magazine resources subscribe about advertising




 CD Home < Web Techniques < 2001 < August  

Use Protection

By Charlie Cho

Consumers are encouraged not to think about privacy on the Internet, but rather to assume that the same rights to and levels of privacy extant in the offline world are present online. By default, there is no privacy. Passing data between computers means copying data, and copies can be stored. Most traffic is passed unencrypted, susceptible to eavesdropping by any number of devices placed throughout the Internet at points such as your ISP's upstream Net connection, major network exchange points, or at a corporation's Internet gateway. With modest effort and cooperation, any normal Internet traffic can be traced to its origin.

Worse yet, this lack of privacy is exploited to accumulate information about individuals' personal information and Internet habits. Ad banner networks exist to increase the breadth of sites through which profiling cookies can observe Internet users. Web sites offer content in exchange for personal information, ultimately selling or using the visitor data they collect for direct marketing campaigns. Web site operators' guarantees of user privacy are entirely voluntary and usually self-enforced.

Freedom Internet Privacy Suite
Zero-Knowledge Systems
cost:Free and $50/year versions

Moreover, the current dismal state of Internet privacy actually serves business and government interests. Businesses, in addition to violating the privacy rights of the Internet-using public at large, can monitor employees to quash whistleblowers, labor organizers, and others within their ranks. Government and law enforcement also want as few obstacles as possible to intercepting Internet communications, regardless of the potential for abuse or historical precedent, such as the privacy rights afforded to users of telephone or postal services. Internet privacy is comparable to the use of party lines and postcards. Misadventures such as the Clipper Chip, encryption export controls, or the investigation of PGP inventor Phil Zimmerman speak volumes about the United States government's interest in suppressing an individual's ability to communicate online in confidence. (For related information, check out these sites.)

Two privacy services, SafeWeb and Freedom Internet Privacy Suite, aim to protect user privacy. These products both use two methods to protect user privacy. First, they make Internet traffic appear to originate from somewhere else—somewhere untraceable to the user. Second, they encrypt the data stream between the user and the proxy to deter eavesdropping.

Free Anonymity

SafeWeb offers free anonymous Web browsing via its Web site. No registration is required, and you don't need to download a client, so SafeWeb is usable on the wide range of platforms on which Netscape 4.7 is available. (It also works with Internet Explorer and Opera, but not with Mozilla or Netscape 6.) It's simple to use: Go to the SafeWeb home page and enter the URL of the site you want to visit. A new browser window appears, sans the standard URL toolbar. The top portion of the main browser window is occupied by a SafeWeb toolbar and a banner ad. Through these banner ads, SafeWeb hopes to underwrite the costs of providing its service.

Instead of connecting directly with the destination Web site, the browser makes an SSL-encrypted connection to SafeWeb's servers. Those servers in turn connect to your destination to retrieve the page (or grab it from cache), encrypt it, and send it back to your browser. The pages returned to you are rewritten on the fly, so that all hyperlinks are routed through SafeWeb, too. A hyperlink such as "" will be rewritten as something like: " _o(195):_win(1):". The Web server you're visiting knows only that you're coming from SafeWeb; any traffic-monitoring device near the client end knows only that the client is visiting SafeWeb.

SafeWeb offers a variety of optional features to defend you against malicious Web content and minimize the amount of information that can be gleaned about your surfing habits. This specifically includes disabling potentially dangerous plug-ins and active content, withholding the referrer—the page you came from—and cookie management. The cookie management feature can block either all cookies or only cookies placed on your computer for profiling purposes (hello DoubleClick!). Cookies can also be erased when the browser is closed. Additionally, there's an option to disable pop-up windows, an increasingly common vector for advertising and other annoyances.

SafeWeb could probably add the capability to block banner ads. Such a feature would be very popular with users, reduce the burden of ad traffic on SafeWeb's infrastructure, and could increase the value of its own banner ads. Perhaps it hasn't done so because it fears that site operators might retaliate by denying access to their sites from SafeWeb's proxy servers.

Other than a slight reduction in browser window real estate, using SafeWeb is remarkably transparent; the speed penalty for using SafeWeb is minimal. Latency when loading a new browser window or new page is slightly higher, but there's almost no perceptible bottleneck in data transfer speed. This hasn't always been the case, due to changes in supply (SafeWeb's infrastructure capacity) and demand (certain freedom-hostile countries and other privacy-unsympathetic institutions that have blocked access to SafeWeb).

It's because of this last problem that SafeWeb has introduced Triangle Boy, a server program for Windows 2000 and Linux that's designed to defeat attempts to block access to SafeWeb. Published under a BSD-style license, Triangle Boy acts as a one-way proxy to SafeWeb. Instead of pointing your Web browser at SafeWeb, you point it at any computer on the Internet running Triangle Boy, which will relay your request to SafeWeb. Then, SafeWeb returns the requested page directly to the client browser, spoofing the origin address so it appears to come from the Triangle Boy host. A central component of denial-of-service (DoS) and other attacks, origin address spoofing must require considerable forbearance on the part of SafeWeb's ISP. Nevertheless, it's a clever way to offer alternate ways to access SafeWeb while minimizing the resource impacts on the Triangle Boy host.

SafeWeb's main pitfall is its lack of native support for other Internet functionality such as mail, news, remote host access, and chat. Browser-based alternatives are available, but these are usually unwieldy and less functional compared with native clients. Also, it's doubtful that SafeWeb will be able to continue defraying its costs through banner ads alone.

Disposable Identities

Montreal-based Zero-Knowledge Systems (ZKS) offers a unique privacy solution called Freedom Internet Privacy Suite (or Freedom, for short). The client software is free to download and available for Windows and Linux, the latter version covered under the Mozilla Public License. Both versions of the Freedom client offer cookie management, ad blocking, and a keyword filter that scans outgoing cleartext traffic for potentially sensitive information, like personal data. The Windows version also includes a Web form filler and a personal firewall. The free version is a worthy security tool in and of itself.

A comprehensive privacy solution from Freedom comes at a price: $50 for a token that can create "nyms," untraceable pseudonymous online identities. With the token, you can create five nyms, each valid for a year, or one nym valid for five years, or any combination thereof. ZKS claims that after the nyms are created, they cannot be traced back to customers. The Freedom client lets the user switch between his or her true identity and any of the user's nyms. When a nym is selected, Internet traffic is encrypted and routed through the Freedom Network, a collection of proxy servers operated by ZKS. Different nyms take different routes through the network, thus indicating different origins. Each nym includes an email account. The Freedom client works with any POP3-compatible mail client to transparently send and receive encrypted nym email to and from the Freedom Network along with existing email.

Freedom supports anonymized Internet access via the HTTP, SMTP, POP3, IRC, telnet, and SSH protocols, letting a user employ the wide variety of Web browsers, mail, chat, and terminal clients available. Usenet access is a bit of a kludge: Posting is supported through a mail to news gateway, but newsgroups can be read only through the Web-based Google Groups (formerly DejaNews). ZKS has indicated that native NNTP news access might be available in the future for an additional cost.

Once the client is installed and nyms are created, Freedom operates unobtrusively. It intercepts all cookies and stores them separately for each nym. The Ad Manager intercepts traffic from an automatically downloaded list of known ad servers, blocking profiling cookies and replacing ad banners with dummy blank images. The firewall asks the user for permission for each application that attempts to connect to or receive connections from the Internet; this is especially valuable for catching "spyware," programs that surreptitiously contact their vendors and send them data about you.

Network performance with Freedom is adequate, but in my experience, Web pages sometimes refused to load. Restarting Freedom, which at each restart selects a new route through the Freedom Network, solves the problem. The client is highly configurable and affords a high level of control over privacy, but is rather complex. This is in stark contrast to the point-and-go ease of SafeWeb. The upside of Freedom is that a user who is willing to study the documentation and learn all of the knobs and switches will come away with a good understanding of issues surrounding Net privacy.

You Can't Be Too Careful

Which of these tools should you use to protect your privacy? Perhaps both. Freedom can work with standard Internet clients, so if you use the Internet extensively and want to continue using your preferred browser, mail, or chat programs, Freedom is your best bet. If you create only one nym, the $50 fee will last you for five years. For more casual Internet users, SafeWeb is a good choice because of its extreme ease of use and low barrier to entry. SafeWeb also lets you use the Internet on a borrowed or publicly available computer without worrying about others eavesdropping on your communications. For users of operating systems other than Windows and Linux, Web-based anonymizers like SafeWeb are often the only game in town.

Trust is a crucial issue when choosing a privacy tool. The ZKS Web site offers extensive documentation and white papers describing Freedom's architecture and security issues. This willingness to expose the workings of its system to public scrutiny and to frankly discuss potential weaknesses and avenues of compromise is a major trust builder, and an example that all purveyors of Internet software or services would do well to follow. SafeWeb's site says all the right things about privacy, but isn't forthcoming with information about how the program works. Its documentation of Triangle Boy is better, because SafeWeb is trying to persuade as many people as possible to install Triangle Boy to evade attempts to block SafeWeb itself. SafeWeb is also partly funded by the Central Intelligence Agency (CIA). What are its motives: enabling its agents to conduct covert online activities? Other, more nefarious possibilities are probably fodder for conspiracy theorists; however, a $1 million investment does not a CIA front make.

Whatever solution you choose, the bottom line is that protecting your privacy online is up to you, the individual surfer. Businesses should be aware of this trend and note that employee monitoring may not be as straightforward as controlling their bandwidth. Business models that depend on tracking Internet users' behavior to make a profit will soon have less and less comprehensive personal information to monetize.

Charlie is an independent consultant living in San Jose, CA. Email him at

Copyright © 2003 CMP Media LLC