[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IDEA: "Site Cloaking" Technology



On Thu, 26 Dec 1996, Alexander Chislenko wrote:

> This seems complimentary to anonymous browsing (e.g., www.anonymizer.com).
> I doubt that ciphering the site list can assure that the site can't
> be found, as somebody could match incoming and outgoing requests.
> A chain of "Anonymous Rewebbers" / Recloakers could help here.
> An important thing here would be to make sure that the search engines can
> still find the sites.  Other difficulties would be caching and getting
> credits for ads.
> 
> Do you think it's worth doing?

This sounds a lot like Ray Cromwell's program, "decense".  It's more or less
the web equivalent of the penet remailer.  It is possible to attack even if
requests and responses are encrypted with traffic analysis.  The main objective
of such a system would be to make it very difficult to match a "real" URL with
the "anonymous" one, but not virtually impossible.  Encrypting the site list
won't help because the key would have to be stored somewhere on the system.
Many web servers have a security hole in them where the source code for a
CGI script can be requested instead of actually executing the script.  It's
not a good idea to assume that the executable will not be readable by anyone.

Decense is available at http://www.clark.net/pub/rjc/decense.html

Mark
-- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked