|
|
| Anonymous WWW |
Idea
Due to growing censorship and pressure of several prosecutors worldwide
privacy continously important. Due to misuse of
hidden customer profiles the privacy of most users is vulnerable. In
order to cut down unnecessary information distribution, some of them should
be removed from the HTTP. This can be done:
- at browsers end, which is not expected concerning the current market
shares.
- at servers end. Expecting this is naive.
- between those ends, requiring an active proxy.
Implementation
The currently best known proxy/cache is Squid.
Due to a Fitug project
such a filtering proxy was made. This implementation is similar to the
commercial Anonymizer, but can be a
lucent part of a caching network. Squid version 1.1.0 or higher contains
this patch as a part of the regular distribution.
Such an anonymizing squid filters private data from the HTTP request.
This is very simple:
- A HTTP request (V1.0) contains a header like an eMail does.
MIME Headers are allowed.
- A proxy is urged to resubmit the whole header to the requested
system.
- This resubmittment can be filtered. There are two methods of selecting
or droping header lines.
- Only header lines known to compromise privacy are filtered:
- Authorization: (Removed due to strong customer requests,
password protected pages fail definitly)
- From:
- Referer:
- Server:
- User-Agent:
- WWW-Authenticate:
- Link:
- Only header lines known to be secure are passed.
- GET
- POST
- HEAD
- Allow:
- Cache-control:
- Content-Encoding:
- Content-Length:
- Content-Type:
- Date:
- Expires:
- Host:
- If-Modified-Since:
- Last-Modified:
- Location:
- Pragma:
- Accept:
- Accept-Charset:
- Accept-Encoding:
- Accept-Language:
- Content-Language:
- MIME-Version:
- Retry-After:
- Title:
- URI:
The default is restrictive, only header lines known to be good are passed.
Any other line is filtered. This restrictes further develoment of the
protocol, but can we accept this? If not, toggle the paranoia switch.
|
|
|
|
zurück