Where is the Replacement for the JAP Anon-Proxy?

An anonymous reader asks: "Now that it has been a month since the University of Dresden's Java Anonymous Proxy was back-doored via court order, what is the status of forked projects? Have any universities or individuals in countries with more respect for freedom taken the initiative to provide a truly anonymous alternative? Could a Freenet/P2P type system, with plausible deniability, be developed from the remnants of the JAP program? I would be willing to operate a mix if I could restrict the bandwidth usage and use a SOCKS proxy for my P2P apps. Could a phoenix rise from the ashes of JAP which delivered a 1-2 punch to censorship and media conglomerate entrapment?"

Why?

Why create another Freenet?

Re:Why?

[stevey]

Because Freenet is not something that I'm going to install a JDK for?

It's a lovely idea, and I can see the attraction of using a non-buffer-overflow language with built in networking primitives and threading - but Java?

If it were Python/Perl/Ruby even I'd be happy - but my small headless box with all my files on it just isn't going to get Java on it.

JAP isn't back-doored

[Elias+Serge]

ATM, the JAP programs's Crime Detection Feature has been removed. German Police are appealing the isuue, but it is currently secure.

Re:JAP isn't back-doored

[bhima]

Admittedly I haven't been keeping up with this... But if the original back door was not announced, and the leak started a furor; what are the chances that any other circumvention will be announced? That being the case isn't it as good as non-functional now?

NOTHING against the developers mind you!

Re:JAP isn't back-doored

ATM, the JAP programs's Crime Detection Feature has been removed.

Says who? AN.ON, the same folks who neglected to mention that the Crime Detection Feature was there to begin with (presumably due to German law prohibiting discussion of current proceedings), but readily admitted to it when someone else found it? Or are we to believe the German Federal Office of Criminal Investigation were they to claim that JAP is no longer tracking specific requests?

Suppose that tomorrow it's leaked that PGP Corp. planted a backdoor in the initial release of PGP 8.0 products. PGP Corp. comes out and says, "sorry about that, folks, the feds didn't give us a choice. It's all gone now, we promise!" Would you still trust PGP for anything nontrivial? I wouldn't.

The fact is that JAP is forever tainted, regardless of whether or not anything shady is still taking place. Forks, especially those based somewhere other than Germany, would stand to gain a large userbase.

--
Rate Naked People at Fuck Meter! (not work-safe)

Re:JAP isn't back-doored

[Specialist2k]

According to Heise Online (yes, it's German, machine translation here), AN.ON at TU-Dresden, the operators of the JAP service, no longer need to store connection logs as a court decided that unrestricted logging of connections to certain web pages has no legal basis.

Anon P2P

[ThePeices]

Its only a matter of time before the RIAA will destroy the usability of Kazaa and other popular P2p networks. What we need is a truly anonymous P2P network with the same ease of use, ease of searching and ease of retreival, that current P2P networks currently provide. When the mainstream users of Kazaa move away from that network, we need a network thats truly anonymous. We are currently seeing a very real decline in peoples rights and freedoms, especially in America. The people around the world need a place on the net where we can communicate and share without fear of censorship, jail, corporate greed and in some countries, death. Freenet is definitely a step in the right direction, but it is a cumbersome network to use, and not very user friendly to the masses. Is there any other networks that im not aware of that tries to fufill this current need? For where shall the massses turn to when Kazaa is strangled to death?

Re: Anon P2P

Thanks.

You're so informative and insightful.

Look what happened last time

World War II? Ring any bells?

"plausible deniability"

[Andy+Smith]

Could a Freenet/P2P type system, with plausible deniability, be developed from the remnants of the JAP program?

I wonder if you considered the inherent dishonesty in this question?

You're saying that you want to create a system to achieve one specific goal, but the design should include a way for you to claim that you never intended it to be used in that way.

Now I realise that you're not talking about piracy, but this is exactly the mentality that has caused a lot of good folk (myself included) to lose sympathy for *any* p2p system that is used for piracy. The dishonesty is insulting. I'd have much more respect for a company/organisation that set up a "pro-piracy" p2p system and then defended its use for piracy. Sure they'd lose, but at least they'd have a shred of dignity in doing so.

Picture some guy in a repressive third-world country, standing outside a police station, lobbing grenades in and spraying the place with machine gun fire. Then when the cops come running out he hides the gun behind his back and shouts "It wasn't me! The guy who did it ran away!". That guy's face ain't going on no t-shirt. But analogically, that's not a million miles away from what p2p companies are doing with da system and eeeevil copyright holders, and some people hold them up as modern heroes.

Re:"plausible deniability"

[Oddly_Drac]

"lose sympathy for *any* p2p system that is used for piracy."

Which, if you'd listened to the senate committee yesterday, has just been classified as 'The internet'. 'They' (meaning government) don't make the distinction between protocols and think Kazaa is a website. The RIAA knows the difference but it's not in their best interest to educate because they don't want to be limited.

In the end it won't matter whether you're doing something legal or illegal, if the RIAA suspect that you're doing something illegal, then they can come after you and apologise afterwards.

Before you accuse me of conspiracy theory, you should go look at the creative uses for the Patriot Act in recent weeks. The RIAA is engaging in 'wiretap'-like behaviour which it's indemnified for because it's looking for illegal behaviour.

One question that was asked yesterday was 'How many lawsuits will it take before you send the message?'....Cary Sherman wouldn't answer it.

Right now we're stuck in the position where the home taping, which The recording industry has always hated, has moved to a medium which is more easily tracked. Forget the bluster about lost sales, that's what they shout about to get Congressmen's sphincters to pucker; what they want is what they've been handed. The ability to punitively beat consumers into a more pleasing shape.

So, yes, there are people out there who're building 'collections' of stuff they'll never listen to, and give ill-advised statements boasting that they haven't bought a CD in years, but they're single data points.

'Then when the cops come running out he hides the gun behind his back and shouts "It wasn't me! The guy who did it ran away!".'

Plausible deniability has been used by government since the sixteenth century when Britain used to loosely fund freebooters. It was the linchpin of Irangate.

Bad analogy, dude.

Who wrote this headline?!?

[ls+-lR]

The phrase "JAP Anon-Proxy" makes no sense. "Where is the Replacement for the Java Anonymous Proxy Anon-Proxy?" really sounds dumb. That's almost as bad as the startup banner of Windows 2000: "Based on NT Technology!" (For those of you that forgot what NT stands for, it means New Technology)

Re:Who wrote this headline?!?

[stoborrobots]

(For those of you that forgot what NT stands for, it means New Technology)

That depends on who you talk to... there are other interpretations to consider

Anyway, JAP appears to be a recursive acronym (ala GNU or Wine) for JAP Anonymity & Privacy, if you look at the site. So your point is less notable...

I bet you hate Nabisco

The National Biscuit Company shortened their named to Nabisco. Then, they decided they were still a company, so they became Nabisco Co.

Re:I bet you hate Nabisco

Hoo-boy: if that's anything, it's egregious.

Re:I bet you hate Nabisco

[BJH]

Following that logic, in a hundred years they'll be Nabiscococo.

Re:This Frist post

I thought it was Bill Frist.

why not block instead of compromise?

[chrisvdb]

What I don't understand about JAP is why they just don't block the websites that the German law inforcers demand access to.

This way they wouldn't compromise the base idea of their system and they wouldn't aid criminal activity. Most countries' legal system doesn't allow helping criminal activity, but cannot force to cooperate fighting it either!

I for one would certainly trust this way much better...

Any thoughts?

Chris.
---
http://www.vandenberghe.org/chris

Re:why not block instead of compromise?

[angel'o'sphere]

Because the police want to know the people who search for child porn, not the web sites in countries they have no access to, which deliver child porn.

A pedophil guy surfing for child porn is interesting to know if a child in your neighbourhood gets raped and killed.

The web site he was watching before is not interesting at all in that case.

angel'o'sphere

the next big thing!

what i'd like to see is a freenet kind of Domain Name Service. a P2P typ Domain Name service. this would be especially usefull for user with a dial-up connecton. one could have a domain name (typ: anything goes) but not be online all the time. also it would be up to the user to name his domain and one would not be restricted to .gov .edu. .com .org .net etc endings. also it would be free and not have to pay anybody. i could run apache and/or some FTP demon and/or IRCserver and/or etc. locally for webpages or sharing files, etc.

the name.ip.mapping.file would be distributed over the "virtual" network of user running a TINY client-server progi. of course the file is encrypted, dummy!

"i'll start programming right away, sir!"

p.s. it seems all the new "technology" for the internet that give power to the user (e.g. are decentralised) take off like a rocket.

cross-compile using GCJ?

[divbyzero]

I haven't tried it myself, but it seems to me that you could compile the Freenet client down to native object code (not bytecode) using GCC's Java compiler, GCJ. You could do this on a larger machine which had room for the compiler, then copy the resulting native executable to your tiny headless box and run it without needing the large Java runtime.

For Web use only

[JusTyler]

This is only vaguely ontopic, but I found a site which has very up-to-date checked anonymous and open HTTP proxies. Not going to help you download P2P, but is great for testing AdWords campaigns in other countries ;-)

There's no replacement needed

[m.koch]

The JAP service was not back-doored. It was forced to log access to a specific website (which was offering child porn), but now a court decided that the initial claims were not legal. It's true that they didn't mention the logging but the used software is open source, which is why the whole thing got unrevealed: JAP gave it to open source and the people found the logging functions. The whole subject is now extensively documented here (no translation, sorry).
In my opinion the JAP people did their utmost to keep this service as it was meant to be. There are laws which can't be ignored, in every country.
In fact, IP logging in germany has no consequences except if you're a german resident, which is why I don't really understand the problem.

German anonymity

[poptones]

Are you kidding? Germany doesn't cooperate with the UK and US on matters like this?

I had never even heard of JAP until about a month ago. I downloaded it to try it out and when I saw the "anonymous" chain consisted entirely of two servers in GERMANY I knew instantly not to trust it - any more than I would trust any US based "anonymous" provider, or any UK based "anonymous" provider.

There's millions of machines in asia with fast connections that are open to the world. If you want anonymity, learn to use a proxy sniffer and SOCKS chains. Or better still, add your share of bandwidth to freenet.

Re:German anonymity

[m.koch]

Are you kidding? Germany doesn't cooperate with the UK and US on matters like this?

There's no perfect solution, but JAP is constantly extending its services and mix cascades. Nothing is gained by obscurity here - even if it's tempting - and I surely don't trust an unknown open SOCKS proxy wherever it may be. It is much too easy to setup honeypots and this way you can never be sure. Projects like JAP do have the advantage to document their actions, as far as it is legally possible (and beyond).
Also I don't know which matters you mean exactly. It's definitely not possible to just do a call to Germany to get all information you want. But given the proper excuse and some forms of pressure you can gain almost every information you like. Anonymity has no general purpose solution and to trust only in one solution is childish and like a lottery game.

setting up a (free) alternative

[flok]

You can also setup your own alternative.
You just need a large group of people willing to co-operate and then setup a web of "cloudish" proxies. This cloudish-proxy can be retrieved from: www.vanheusden.com/cloudish/