[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) FC: SafeWeb's anonymous-surfing technology is not that safe

To: debate@lists.fitug.de
Subject: [FYI] (Fwd) FC: SafeWeb's anonymous-surfing technology is not that safe
From: "Axel H Horns" <horns@ipjur.com>
Date: Wed, 13 Feb 2002 09:54:47 +0100
CC: krypto@thur.de
Delivered-To: mailing list debate@lists.fitug.de
List-Help: <mailto:debate-help@lists.fitug.de>
List-Id: <debate.lists.fitug.de>
List-Post: <mailto:debate@lists.fitug.de>
List-Subscribe: <mailto:debate-subscribe@lists.fitug.de>
List-Unsubscribe: <mailto:debate-unsubscribe@lists.fitug.de>
Mailing-List: contact debate-help@lists.fitug.de; run by ezmlm
Organization: NONE
Priority: normal

------- Forwarded message follows -------
Date sent:      	Tue, 12 Feb 2002 17:36:43 -0500
From:           	Declan McCullagh <declan@well.com>
To:             	politech@politechbot.com
Subject:        	FC: SafeWeb's anonymous-surfing technology is not that safe
Send reply to:  	declan@well.com

The Martin-Schulman paper:
http://www.cs.bu.edu/techreports/pdf/2002-003-deanonymizing-safeweb.pd
f

PrivSec's free SafeWeb-licensed service: (username: demo, password:
secure) http://www.privasec.com/regusers/demolaunch.htm

---

http://www.wired.com/news/politics/0,1283,50371,00.html

   SafeWeb's Holes Contradict Claims
   By Declan McCullagh (declan@wired.com)
   12:35 p.m. Feb. 12, 2002 PST

   WASHINGTON -- SafeWeb's anonymous-surfing technology turns out not
   to be very safe after all.

   A pair of researchers has unearthed flaws in the CIA-funded product
   that contradict the company's claims of "complete privacy" and
   reveal the supposedly confidential information of customers.

   Founded in April 2000, SafeWeb marketed an advertising-supported
   service said to allow users to browse the Web anonymously. In
   interviews, SafeWeb CEO Jon Chun boasted that the technology had
   been "through the rigors of the CIA's stringent review process,
   which far exceeds those of the ordinary enterprise client."

   Citing the economic downturn, SafeWeb abandoned the free service in
   November 2001. It has licensed its anonymizing technology to
   another company, PrivaSec, which currently offers the service for
   free and plans to charge for it soon.

   In a paper (PDF) released on Tuesday, David Martin, a Boston
   University computer scientist, and Andrew Schulman of the Privacy
   Foundation say that SafeWeb's assertions were more hopeful than
   true.

   They say, and SafeWeb has acknowledged, that flaws in the company's
   architecture allow a website to use JavaScript to obtain the
   concealed Internet address of the visitor. Because of SafeWeb's
   centralized technology, that page can also download a browser's
   cookies and obtain copies of subsequent Web pages visited during
   that session.

   [...]

----------------------------------------------------------------------
--- POLITECH -- Declan McCullagh's politics and technology mailing
list You may redistribute this message freely if you include this
notice. Declan McCullagh's photographs are at
http://www.mccullagh.org/ To subscribe to Politech:
http://www.politechbot.com/info/subscribe.html This message is
archived at http://www.politechbot.com/
----------------------------------------------------------------------
---

------- End of forwarded message -------

-- 
To unsubscribe, e-mail: debate-unsubscribe@lists.fitug.de
For additional commands, e-mail: debate-help@lists.fitug.de

Prev by Date: Re: Onlinejorunalismus II: Kooperation zwischen Stern und"Shortnews.de"?
Next by Date: [FYI] (Fwd) FC: BARTEC, eavesdropping, and "open source" wiretap software
Prev by thread: Re: Onlinejorunalismus II: Kooperation zwischen Stern und"Shortnews.de"?
Next by thread: [FYI] (Fwd) FC: BARTEC, eavesdropping, and "open source" wiretap software
Index(es):
- Date
- Thread