Quoting Ben Laurie <[EMAIL PROTECTED]>: > It seems to me if you want to make serious inroads into privacy w.r.t. > logging of traffic, then what you want to put your energy into is onion > routing. There is _still_ no deployable free software to do it, and that > is ridiculous[1]. It seems to me that this is the single biggest win we > can have against all sorts of privacy invasions.
This sounds like an interesting project to work on. It's hard to belive that only the DoD has played with this technology. Onion routing would seem to have a much larger impact on personal privacy on the Internet than projects like Freenet ever could. After browsing through some of the descriptions of the system, it appears to be a real-time remailer-type system for IP traffic. A client proxy will take the IP traffic, break it up into identically sized packets, and then layer encrypt them starting with the last onion router to the first. Each router along the path would decrypt its layer and then forward the packet to the next router. The part that I am worried about is the liability of running an exit router. I ran a mixmaster remailer for over six months and found out first hand the reaction of people to receiving anonymous death-threats, racial slurs, and spam. The saving grace was the opt-out list for people to refuse to receive future anonymous messages. However, with a real-time system that could encapsulate all IP traffic, this could be used for anonymous hacking. Even if you limit the exit remailer's traffic to just port 80 and actual HTTP requests, there are plenty of exploits and probes that require nothing more. Thanks to the PATRIOT act, those of us in the US can look forward to federal prosecution with possible life sentences if the wrong system is hacked through a router. When the FBI comes knocking, I doubt they will be satisifed with anonymous free speech arguments. DoD's Onion Routing research project http://www.onion-router.net/ -- Keith Ray <[EMAIL PROTECTED]> -- OpenPGP Key: 0x79269A12
