Complication of the communications makes traffic analysis likely prohibitively complex. This design has advantages, but also disadvantages, summarized below: Nevertheless, many security experts are uncomfortable with the unknown extent of the traffic analysis vulnerability - who knows if an anonymizer site is being tapped or not, by whom, and what is being done with the records? The networked anonymizer design meets this threat by passing your communications through a preferably random path of other computers. In practice, only large organizations are usually capable of the Internet network traffic interception and analysis required for this sort of eavesdropping, and they may not be interested in you, so this risk may not be of concern for those doing everyday surfing. It is not known if any anonymizer uses techniques to protect against communications sizing traffic analysis, such as sending continuous streams of noise traffic to connected users to disguise the real responses. Protections that Internet anonymizers can use to mitigate the risk of traffic analysis include: (a) add small but random delays to the passage of responses back to the user to make time matching more difficult (b) make random requests to random pages across the web to pollute the pool (c) have a large number of simultaneous users to make analysis more difficult and (c) have a large cache of web pages so not all incoming requests have outgoing requests. More sophisticated anonymizer traffic analysis could also perform matching on communication sizing - matching incoming unencrypted traffic to outgoing encrypted traffic based on size of the communications. If ten times in a row your communication with the anonymizer is followed milliseconds later by a request from the anonymizer to a particular site, and that site’s response to the anonymizer is followed milliseconds later by an encrypted communication to you, then it is a good bet you made a visit that site. ![]() ![]() For example, analysis of the incoming and outgoing traffic of a single-point anonymizer could note that communications with your machine, even though the contents are encrypted, are closely synchronized in time with the anonymizer site’s unencrypted communications with some particular website. The main advantage of the networked anonymizer design is that it makes traffic analysis - a vulnerability of single-point anonymizers - much more difficult. For example, a request to visit a web page might first go through computers A, B, and C before going to the website, with the resulting page transferred back though C, B, and A then to you. As their name suggests, this type of anonymizer transfers your communications through a network of Internet computers between you and the destination. ![]() The following sections describe the two basic types of Internet anonymizers, networked design and single-point design, and their common common features. You can see some of the wide range of data that websites can read from your browser, including your IP address and other identifying information, at the following sites: An anonymizer protects all of your computer’s identifying information while it surfs for you, enabling you to remain at least one step removed from the sites you visit. Anonymizer sites access the Internet on your behalf, protecting your personal information from disclosure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |