From: “A. Padgett Peterson P.E. Information Security” <PADGETT@hobbes.orl.mmc.com>
To: cypherpunks@toad.com
Message Hash: 821396a9de263f6719a676768a6704d31c276a6814b470effcaef9eca8c88d73
Message ID: <960302131308.20201e1e@hobbes.orl.mmc.com>
Reply To: N/A
UTC Datetime: 1996-03-06 02:45:24 UTC
Raw Date: Wed, 6 Mar 1996 10:45:24 +0800
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Wed, 6 Mar 1996 10:45:24 +0800
To: cypherpunks@toad.com
Subject: Anonymous Web Browsing
Message-ID: <960302131308.20201e1e@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain
Realy two questions - will treat each in order
> I have followed the ongoing discussion on PGP security, remailers
>and the like. I am wondering if the current trend with interactive Web
>browsing, Java, etc, is not going to create a privacy problem every bit as
>significant as insecure e-mail. As these "applets" become more
>sophisticated are we not going to have to face up to the issue of dynamic
>links to web sites that gather a lot of info from your computer as you
>interact with it?
It is possible to design a "prophylactic" environment that would control
the interaction between your web browser and the PC. As was determined with
FV's keystroke monitor, it only worked because nothing prevented it, not
because nothing could prevent it. Such links can be prevented from
gathering information but I suspect it would be more creative to feed it
information that you would like others to believe.
> My question is this: Would it be possible to create a web site that
>would function along the same lines as remailers do? Something that would
>allow a person to browse anonymously.
This is a different question. By nature, web transactions are interactive
which means that both sides must know how to reach each other. You could set
up a limited proxy and load it with the preferred information but I suspect
it would be easier to just send $20 and a requested username/password to a
local provider for a PPP account. Would not be "anonymous" but if done
carefully, the provider would not have to know who was using the account.
In the case of my local provider, no proof of my identity was ever required
and the entire set-up was done over the telephone (and I was not at home
at the time). Did not try to hide my identity but could have.
Warmly,
Padgett
Return to March 1996
Return to ““A. Padgett Peterson P.E. Information Security” <PADGETT@hobbes.orl.mmc.com>”
1996-03-06 (Wed, 6 Mar 1996 10:45:24 +0800) - Anonymous Web Browsing - “A. Padgett Peterson P.E. Information Security” <PADGETT@hobbes.orl.mmc.com>