Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
The Internet

How Effective Is SafeWeb? 9

Posted by Cliff from the protecting-your-privacy-or-digital-snale-oil dept.
Microsift asks: "I just found this site a couple of days ago and it seems pretty cool. It claims that it encrypts everything that goes through your browser so that no one can tell who you are or what you are doing. Does this kind of technology work? Why isn't everyone using it?"
This discussion has been archived. No new comments can be posted.

How Effective Is SafeWeb? More

How Effective Is SafeWeb?

Comments Filter:
  • After using it for a while, the speed became apparent that it's just a public proxy server for HTTP/FTP. Not a new idea by any means, but certainly a clever way of phrasing it. Unfortunately, it's extremely slooowwww.
  • Sounds similar to the Anonymizer. (http://www.anonymizer.com)
  • The website does not contain a lot of details, but the basic philosophy seems to be sound. Assuming they got the details correct (the methods of handling cookies, Java, JavaScript, etc.), they should be able to prevent many covert methods of identification.

    The major issue I have is that SafeWeb works as a SSL man-in-the-middle. This dramatically changes my scope of trust. At first you might think you just have to trust them to keep you anonymous. But this SSL issue means you also have to trust that they do not view or modify any SSL traffic from the target site. I'm not sure about how to still keep your location private, but I would much prefer some method of doing end-to-end encryption with the target site.

    Here are a few other thoughts about the technical details. One area of concern is how through are they about redirecting web requests, for example I was thinking this currently would not foil a web-bug. There is also little SafeWeb can do for you when you voluntarily breach your anonymous veil, except for the cookie management. Don't expect this site to work as a means of getting past censorware, because you can bet they will block it under every category!

    I wonder what type of servers they are using. Sounds like they need lots of SSL processing (fair disclosure, I've helped design commercial SSL Accelerators). That will probably make this website a bit more expensive to run. I also wonder about internal security, both because of the SSL issue, and the fact you would expect spies to be interested in knowing more about anyone who wants to be anonymous. In particular, obtaining the SafeWeb SSL private key could be potentially quite valuable.

    Finally, you should consider the trust and business models. As mentioned above, you have to trust SafeWeb, as a company, not to store or reveal your information. I'm a little cynical about advertising supported businesses, because I think they have lots of motivation to increase the amount of information they know about you. Still, their privacy statement as it stands now looks good. If you plan on using SafeWeb (for non-SSL transactions), I'd keep a careful eye on the privacy statement to make sure it remains good.

  • Anonymous Proxies (Score:1)

    by Anonymous Coward
    There is a list of anonymous proxies available at webveil.com [webveil.com]. They seem to list Safeweb as one of their top choices.
  • Proxys-4-all has been running a list of bothe anonymous and non-anonymous proxies for a few years. They are listed such that you can choose anon/non-anon, and then pick a domain (eg: .edu, .jp, etc.) from which you want to get a proxy, then it is just a matter of finding the one that is fastest for you from the list that it returns.
    PROXYS-4-ALL [cgi.net]
  • Ok. When a co-employee of mine left for another gig, I had to do research into what they were doing in order to see if there were any possible intellectual property issues to be dealt with. He had left for a company much like SafeWeb, although I won't mention the name here.

    The basis idea is that thye act as a full-scale proxy for all your requests. That means that everything you do goes through them. And they are pretty thourough. every url gets changed on the pass through, if it's just going via a cgi-script, and then there are a few companies that actually act as right-out http-proxies.

    Anyway...

    Here are a few other thoughts about the technical details. One area of concern is how through are they about redirecting web requests, for example I was thinking this currently would not foil a web-bug.

    Yeah. they do actually. The web bug acts just like any other document being requested. The people who placed the web bug will only get SafeWeb's redirector machine ALOT. But not you.

    I wonder what type of servers they are using. Sounds like they need lots of SSL processing

    Yeah. you're definately right on that one. In fact, they need alot of processing just to reinterpret all the html data... It's a huge effort, and I'm not sure how SafeWeb is handling cost, but I find it very unlikely that it's a model that could possibly succeed using just ad revenue. It's really compute-intensive (and bandwidth-intensive) to have everyone's traffic run through and edited by your machines.

    That's all I've got for now. I'm sleepy. -Andrew

  • security holes? (Score:1)

    by Anonymous Coward
    If the service doesn't screen out all content (Java applets, etc) it is possible for a site to obtain your real IP address...

    A la: http://www.alcrypto.co.uk/java/ [alcrypto.co.uk]

    Has anyone heard of any still un-fixed holes in safeweb or anonymizer??
  • It actually makes it easier for people to spy on you.

    _ALL_ your traffic is going through the service. And if you have an account with the service, they can really know what you are doing.

    In comparison sure your ISP could spy on you, but it takes more effort, and most ISPs have better things to do - most don't have enough staff, so who's gonna do the spying?

    So the only difference I see is that you end up with slower connections and instead of the ISP being able to spy on you, the "anonymizing service" can.

    Why bother getting slower service for little gain?

    Cheerio,
    Link.
  • When you use safewab it passes the url of the site as part of the safeweb page, for example:
    https://www.safeweb.com/o/_i:_o(154):www.slashdot. org

    Does https mast the url? If not all someone would need to do is look at the full url to see where you were visiting.

Slashdot Top Deals

God help those who do not help themselves. -- Wilson Mizner

Close