intermediate system on the message sent to it, it can only see the with random data. Internet that mixes user data from several cypher text for the next mix. As every Just like PGP or SSL, JAP relies on a sources. The data bounces through sev- mix uses a different key, a high level of mixture of symmetric and asymmetric eral mixes before finally reaching a proxy privacy is assured. It that sends the request to the web server. is like putting a letter This article describes how you can surf in a number of secretly with JAP. opaque envelopes. Each mix can only Understanding JAP open one envelope The underlying principle behind JAP is (Figure 1). simple: data passes from the web client This design pro- through a chain of several mixes before vides an additional reaching a proxy server. At each step, benefit: as outgoing the data is mixed with data from other messages always look users. The packets are also encrypted at different from incom- each step. The proxy encrypts the mes- ing messages, there is sage in a way that the last mix can no way of mapping decrypt it. The last mix takes the cypher incoming packets to text and encrypts it to allow the last-but- outgoing packets. one mix to read it. The results are then Even if an attacker re-encrypted for the last-but-two mix, were to sniff a mix’s Figure 2: The proxy is easy to set up on the browser-side. You can and so on. traffic stream or take reconfigure the default port of 4001 in JAP. JAP Transmission The data exchange between JAP and the dom channel ID. The new channel relies padded with 16 random bytes to take it mix, or between mixes in the chain, uses on a symmetric key, the asymmetric, RSA up to the standard size. The mix again a standard format. Each packet has a size encrypted version of which is stored in encrypts the first 128 bytes with the next of 998 bytes, and header flags are used to the first 128 bytes of the data packet. The mix’s key. If the open flag is not set, the specify important information. rest of the packet is encrypted symmetri- key exchange does not take place. This The 32-bit channel ID is the most impor- cally using AES. increases the size of the packet’s payload tant bit of information; the ID assigns the The payload has a 3-byte header that component. mix packet to a mix channel. The channel specifies the exact length (2 bytes) and the Mixes set the close flag in the header to ID always occupies the first 4 bytes of a user data type (1 byte). This data type can close a connection and pad the data com- mix packet. This is followed by 2 bytes, 5 be FTP or HTTP. The last mix in a cascade ponent with 992 random bytes. When- of which are used for flags. The flags identifies a suitable proxy based on the ever a mix receives a packet of this kind, it describe the makeup of the data packet. data type. drops the channel ID and the matching The remaining 11 bits are reserved for The asymmetric part is the interesting bit symmetric key. The packet also tells JAP possible future extensions. The channel here. The first 16 bytes contain the 128-bit that all data have been transmitted and ID uniquely identifies the link between key used for symmetric encryption by closes the TCP connection to the browser. JAP and the mix, or between two mixes. each mix. To allow the next mix to learn To prevent attackers from deducing the The open flag (bit 45) is set on establish- its key, all the data in the packet are left packet type from the header data, mixes ing a connection to specify a new, ran- shifted by 16 bytes, and the data packet is also encrypt the header. WWW.LINUX - MAGAZINE.COM ISSUE 60 NOVEMBER 2005 45 KNOW-HOW Java Anonymous Proxy encryption for communication between your local network, you will need to for Linux. Compared with the relatively mixes and the local proxy. JAP encrypts enable the Forwarder to give other complex technology on which the JAP is messages to the mixes with random machines access. based, JAP is very easy to install and symmetric session keys. On first contact, use. Once you have installed JAP on the symmetric key is then encrypted Choosing a Cascade your own system, you can test your con- asymmetrically using the mix’s public The other settings, which you can access figuration using the testing service pro- key. via the Settings or Details buttons, are vided at [8]. ■ self-explanatory. The only question JAP Installation newcomers then face is the choice of the INFO Despite its apparent complexity, JAP is best available cascades. [1] Java Anonymous Proxy (JAP): simple to install and use. Just download Cascades define your degree of ano- http:// anon. inf. tu-dresden. de/ index_ the JAP version that matches your own nymity: the more users that populate a en. html Java version from [1]. To discover your cascade, and the bigger the cocktail of [2] The Cloak: http:// www. the-cloak. com Java version type: packets, the more difficult it becomes to [3] Guardster: http:// www.