Slashdot Mirror

Here is where you can plug a URL in to see if it gets filtered or not. And indeed, sourceforge turns out to be a wicked MP3-peddler. Oddly enough, freshmeat is not in there yet.

They also have another interesting and potentially more controversial filtering category: "Anonymizer". Try plugging http://www.anonymizer.com into that box on the link above. Thin legal ice, if you ask me.

Google stores the text of pages (but not the graphics) when it spiders a site, and makes them available to you, in case, uh, "the site is down". Yeah, that's it.

It's pretty handy to use when someone has yanked a page that turned out to be embarrassing.

Unfortunately the page with the announcement at 2600 was just put up and is apparently not yet available in Google's cache, but will be at some point.

Another alternative is to use The Anonymizer. Here is 2600's announcement of Ford's surrender, which you should be able to read unless your firewall blocks the anonymizer too.

Google stores the text of pages (but not the graphics) when it spiders a site, and makes them available to you, in case, uh, "the site is down". Yeah, that's it.

It's pretty handy to use when someone has yanked a page that turned out to be embarrassing.

Unfortunately the page with the announcement at 2600 was just put up and is apparently not yet available in Google's cache, but will be at some point.

Another alternative is to use The Anonymizer. Here is 2600's announcement of Ford's surrender, which you should be able to read unless your firewall blocks the anonymizer too.

Even if they do this, places like Anonymizer will provide Secure Tunneling. Anonymizer also has other services, and they seem to be trusted for their part.

This can handle most web activity. Email can be encrypted, remailed, or signed up for and used through Secure Tunneling, or a similar method.

As an example, when I browsed the web at work, I used Secure Tunneling. For my email, I used Hushmail. Hushmail encrypted all the data that I saw, so it could not be tracked until it left Hushmail's servers.

NNTP is a problem. There are anonymous NNTP sites. Altopia, a site run by a staunch Libertarian, seems to be pretty reliable. You can even pay rather anonymously. More recently, Teranews has offered privacy, though I don't know of many reports on their trustworthyness.

The problem with NNTP service is you cannot encrypt the actual data stream to the NNTP server itself. Hopefully someone will provide such a service. (At another glance, it looks like the Secure Tunneling package includes "Anonymous Newsgroups". But I am not sure what that means.)

Even if they do this, places like Anonymizer will provide Secure Tunneling. Anonymizer also has other services, and they seem to be trusted for their part.

This can handle most web activity. Email can be encrypted, remailed, or signed up for and used through Secure Tunneling, or a similar method.

As an example, when I browsed the web at work, I used Secure Tunneling. For my email, I used Hushmail. Hushmail encrypted all the data that I saw, so it could not be tracked until it left Hushmail's servers.

NNTP is a problem. There are anonymous NNTP sites. Altopia, a site run by a staunch Libertarian, seems to be pretty reliable. You can even pay rather anonymously. More recently, Teranews has offered privacy, though I don't know of many reports on their trustworthyness.

The problem with NNTP service is you cannot encrypt the actual data stream to the NNTP server itself. Hopefully someone will provide such a service. (At another glance, it looks like the Secure Tunneling package includes "Anonymous Newsgroups". But I am not sure what that means.)

My house is half a mile up a dirt road up in the Sierra Nevadas in rural California. DSL and cable are just never going to happen here. I'm so far from the telco CO switch that even dial-up sucks. I cannot even get a consistent 28.8 dial-up connection; 21k-24k is more typical.

I have a Starband 360, which is their latest model "modem". This comes with an option for either ethernet or USB connection to your computer, and I opted for ethernet because I was told, off the record by the installer, that Linux might work with the ethernet connection.

And indeed Linux does work with it, kind of. As far as Linux is concerned, the Starband modem looks just like a DHCP server on the other end of an ethernet interface. There's really nothing to configure other than plugging in your ethernet line and running dhcpcd (or pump, for you Debian users).

This setup works, but very slowly. Ping times are anywhere from 1.5 to 3 seconds, and this kind of default Linux setup does nothing to either deal with the latency issues or take advantage of the fat pipe offered by the connection.

Over a period of months I tried numerous strategies to compensate. I installed Smoothwall as my gateway machine, and turned on proxy serving to take advantage of squid as a caching server. I tried fiddling with some basic network configurations, like window size. None of these things made more than an incremental difference.

After several months I realized that I was always going to have high latency, and under Linux I was never going to achieve transfer speeds above 2k per second. What I basically had was a dedicated connection to the Internet that behaved like a sluggish 14.4 modem.

As much as I love Linux and Open Source, I am above all a pragmatist. I'm not shy about using Windows when it's the right tool for the job. And in this situation, Windows has an advantage.

Starband licenses a software package from Netgain that provides so-called "TCP/IP acceleration". Frankly I'm not sure what it does, but there are a number of possibilities I can imagine (extreme window sizes, multi-plexed downloads, etc.). The point is that it does it in a proprietary fashion, and it's available only for Windows. You can't beat the latency; nothing gets around the fact that every packet must travel 44,000 miles. But you can take advantage of the capacity with the right software.

The best approach is to run Windows 2000 as your gateway machine, and to use the Starband software (which in turn uses Netgain's software). If Netgain could be persuaded to support Linux, things might be different, but right now Windows 2000 is the way to go.

So my current configuration has a home network of 5 computers routed to the Internet through a 6th computer, which is running Windows 2000 and Starband's software. By the way, setting up a gateway server under Windows 2000 is trivial. Under the "properties" tab for the outbound network interface you simply turn network connection sharing on. Then Windows 2000 autmoaticaly runs a dhcp server on the internal interface.

The latency is still there. And that pretty much knocks out online gaming. I'm a big fan of "Age of Empires/Kings/Conquerors". That gaming system is set up to check ping times for network gaming, and throw everyone into a "wait for the connection to return" mode whenever ping times are above a certain level. Combined with satellite latency, that makes the game pretty much unplayable over the Internet. I'm sure other games would be similar.

And using ssh is pretty painful. I'm always typing several words ahead of what I see on the screen, or several vi commands ahead of what has been rendered, when using ssh this way.

Web browsing is not particularly fast. What matters is not the size of a web page, but the number of files on a web page. Each file is a session that must be initiated, and latency kills you on session initiation. So ironically a page with a few really huge graphics will load faster than a page with lots of little tiny graphics. Still, web browsing isn't any slower than it would be over, say, 28.8 dial-up. In other words it's better than any of my alternatives.

Tranfer rates rock. On downloads I'm getting anywhere from 20k per second to 80k per second. I have no qualms about downloading anything just because of size. The largest thing I've downloaded is Red Hat 7.2 iso's, and while it took a while it was reasonable. Upstream my experience isn't quite as good, but it's more than adequate. I'm often uploading batches of digital photos to my website, and on large file transfers I'm getting 10k - 20k per second. More than enough to keep me happy.

Whatever packet mangling Netgain does occaisionally causes problems. I've had sites that I can't access because of this. That's a rare problem, however, and using an external proxy like Anonymizer seems to take care of the problem.

There are also times with the latency foils secure connections. I've had SSL sessions fail because, presumably, the server on the other end is looking for a speedier response than my client is capable of giving over satellite.

Oh, and there are of course the weather problems. There's nothing quite like getting up on the ladder in the morning in the freezing cold to brush snow off of the satellite dish so that I can restore my Internet connection.

So I keep a dial-up account as a fall-back. It's good for those bad weather days, those fiesty SSL connections that just won't work over satellite, and the occaisional urge for online gaming.

Overall it's a pretty good value. The monthly Starband charge is $69.99 a month, but if you're going to go to the trouble of using Starband you might as well get satellite TV as well; it's all one installation visit and all one installation charge.

So for around $100 a month I'm getting an adequate web browsing connection, a great file transfer connection, 150 channels of TV, and 12 channels of audio (one of the best parts: no commercials, no DJ, just music). Add $15 a month for a backup dial-up account. That's a total of $115 a month. Even in an urban area with solid DSL I'd probably be paying $75+ a month for comparable Internet and cable TV services.

Personally, I'm willing to pay the $40 a month with slightly degraded service, and being forced to run a Windows 2000 server, for the privelege of living where I do. I work from home most of the time, and I'm not going to complain too loudly about a technology that allows me to maintain a high tech professional position from such a remote location. For all the gripes we might have, we have to have some sense of perspective: I'm doing what would have been unthinkable 5 years ago, and unimaginable 10 years ago.

-Mark Stone
s t r i d e r _a_t_ s t a r b a n d _d_o_t n e t

For those of you who want the real link w/o the gay porn, here it is http://www.freespace-2.com/ddn/sources/freespace2

Here's an article which covers a similar idea, using the non-voltaic cells, an interesting read, I wonder if they have considered using nanotubes for such a process.

If you can guess who I am, I will buy you $4 in text ads (any content, any text, anywhere). But you only get 12 guesses!

My question, though, is how much information their customers get from my click-through. I assume that the long ugly URLs they generate encode the search terms, and maybe my IP address, and that their customers' web pages will use their favorite combinations of cookies, web bugs, and other images to find out more. But can they get my email address? If I'm checking out most sites that advertise there, I'm not too worried, but obviously clicking through to a spammer's web page has some inherent dangers. Should I be checking them out using the anonymizer, or is it ok to use my work network connection, which goes through a load-balancer-selected proxy server which probably looks a bit less like me?

The big difference is the alternatives you have for getting access to the banned material. If the blue-nosed thugs ban a movie, and you know they've banned it and want to see it, you *might* be able to buy a copy by mail from Amazon.com that arrives in a brown paper wrapper, you politically incorrect pervert, but you won't be able to go to a theater in Oz and see it, so they've still protected the morals of otherwise-innocent Ozzies.

By contrast, if they list the banned web pages, you can just nip over to anonymizer.com or The Wayback Machine or Google or some other cache or anti-censorship relay site and view it anyway, plus they've publicized a whole bunch of sites you otherwise wouldn't have thought to look at. That's especially important for political censorship (drawing attention to "Aus.Gov't did *this latest* stupid thing" as opposed to burying it), but also important for basic prudish censorship, because there are all sorts of nasty kinky immoral things that average upstanding moral Australians simply wouldn't have thought of if the Government hadn't told them "Here's the stuff we don't want you looking at! Especially *this stuff*".

More seriously, though, somebody else made the comment that the censorship is actually very minimal, and it's a facade that's designed to tell a few noisy right-wingers "yes, we've done what you want, so you can be happy and stop bugging us", and if you actually made the list public it would be obvious want a small fraction of the stuff *some* people might want banned is actually on there - so if the anti-censorship people don't complain loudly about it, you'll actually get a lot less censorship because we can leave it quietly buried in some bureaucratic back room keeping a couple of blue-noses off the streets hunting for pr0n on the internet instead of bothering politicians. It's not the ideal social position for a free and open society, but pragmatically it's possibly better for everybody, and maybe we can task some of the censors to go fight that Other Deadly Sin, Greed, by adding spammers's sites to the blacklists.

While I agree that it is vitial that people contact their representatives with their concerns and support organizations like the ACLU and the EFF, another thing you can do to defy mass survailance efforts like Carnivore is to use encryption whenever possible online. I'm sure there are other /.ers out there who know a lot more about the subject (please speak up!), but I wanted to add what information I can for those who might not already know. Here are a few suggestions of ways I know to use encryption:

• Email

• You can encrypt your email communications with others who are also willing to get the right tools. Probably the easies tool is PGP (there's also an international page), or for the free software crowd GPG. PGP makes this pretty easy to use under windows with almost any program with its encrypt clipboard contents feature, but there are also plugins for verious email programs.

• Terminal Sessions/Telent

• Most people probably know about it, but there's ssh, openssh, and if you're using Windows check out Tera Term and its ssh extension.

• Instant Messaging

• My appologies to the *nix crowd, but I don't yet know much about instant messaging on those platforms (soon); however, if you use windows I have seen several instant messaging clients that support encrypted chatting. I suggest Trillian, which is awsome anyway, free, and has encryption features. As far as *nix goes, I'd check out the big ones (e.g. Jabber) and if it isn't in there by default, look for plugins.

This certainly doesn't solve all the problems. The biggest is web browsing. You can use anonymous web browsing tools such as Anonymizer, but that is admittedly kind of a pain. I don't have any good suggestions there. I'd be interested in any other ways others have found to incorperate encryption into their online communications.

• The Google Search Engine
• The Wayback Machine www.archive.org historical archive
• Anonymizer.com and similar privacy services (some free, some paid)
• thousands of web proxies around the world
• more web caching sites and software

The hard part is to find creative ways to get the public, and maybe the politicans, to understand what evil things the politicians are doing. I don't understand the local attitudes in your areas well enough to say what are the best ways to present your case. Some ideas I can think of:

• You are trying to research the evils that the Nazis did during the War, and you are trying to research the evils that remaining Nazis are doing today, and these internet censors are making it hard to locate the evildoers. Or you help organizations that watch Nazis to find them on the web, but the censorship makes it difficult.
• The censorship tools are forcing the current Nazis to use higher technology - bad enough that those partially-literate thugs are using the Internet, but now the censors are giving them a reason to learn more technology which they will use to organize their evil groups in secrecy, instead of more public locations where they can be found.
• Perhaps you have Internet services that you want to prevent Nazis from using, but it is difficult to identify the Nazis because of the censorship.
• Perhaps the censorship is hiding other things, not just Nazis - Former Stasi? Corruption? Lazy Police? The only way to know is to permit transparency.

They missed a spot! [not REALLY anonymizer.com]

• 
  
  • 
    WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW WW
    
  
  

Alternatives to Zero Knowledge include

Anonymizer,
Rewebber,
Siegesoft, and
Orangatango.

For anonymous email, one can use the following: ENCRYPTED WEB-BASED MAILSERVER HushMail LokMail ZixIt ManiacMail For ANONYMOUS WEB SURFING Anonymizer SubDimension HREF='http://www.safeweb.com/'>SafeWeb

Any ideas on what exactly this would mean for companies such as Anonymizer?

The main point to be considered here is that the target audience of most of the internet cafes in India are the teen agers. Once they lose their anonymity, they'll find other ways of browsing (for eg, getting a dial-up & using Anonymizer). The net effect is that most of the cyber (so called) parlors will close down. Corruption prevails in all walks of society in India. I guess most of the internet cafe owners wouldn't mind giving some bribe to the local cops to turn a blind eye on people surfing without providing any valid ids. Or even better, they can subscribe to an Anonymizer-like service, which would prevent anyone from pointing to them as accomplices to cyber crimes.

It seems clear to me that a constitutional challenge by the ACLU and other organizations would follow, treaty or no treaty. Since when do we allow enforcement of foreign laws within the United States? With treaties like this in the works, only anonymized Internet access AND servers located in data havens like HavenCo are likely to provide us with protections we (Americans) should already enjoy under the 4th Amendment.

To paraphrase Benjamin Franklin, "A people who give up freedom for security deserve neither."

I see your point. I don't understand why so many people here will feel jumpy on legal issue in this stage.

Free speech is so important in US, and it's even vital to those countries which have governemnts nailed their citizens accessing forbidden information.

I don't want to give examples as I don't want to see slashdot.org be banned for political reason in my country. Take a look at the article in Anonymizer for some clue, you'll understand why anonymous free speech is about life and death in other countries

Note: too bad anonymizer has a single point of place to be banned. I wish Freenet and other anonymous free speech project could get around this(and that's their intention).

To the second approximation most will fail because a simple subpoena/warrant/etc can force any privacy/anonymity company to turn such information over no matter how complex the technology. Even dial-up ISPs or public Internet access points with dynamically assigned IPs (Kinko's, libraries, etc) can usually track dial-ups or at least narrow down the search to specific individuals in situations that demand it. As this geo tracking technology matures it will become easier and easier to identify you so don't be fooled into a false sense of anonymity.

The best way to protect yourself is to use a solution that (1) has effective masking technology, (2) collects no personal information, and (3) has a strong privacy statement and then (4) to use a combination of these.

The best solution possible now is to wear sunglasses, go to Kinko's, pay with cash and fire up any browser pointed to SafeWeb.com via a Triangle Boy relay so no one could track you at all. SafeWeb is free, has no registration or login, records no content and destroys all logs while Kinko's has no way to track you either under such conditions. (Once they get rid of cash it will be very difficult to remain anonymous) There is no information either Kinko's or SafeWeb could turn over even if they wanted to or were legally compelled to do so.

Can anyone think of any better solution? Any privacy/anonymity service with a registration, login, download, etc can be eventually be linked back up and tracked down no matter how complex. Any Internet connection, even dynamically assigned IP networks, could be linked up to your phone number/login/account as well.

Against this, assume that everyone is tracking you online unless they explicitedly say they aren't (even then be suspicious and factor in legal coercion). Even privacy services Anonymizer.com state in their privacy policy that they share your private surfing data with invasive 3rd party advertisers like flycast.

Bottom line: The less anyone knows about you the less able they are to abuse your privacy.

The number of newly registered privacy-related trademarks and patents has risen dramatically in the past few years; they include everything from banking services and computer technologies to window treatments and even an independent software agent ("for protecting consumers' privacy") called Privacy Just Got Cool. Anonymous Web-browsing and e-mailing services are available from companies called Anonymizer, Hushmail, IDcide, PrivacyX, and ZipLip. An outfit called Disappearing has developed an e-mail system that allows users to send messages that permanently unwrite themselves after a previously specified amount of time. Sales of personal paper shredders are up. Personal bodyguards are increasingly in demand. American Express has just unveiled a system called Private Payments, which generates a random, unique card number for each online purchase. A California law firm now offers to prepare something it calls The Privacy Trust, which, it claims, "successfully conceals ownership of bank and brokerage accounts, the family home, rental properties, and interests in other entities." Money may soon begin to be "minted" solely in electronic form, creating "digital cash" that could make credit cards (and the data gathering they make possible) obsolete. There is serious talk of building privacy protection into the infrastructure of the Internet, and of using such protection, paradoxically, to make the flow of information freer than ever before.

And the snippet I gave above is only the smallest fraction of the content of the article. It isn't even a primary point. It is just a part of the introduction.

I'm going to have to bookmark this mag, just because it helps excercise my brain cell.

;-)

It's for the best that you take definite steps to preserve your anonymity if you are going to criticise a large company.
Post anonymously and do it through an anonymizing proxy. Anonymizer.com and evilemail.com are your friends.
Blacklists still happen. There are a lot of steps that an employer can take to make it difficult for you to work again.
A lot of these measures are illegal, but it's up to you to verify that any shady dealings are occuring. That's not easy.
Trust me on this - as a member of the homosexual community, I'm far more familiar with workplace discrimination than I would like to be.
This is why we need government regulation to protect privacy and the right to unionize.
--Shoeboy

Someone should make a public web anonymizer that would mangle (reverse, rot-13, whatever random) the domainname...

I really like that idea, but the vast majority of web anonymizers out there are blocked by these censorware programs. I've tried The Internet Anonymizer as well as a few more selected scripts. They're blocked by BESS, which is the system here at Pomona. I've been thinking about setting up a private anonymizer that I could put on my box just for me, but it seems like a fairly futile point. Anyway, to sum things up, we need anonymizers to enter in anonymizer URLs. :)

This would only stop people who have no interest in circumventing the restrictions. If you really don't want someone to know where your email is coming from, use a remailer intelligently. If you don't want someone to know where you are surfing from, use a service like the Anonymizer intelligently.

I really don't see how you can regulate people from different geographic location when there is an abundance of ways to make it look like you're coming from somewhere else. XHost is a wonderful thing, be in France and run netscape off a machine with an American IP address. Damn that's hard.

But then again, I don't really know what techniques are being used to determine where a person is located, but I am truly very sceptical about the prospect of geographic tenderred material being close to 100% effective. I just don't buy it.

Here are some links for people suffering behind such censorware. Hopefully not all of them are blocked.

http://www.anonymizer.com/
http://www.idzap.com/
http://www.stas.net/xtcdraqon/space.htm

It's not secure at all - you could easily trace illegal emails by a court order taken out on Yahoo!.

Hushmail or no-id's anonymous remailer, preferably accessed via anonymous proxy server is better

I always try Anonymizer or SilentBrowser. They're free (and anonymous) surfing proxies. Often, one of these can get a route.

Not necessary. You can use a non-French proxy if you have accesss to one, or you could even get an account at Anonymizer for $15 per quarter. (Anonymizer even lets you surf for free if you feel like putting up with the delay). This ruling isn't going to prevent anyone who seriously wants access to this material from seeing it. What's most perturbing is that a judge felt he had the ability/authority/right to do so.

If there's anything our good friends the French should have learned, it's that building an impenetrable defensive line is ludicrous. Why? Because you'll just have them go around your defenses through Belgium.

On the technical side, besides the "we tracerouted everybody" hack, if they did use traceroute, they're also getting a lot of correlation information on what's connected to what, and on how long those distances are. And most of their connections are going to go through the NAPs, or through their ISP's peering relationships with other carriers, which are usually in a small number of cities, so they get a lot of correlation on locations they can exploit (they could even get fancy and reduce their traceroute load by taking advantage of serial searches.)

[...], filtering based on domain names is incredibly simple to bypass. [...] Just open up a dos box, ping the host, and it will give you the IP address. Put the IP address in the address bar in your browser, and you're there.

Look for censorware to block these IP addresses as well, as soon as someone at one of these censorware companies walks into a wall hard enough that he accidentally and temporarily has some sense knocked into him.

Before anyone starts frantically grabbing his pornography onto floppy at the local public library before even this loophole is closed, consider that even this slightly clueful measure is easily enough defeated by the use by site operators, of dynamic IP addresses connected with domain names via CNAME DNS records (in this context, aliases to such temporary subdomain names as are available at DHS). The practice therefore by censorware of blocking whole IP address ranges will accelerate the use of massive, dynamically switched IP address range pools (by overseas operators, probably), so that ultimately even IP addresses or ranges of IP addresses are no longer of much use as a guide to exactly from where data is arriving.

A world-wide information infrastructure based largely on immaterial information itself has by its very nature an almost infinite capacity for sneaky, slippery deception that makes a total mockery of any attempt to clamp down on it. One can easily envision for instance, an explosion of anonymous resurfers which themselves as needed use the techniques mentioned above.

The more the censorware tries to block off the sea, the more the sea will leak around every barrier placed in its path. In the end, as always, the sea will win.

(1) Costs money which experience shows very few will pay for

(2) Very slow due to fundamental network design of bouncing packets multiple times across smaller ISPs - nothing can be done about this

(3) Easy to block at firewall because it always runs at fixed high numbered ports (51101,02,07,09) so forget about relying upon access at work, libraries, schools, etc

(4) Currently only works/supported on Win95/98 - other version promised but none delivered and it will be a long, slow, expensive process to port and support - do you really think that Mac or Linux users will get the same support levels as Win95/98 users?

(5) Doesn't work with AOL (23M users in US), CompuServe 2000 (?M users) and free ISPs like DirecPC - over a quarter of US Internet users denied access.

(6) doesn't work with very popular software including McAfee Personal Firewall, Microsoft FrontPage personal webserver, Netware Client32, MS 98SE' Internet Connection Sharing, etc. Nyms will not work with common software such as MS Outlook, Napster, PCAnywhere, cookies filter utilities, etc. I don't know many web surfers who are not using at least one of these applications, which mean ZeroKnowledge will not work for them.

(7) Does not work with common web sites because it does not support client side cookies with nyms. How many users will tolerate being locked out of NYTimes.com or Yahoo.com?

(8) Is a large software download that is easily blocked from installation, detected running, and removed automatically from managed corporate networks - upto 50M US corporate workers lost.

The best way to avoid all these problems is to avoid download software packages altogether. A web-based privacy solution should work with your existing browser, computer, network, and ISP but provide the same levels of encryption as ZeroKnowledge.

Anonymizer has been the best of the web-based privacy solutions but it (1) costs money $60/yr, (2) doesn't encrypt you personal web traffic so all data is visible except the URL, and (3) doesn't work with most popular rich web sites like sony.com, hotmail, webvan, etrade, etc because they cannot handle DHTML like JavaScript, VBScript, CSS. Instead, it either blocks all DHTML breaking a site's functionality *OR* passes it unprotected which reveals your identity online.

SafeWeb.com is a web-based privacy solution that just launched last Wednesday (See CNET news.com). SafeWeb is the solves all the problems that both ZeroKnowledge and Anonymizer have listed above and enables users to surf the entire web privately (cookie management anonymity) and securely (128bit SSL) from anywhere at anytime for free - no downloads. SafeWeb finally delivers a practical solution to the growing problems of online privacy by solving all these technical problems with an easy to use service for your existing browser. Let us know your feedback at webmaster@safeweb.com and in this forum.

Jon Chun
President
SafeWeb

So basically extending the remailer type of thing with a proxy like anonymizer that is better able to handle traffic and which is based on a standalone application? How trustworthy are they? Has there been any actual evidence that they will protect your information from being captured?

These are the guys who figured out a way to get a P!!! to send out its serial number even if that capability was supposedly shut off in the BIOS, something Intel insisted could never happen. (/. covered it in this article about a year and a half ago.) I would characterize that as a white-hat activitity (though INTC was able to convince a few anti-virus companies otherwise).

So basically extending the remailer type of thing with a proxy like anonymizer that is better able to handle traffic and which is based on a standalone application? How trustworthy are they? Has there been any actual evidence that they will protect your information from being captured?

Having someone fire or sue you isn't the only danger. If you post using your own name on Usenet (or even here on SlashDot), there's always the danger that someone like a divorcing spouse or an employer is going to check out what you've been saying, and may use it against you. I personally know of one poster on Usenet who had to pledge to his new employer that he wouldn't post to Usenet any more. The employer had looked at his previous writings and was sufficiently perturbed to extract this promise. Personally, I use ZeroKnowledge Freedom for all of my postings here and elsewhere. You can also consider using Anonymizer, but I think the protection is less robust there if someone is really determined to find you.

Oh yeah - a way to get around the "Macro eBorder control" is to set up an anonymizer-like reflector in a legal-to-gamble jurisdiction and surf through it.
/me waits for a lawyer's letter telling me that i need to stop being such a smartass.....

Use an anonymizing service. Of course they could block that too. But if the Akamai censorware workaround still works (and it seems to) then you're set. They'll have a lot of trouble justifying blocking Akamai.

It doesn't really do a good job of being a proxy as it only translates text. Anonymizer does a better job IMHO.

1) E-mail

Setup a nym account with one or more of various nym servers out there:

nym.alias.net
redneck.gacracker.org

OR, you can get a paid for nym account with ZKS:
ZKS Freedom Net (They are taking applicants to beta test their Linux port now)

This takes care of having an anonymous bi-direction e-mail account that people can contact you through and will be secure from the attacks of a determined foe (be sure to change your reply blocks often though).

2) Publish the code somewhere publicly available, like the web or usenet.

The next problem is distributing your code. What you need is a means to publish the code anonymously.

Web

To contact sites like sourceforge anonymously, which provide you with a nice mechanism for releasing the code and storing it somewhere, you need a web anonymizer or an anonymous routing scheme like ZKS.

Several solutions exist to do this. In order of highest security:

ZKS Freedom Net

CROWDS

Anonymizer

Usenet:

Usenet is means of publishing your code that is even more resistant to censorship attacks than publishing the code on a website:
mail2news gateways. These allow you to post an e-mail message to usenet, preferably after you have anonymized it thru several remailers. Posting to usenet is an EXCELLENT mechanism for getting past the most determined censor. As long as you don't start spamming your distribution, and thereby driving your BI up, you can be pretty sure that your post will not get robo-canceled. If you want to be really fancy, you can encrypt the message, publish the password in another forum, and then post the conventionally encrypted message to aalt.anonymous.messages. This will defeat efforts to automatically find your post on usenet and then issue a third party cancel for it.

Here is a list of known mail2news gateways:
mail2news AT nym.alias.net
mail2news AT zedz.net
mail2news AT mixmaster.shinn.net

Send a message to one of the above e-mail addresses with "help" in the subject for instructions on how to use the gateways.

Python

You just really need to find a 'third party web-fetcher'/proxy to do this.
Popular services: Ask Jesus (Jesusifies the page though), Anonymizer (fee-payable).
I'm sure that there are many many many more (those are just two off the top off my head that I've used in the last 48hrs), but if you use different ones it'll make it even harder for censorship software to block - they can't know every single proxy system available to the public.
Richy C.
--

Such as www.askjesus.org (hehe, I'm sure that would go over real well) or anonymizer.com

At the time I couldn't recall the one specific project I was thinking of, but a brief search dredged it up... AT&T's Crowds, a really nifty idea.

I had two mis-recollections from senior sem presentations I saw last year... I thought Anonymizer, wasn't a commercial project, but it turns out that it is. I'm not familiar with them at all, so I can't speak to their approach. I'd also thought that onion-routing was a little beyond the experimental stage, but I guess I was wrong.

Please read my page Why You Should Use Encryption.

If you get your mail from and put web pages on a hosting service, then at a minimum you should use one that provides secure shell (ssh) and secure copy (scp) access. One such hosting service that does is Seagull Networks. Does anyone know any others?

When you retrieve your email via POP or load a web page via FTP your password is being transmitted in the clear. You have no control over which routers and cables it passes through in the process, so you have no way of knowing if someone's running a sniffer on a compromised host. Usually you have no knowledge even of the route, unless you go to the trouble to run traceroute regularly.

You can download your email via an encrypted channel with ssh port forwarding if your mail host provides ssh. The instructions given are oriented to the BeOS but apply in general to any OS for which an SSH client exists.

If you run a website that uses passwords please consider allowing the users to enter their passwords via SSL (https).

If you use websites that require passwords, please use a different password for each site. At the very least, use a unique password for your important sites, like your email, web pages and financial sites. If you keep the passwords in a file (which you may have to do because there are so many sites that take passwords), encrypt the file.

Be aware that most sites that have passwords do not encrypt them, otherwise they wouldn't be able to send you your password reminder in clear text. I've even used sites that mailed out password reminders in the clear every couple months just to prompt me to use the service. Note that anyone at the site who has root access, anyone who compromises the site or anyone running a sniffer on or near the site will be able to catch your passwords.

Also I think it is very likely that many websites are provided for no other purpose than to collect passwords for later use by crackers - beware of that free trial and use a unique password if you must accept the offer!

Use the anonymizer or, if you have Windows 95 or 98, Freedom to protect your privacy while you web surf.

Finally, do you use a laptop computer? Do you have files on it that you don't wish to share with the random stranger who might steal it someday? How about your competitors? A thief won't likely be in the direct employ of your competitors but they may recognize the value of the information and sell it to them, or even post it on the net for fun.

And remember in this information age the information on our computers is more valuable than the hardware itself, and unlike car stereos can continue providing value to a thief because, once it is fenced, it is still available to be fenced again.

Depending on your OS, you should use PGPDisk or the Linux encrypting kernel on your laptop.

Consider encrypting important information on your desktop too. A friend of mine who is a software developer lost every machine in his company in a robbery - source code, strategic plans, and the customer database.

I know of two cases where laptops were stolen from intelligence agents, once during the Gulf war, and once from an MI5 agent while he'd set it between his legs at a train station. Good thing they used encryption!

Finally, read the Forum on Risks to the Public in Computers and Related Systems available on the Usenet News as comp.risks and on the web at http://catless.ncl.ac.uk/Risks

Tilting at Windmills for a Better Tomorrow

Slashdot ran a story about it, and a whole lot of people downloaded and read the essay. We got a whole lot of fan mail. A bunch of activists and academics posted the essay and software on their own Web sites ("mirroring" it). This was all more or less what we expected to happen.

2. Pay the $50 and get a quiver of Freedom nyms (or abuse the free 30 day trial over and over again if you're a cheap skate or don't want to register your payment information).

3. Even with your Freedom nym in place, use the URL-based, CGI-type proxies at Anonymizer, Clandestination or the-Cloak (I found a great listing of proxies at WebVeil.Com.)

4. Finally, be very aware of any information you provide voluntarily. Even references to geography, personality, employment, etc. may, in the aggregate, offer more clues than you want to reveal. Turn off Java, ActiveX, and scripting languages just to be sure. Make sure your cache and history files are clean at the end of your session.

These are pretty restrictive measures and not the suit of armor I care to don, but if you are a alt.privacy type, there certainly is real anonymity online. With these measures in place, I'd be impressed if the FBI could locate and identify you.

This guy is outrageous. Here, use this link so that everyone will appear to be from an ANONYMOUS IP when they connect. Anonimity IS our right.

http://anon.free.anonymizer.com/http://www.seagram .com/news/current-press/scl052600 b.html

This is another step in the arms race

And the next round of Kill-BOTS will be even worse.(click headline for story)

You might want to check Anonymizer or do a "web search" for any of the keywords in your question..:)

--

How long can you stay dialed up and inactive - does "10 hours per month" mean you need to tap the keyboard every few minutes, or can you dial up one evening a month and let it stay on all night?

Can you dial into other ISPs? (e.g. dial into your home Linux machine's modem?) If you do all your browsing through The Anonymizer , can they track anything?