chaining JAP and Tor

Thu Jul 21 17:05:01 UTC 2005

I am aware of the security issues with JAP. As i understand it these issues 
are now behind it and it no longer has a backdoor - although at one time it 
did.

I am hoping to chain JAP and Tor - so that I have double protection. This 
belt and braces approach - if there are flaws in one (eg. a back door) then 
I still have the other one to look after me. My anonymity is not entirely in 
the hands of a single entity. Even Tor, with its naval research background, 
could be speculated to have back doors. Althouugh I dont believe such 
speculation. And I am sure there are people on here that have checked its 
source code and can confirm this.

With the set up suggested - have I got such double protection. Is the set-up 
valid? Are there any JAP users on here that would like to comment?
best wishes,
Ben

>From: Exile In Paradise <exile at weylan-yutani.com>
>Reply-To: or-talk at freehaven.net
>To: or-talk at freehaven.net
>Subject: Re: chaining JAP and Tor
>Date: Thu, 21 Jul 2005 10:52:21 -0500
>MIME-Version: 1.0
>Received: from belegost.seul.org ([18.244.0.114]) by MC6-F24.hotmail.com 
>with Microsoft SMTPSVC(6.0.3790.211); Thu, 21 Jul 2005 08:52:27 -0700
>Received: by moria.seul.org (Postfix)id 4411A14081F3; Thu, 21 Jul 2005 
>11:52:24 -0400 (EDT)
>Received: by moria.seul.org (Postfix, from userid 65534)id 41DB514081FB; 
>Thu, 21 Jul 2005 11:52:24 -0400 (EDT)
>Received: from host.helixhosting.com (unknown [207.44.172.113])by 
>moria.seul.org (Postfix) with ESMTP id 12A7114081F3for 
><or-talk at freehaven.net>; Thu, 21 Jul 2005 11:52:23 -0400 (EDT)
>Received: from sulaco (cpe-68-206-246-43.houston.res.rr.com 
>[68.206.246.43])by host.helixhosting.com (8.12.11/8.12.11) with ESMTP id 
>j6LFwKPQ020629for <or-talk at freehaven.net>; Thu, 21 Jul 2005 10:58:21 -0500
>X-Message-Info: JGTYoYF78jEHjJx36Oi8+Z3TmmkSEdPtfpLB7P/ybN8=
>Delivered-To: or-talk-outgoing at seul.org
>X-Original-To: or-talk at freehaven.net
>Delivered-To: or-talk at seul.org
>References: <BAY101-F16B20D5C07E57A71E6BE64B5D60 at phx.gbl>
>Organization: Weylan-Yutani Corporation
>X-Mailer: Evolution 2.2.2 (2.2.2-5) Precedence: list
>X-To-Get-Off-This-List: mail majordomo at seul.org, body unsubscribe or-talk
>Return-Path: owner-or-talk-outgoing at seul.org
>X-OriginalArrivalTime: 21 Jul 2005 15:52:28.0400 (UTC) 
>FILETIME=[32440F00:01C58E0C]
>
>On Thu, 2005-07-21 at 15:25 +0000, Ben Clifford wrote:
> > Here I outline a methodology for doing this and I would be very 
>interested
> > to hear back as to what people think of its validity. It requires you to
> > have both JAP and Tor installed on your system. The JAP client is set up 
>as
> > to use the mix cascade system (ie. it is set as an HTTP proxy in your
> > browser and NOT a Socks proxy).
>
>AFAIK, JAP is totally compromised by at least the German gov't.
>There are many long-running discussions in the Freenet/Frost forums
>about JAP being compromised. Most Freenet users refuse to use it.
>
> > In the configuration settings JAP has the option to use a proxy. In the 
>JAP
> > proxy tab enter Tor as a SOCKS proxy
> > The data flow will then be as follows....
> >
> > 1) browser (http/https/ftp) points to JAP client
> > 2) JAP client
> > 3) data sent through ISP
> > 4) data sent through Tor
> > 5) data goes through JAP mix cascade
> > 6) data arrives at target website
>
>This configuration allows the people who compromised JAP to trace
>all of your traffic, even into the TOR network. Even if the traffic
>was encrypted before entering JAP, traffic analysis is possible.
>
> > So, first your ISP IP is passed to Tor. Tor IP is then passed to JAP. 
>JAP IP
> > is then passed to target website.
>
>The configuration above seems to imply your traffic is passed to JAP
>first, making that the first/best point to compromise the entire
>channel.
>
> > Note that this arrangement does not address the DNS problem with Tor 
>(see
> > Tor documentation). For this we need to use an arrangement incorporating
> > Privoxy.
> > Here in the JAP proxy tab Privoxy is entered as an HTTP proxy, with 
>Privoxy
> > being configured to work with Tor (see Tor website for details on this).
> >
> > 1) browser (http/https/ftp) points to JAP client
> > 2) JAP client
> > 3) data sent through ISP
> > 4) data sent through privoxy + Tor
> > 5) data goes through JAP mix cascade
> > 6) data arrives at target website
> >
> > To reiterate, would be so grateful if people could get back to me as to
> > whether what is outlined here is correct.
>
>Personally, IMHO, I would drop the JAP connections entirely, due to
>the numerous complaints I have read on Freenet about how it has been
>backdoored/compromised by elements of the German government, and
>possibly others.
>
>I personally have not examined the source (if available) and everything
>I am reporting is purely hearsay. But, I thought it worth mentioning
>so that you could do your own research about the possibility.
>--
>Exile In Paradise
>A Thaum is the basic unit of magical strength.  It has been universally
>established as the amount of magic needed to create one small white pigeon
>or three normal sized billiard balls.
>                 -- Terry Pratchett, "The Light Fantastic"
>