Slashdot Mirror
How Effective Is SafeWeb?
Microsift asks: "I just found this site a couple of days ago and it seems pretty cool. It claims that it encrypts everything that goes through your browser so that no one can tell who you are or what you are doing. Does this kind of technology work? Why isn't everyone using it?"
After using it for a while, the speed became apparent that it's just a public proxy server for HTTP/FTP. Not a new idea by any means, but certainly a clever way of phrasing it. Unfortunately, it's extremely slooowwww.
Interested in open source engine management for your Subaru?
Sounds similar to the Anonymizer. (http://www.anonymizer.com)
der dee der.
The major issue I have is that SafeWeb works as a SSL man-in-the-middle. This dramatically changes my scope of trust. At first you might think you just have to trust them to keep you anonymous. But this SSL issue means you also have to trust that they do not view or modify any SSL traffic from the target site. I'm not sure about how to still keep your location private, but I would much prefer some method of doing end-to-end encryption with the target site.
Here are a few other thoughts about the technical details. One area of concern is how through are they about redirecting web requests, for example I was thinking this currently would not foil a web-bug. There is also little SafeWeb can do for you when you voluntarily breach your anonymous veil, except for the cookie management. Don't expect this site to work as a means of getting past censorware, because you can bet they will block it under every category!
I wonder what type of servers they are using. Sounds like they need lots of SSL processing (fair disclosure, I've helped design commercial SSL Accelerators). That will probably make this website a bit more expensive to run. I also wonder about internal security, both because of the SSL issue, and the fact you would expect spies to be interested in knowing more about anyone who wants to be anonymous. In particular, obtaining the SafeWeb SSL private key could be potentially quite valuable.
Finally, you should consider the trust and business models. As mentioned above, you have to trust SafeWeb, as a company, not to store or reveal your information. I'm a little cynical about advertising supported businesses, because I think they have lots of motivation to increase the amount of information they know about you. Still, their privacy statement as it stands now looks good. If you plan on using SafeWeb (for non-SSL transactions), I'd keep a careful eye on the privacy statement to make sure it remains good.
There is a list of anonymous proxies available at webveil.com. They seem to list Safeweb as one of their top choices.
Proxys-4-all has been running a list of bothe anonymous and non-anonymous proxies for a few years. They are listed such that you can choose anon/non-anon, and then pick a domain (eg: .edu, .jp, etc.) from which you want to get a proxy, then it is just a matter of finding the one that is fastest for you from the list that it returns.
PROXYS-4-ALL
If the service doesn't screen out all content (Java applets, etc) it is possible for a site to obtain your real IP address...
A la: http://www.alcrypto.co.uk/java/
Has anyone heard of any still un-fixed holes in safeweb or anonymizer??
It actually makes it easier for people to spy on you.
_ALL_ your traffic is going through the service. And if you have an account with the service, they can really know what you are doing.
In comparison sure your ISP could spy on you, but it takes more effort, and most ISPs have better things to do - most don't have enough staff, so who's gonna do the spying?
So the only difference I see is that you end up with slower connections and instead of the ISP being able to spy on you, the "anonymizing service" can.
Why bother getting slower service for little gain?
Cheerio,
Link.
https://www.safeweb.com/o/_i:_o(154):www.slashdot
Does https mast the url? If not all someone would need to do is look at the full url to see where you were visiting.