LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

Tux3: the other next-generation filesystem

LWN.net Weekly Edition for November 27, 2008

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

The police tap JAP

[Posted August 26, 2003 by corbet]

The Java Anonymous Proxy project is developing a proxy system which enables users to access web sites in an anonymous manner. The JAP code is distributed under a BSD-like license. The JAP project also runs a set of servers which provide the actual anonymous web access.

It turns out, however, that access is not always anonymous; the JAP system went down for a few days in mid-August for the addition of new "security features." Those features, it seems, include a means by which the German police can determine the real originating IP address for accesses to a destination site of their choice. This access requires the usual formalities - court orders and such - but it does, regardless, violate the spirit of an anonymous proxy system. This is the sort of thing that users of an anonymous proxy are trying to get away from.

Since JAP is free software, people who were paying attention were able to see the new "security features" as they were checked in to the CVS repository. This transparency is, of course, one of the reasons why we like free software in the first place. We should remember, however, that there was nothing forcing the JAP developers to commit their changes to a public repository, and there is still no assurance that the JAP servers are running the same software as that found in the repository or on the download site. Entrusting your privacy to a remote system over which you have no control remains a risky thing to do.

See the JAP project's press release for more information on this incident.

(Log in to post comments)

The police tap JAP

Posted Aug 28, 2003 14:32 UTC (Thu) by rfunk (subscriber, #4054) [Link]

The press release seems to be written primarily in Legalese, and last I
checked babelfish had no Legalese-English translator....

The police tap JAP

Posted Aug 28, 2003 14:54 UTC (Thu) by arcticwolf (guest, #8341) [Link]

Isn't JAP based on mix cascades? So - even if the first mix in a cascade is compromised, won't the cascade as a whole still be secure (i.e., anonymous)? The police may be able to find out which IP made a request, but when they don't know (and cannot find out) what page was requested, how does it help them?

Outside of that, was the JAP project required to compromise their own software, or did they merely decide to play along?

The police tap JAP

Posted Aug 28, 2003 15:32 UTC (Thu) by corbet (editor, #1) [Link]

My understanding is that the software changes put in a back channel allowing the first and last hosts in the cascade to communicate. The final hop, on seeing that it was connecting through to the site of interest, would send a note back to the first hop, which would then connect the access with the originating host, and send the whole thing on to the authorities.

As to whether they were required to do this, my understanding is that they were.

The police tap JAP

Posted Aug 28, 2003 15:44 UTC (Thu) by spudbeach (guest, #5837) [Link]

> Entrusting your privacy to a remote system over which you have no control > remains a risky thing to do.

Yep, but there is very, very little you can do to avoid it. The standard commercial web anonymizers (www.anonymizer.com) require you to take it on faith that they aren't compromised. Anonymous e-mailers, even mixmaster, are vulnerable to being back doored.

There are two methods of anonymous communication:
1) communicate without leaving any trace of yourself. Since every packet on the internet has a source IP address, that's kind of hard to do.
2) rely on somebody else to forward your communication without telling anybody who you are. This is _always_ vulnerable to compromise.

So what's an anonymous whistle-blower/pornographer/freedom fighter to do? Not stop trying. Just remain cognizant of the risks.

The police tap JAP

Posted Sep 1, 2003 14:37 UTC (Mon) by mmutz (subscriber, #5642) [Link]

Actually, the article puts the JAP project into the wrong light, they deserve otherwise:

As a native speaker: As I understand the media coverage (e.g. Heise Newsticker (German)), the police knocked at the door of the JAP project participants, equipped with a court order that the traffic of one single IP source had to be recorded.

The JAP team then made the necessary changes to the codebase and immediately released those changes to the public. This is pretty audacious if you ask me.

In parallel, the Unabhängige Landesdatenschutzzentrum Kiel (UDZ; independent data protection center Kiel; also part of the JAP project) filed a complaint with the state court in Frankfurt which on the 27th ruled the original court order to be suspended. Both UDZ and Dresden University immediately switched off the reporting function.

It's now the court's decision what is to be done with the single incident that was recorded in this timeframe (whether it may be used by the police in court or has to be deleted).

I for one think this is a pretty big success story for Freedom and Privacy up to now and quite far away from the FUD that the article tries to spread.

Copyright © 2003, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds