Anonymous WWW

Idea

Due to growing censorship and pressure of several prosecutors worldwide privacy continously important. Due to misuse of hidden customer profiles the privacy of most users is vulnerable. In order to cut down unnecessary information distribution, some of them should be removed from the HTTP. This can be done:
  • at browsers end, which is not expected concerning the current market shares.
  • at servers end. Expecting this is naive.
  • between those ends, requiring an active proxy.

Implementation

The currently best known proxy/cache is Squid. Due to a Fitug project such a filtering proxy was made. This implementation is similar to the commercial Anonymizer, but can be a lucent part of a caching network. Squid version 1.1.0 or higher contains this patch as a part of the regular distribution.

Such an anonymizing squid filters private data from the HTTP request. This is very simple:

  1. A HTTP request (V1.0) contains a header like an eMail does. MIME Headers are allowed.
  2. A proxy is urged to resubmit the whole header to the requested system.
  3. This resubmittment can be filtered. There are two methods of selecting or droping header lines.
    1. Only header lines known to compromise privacy are filtered:
      • Authorization: (Removed due to strong customer requests, password protected pages fail definitly)
      • From:
      • Referer:
      • Server:
      • User-Agent:
      • WWW-Authenticate:
      • Link:
    2. Only header lines known to be secure are passed.
      • GET
      • POST
      • HEAD
      • Allow:
      • Cache-control:
      • Content-Encoding:
      • Content-Length:
      • Content-Type:
      • Date:
      • Expires:
      • Host:
      • If-Modified-Since:
      • Last-Modified:
      • Location:
      • Pragma:
      • Accept:
      • Accept-Charset:
      • Accept-Encoding:
      • Accept-Language:
      • Content-Language:
      • MIME-Version:
      • Retry-After:
      • Title:
      • URI:
The default is restrictive, only header lines known to be good are passed. Any other line is filtered. This restrictes further develoment of the protocol, but can we accept this? If not, toggle the paranoia switch.
zur ckzurück © 1996-2017 Lutz Donnerhacke @ IKS GmbH Jena Friday | 22.Sep.2017