Threats to anonymity set at and above the application layer; HTTP headers

[Anothony Georgeo]

Hi Nick,


--- Nick Mathewson <nickm at freehaven.net> wrote:
[snip]
> Right, we need one of these.  Ideally, it would be
> for a Free Sotware proxy that isn't completely
> unsupported and unmaintained: privoxy is showing 
> its age.  I have hopes for proxymodo if it ever 
> becomes portable.
> [snip]
> -- 
> Nick Mathewson


IMO a needed and important feature of any
'filtering/scrubbing' proxy appliction is some sort of
'on-the-fly' decryption>scrubbing>encryption scheme
for ingress/egress HTTPS traffic.

If the appliction could do on-the-fly HTTPS filtering
it would solve our problem.  Not to metion how much
trouble non-tech end-users will have grapsing the
concept of HTTP vs. HTTPS and their related
anonymity/security issues.  Even more difficult for
most end-users will be configuring Privoxy correctly;
imagine if the end-user does not read/comprehend
English well. 

I believe proxomitron [ ;-) ] at one time had an
on-the-fly decryption>scrubbing>encryption feature for
HTTPS ingress/egress traffic on the to-do list.  This
feature was never implimented and there was concern
about the security of on-the-fly
decryption>scrubbing>encryption of HTTPS traffic by
any proxy appliction.

Phillip Zimmermann just released his new VoIP
encryption program called "Zfone".  Zfone
encrypts/decrypts VoIP traffic on-the-fly; much as I
envision the proxy appliction would work with HTTPS
traffic.  Zfone captures and encrypts the VoIP egress
traffic after it leaves the VoIP appliction.  Zfone
then captuers and decrypts the VoIP ingress traffic
before it reaches the VoIP appliction.








__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com