JAP compromised, privacy community panics

3 views
Skip to first unread message

Captain FUD

unread,
Jul 28, 2003, 5:59:56 PM7/28/03
to
The JAP page now has a very strange "update" on their site after the service
was mysteriously down due to a "hardware failure.

This is what it said.

http://anon.inf.tu-dresden.de/index_en.html


Mix service temporarily not available: Currently the Mixservice is Down due to a hardware
failure. We try to replace the hardware as soon as possible but it might take some days. We are
sorry for the inconvenience caused. (07/28/03).

UPDATE! As soon as our servoce works again an obligatory Update (version 00.02.001) is needed
by all users.

--

There is no indication of what this "upgrade" is, which is very bizarre. Even Microsoft explains
"upgrades." So they mysteriously disappear and come back, ordering an "upgrade" with no
apparent reason, as if they have been taken over and their hardware replaced, requiring
this ham-handed segue into tricking users into installing some weird spyware.

What does the new code contain but strange data like
"CAMsg::printMsg(LOG_INFO,"Loading Crime Detection Data....\n");"
"CAMsg::printMsg(LOG_CRIT,"Crime detected -- ID: %u -- Content: \n%s\n",id,crimeBuff,payLen);"

Additionally, there are other bizarre variable names that sound like something from a bad
hacker movie.

I would have to say that at this point, JAP is obviously compromised and should be avoided.
Who got to them?

Comrade

unread,
Jul 28, 2003, 6:08:57 PM7/28/03
to
On Mon, 28 Jul 2003 21:59:56 +0000, Captain FUD wrote:

> Who got to them?

ALTOPIA.com http://www.mysolution.ws/altopia/altopia.htm
keyword used: altopia
Google: 11
Yahoo: 11
Netscape: 15
MSN: > 100
keyword used: "chris caputo"
Google: 77
Yahoo: 40
Netscape: 51
MSN: > 100

and you can check for these, and I think you know what the best keywords
could be for these links to pop up, at opportune times

SUPERNEWS http://www.mysolution.ws/stuporduck.htm
(actually did the "snicker")

VISI.com http://www.mysolution.ws/visi.htm
QUICKSILVER AND RICHARD CHRISTMAN http://www.mysolution.ws/war1.htm
MIXMASTER AND PETER PALFRADER http://www.mysolution.ws/palfrader/pal.html
David Iain Greig, moderator of talk.origins
http://www.mysolution.ws/satanists.htm

proof of Micro$oft/Bu$h international software cartel
http://www.mysolution.ws/operation

HOW ALL CABALS OPERATE
http://www.mysolution.ws/cabal.htm

WHO THEY ARE MESSING WITH
http://www.mysolution.ws/dale.htm

--
Comrade
see my ROAD TO THE UNITED FRONT http://www.mysolution.ws
the aristocracy was the problem in 1776, the aristocracy is the problem today
http://www.aclu.org/dissentreport
Aristocrats CRUCIFIED Jesus
we must close the door by which aristocracy arises

Martin Luther King Jr said
"I have a dream that one day this nation will rise up and live out the true
meaning of its creed: "We hold these truths to be self-evident: that all
men are created equal."

and their creed became, I REFUSE TO DREAM

and when we REFUSE TO DREAM? when we go on a strike? when we propose
laissez faire with respect to what we control? WELL, you see the story of
laissez faire changes quick, immediately there is not a hands-off policy,
and we are forced back to work, via anti-strike legislations, Taft-Hartley
acts, etc., not only are we not allowed to dream our dream, we are forced
to keep dreaming their's, we are niether allowed to dream or not dream,
and such is how Pharoah robs a man of his asylum in himself, and sets up
Pharoah as man's only asylum (http://www.mysolution.ws/cabal.htm)

Statements of supposed science, without statistics, are just as much religion,
and ONLY statements of faith as any religion, or statement of faith,
except they profess the supposed scientist is God, even more
dangerous than religion or God. There is no science, without a statement of
statistics, AND any statement without statistics, is a conjecture of faith
by the professor of such statement, and the "believer". An ethical
house cleaning of science and government is in order.

"Does God want goodness? or the choice of goodness?
Is the man who chooses bad, somehow better,
than the man who has the good forced upon him?"
a quote from the movie, A Clockwork Orange, Kubrick

Enlightenment is man's release from his self-incurred tutelage.
Tutelage is man's inability to make use of his understanding
without direction from another. Self-incurred is this tutelage when
its cause lies not in lack of reason but in lack of resolution
and courage to use it without direction from another. Sapere aude!
"Have courage to use your own reason!" - that is the motto
of enlightenment.
Kant -- What Is Enlightenment? 1784

"It all sums up into one single purpose,
the abolition of dog-eat-dog under which we live...
and I traveled the United Front road to get it."
-- Roger Baldwin, Co-Founder ACLU (American Civil Liberties Union)

"Timothy Leary's dead, No No No No, He's outside, looking in
Timothy Leary's dead, No No No No, He's outside, looking in"
MOODY BLUES

"Then Jesus said unto them, Take heed and beware of the leaven of the Pharisees and of the Sadducees."--Matthew 16:6
(religious and political leaders that are hypocrites)

(leaven is yeast, AIR IN BREAD, bullshit, fluff, marketing, snake oil - HYPOCRISY)

"How is it that ye do not understand that I spake it not to you concerning bread, that ye should beware of the leaven of the Pharisees and of the Sadducees? Then understood they how that he bade them not beware of the leaven of bread, but of the doctrine of the Pharisees and of the Sadducees."--Matthew 16:11-12

"But woe unto you, scribes and Pharisees, hypocrites! for ye shut up the kingdom of heaven against men: for ye neither go in yourselves, neither suffer ye them that are entering to go in."--Matthew 23:13

"Woe unto you, scribes and Pharisees, hypocrites! for ye devour widows' houses, and for a pretence make long prayer: therefore ye shall receive the greater damnation."--Matthew 23:14

"Woe unto you, scribes and Pharisees, hypocrites! for ye compass sea and land to make one proselyte, and when he is made, ye make him twofold more the child of hell than yourselves."--Matthew 23:15

"Woe unto you, scribes and Pharisees, hypocrites! for ye pay tithe of mint and anise and cummin, and have omitted the weightier matters of the law, judgment, mercy, and faith: these ought ye to have done, and not to leave the other undone."--Matthew 23:23

"Woe unto you, scribes and Pharisees, hypocrites! for ye make clean the outside of the cup and of the platter, but within they are full of extortion and excess."--Matthew 23:25

"Woe unto you, scribes and Pharisees, hypocrites! for ye are like unto whited sepulchres, which indeed appear beautiful outward, but are within full of dead men's bones, and of all uncleanness."--Matthew 23:27

"Woe unto you, scribes and Pharisees, hypocrites! because ye build the tombs of the prophets, and garnish the sepulchres of the righteous,"--Matthew 23:29

"And he charged them, saying, Take heed, beware of the leaven of the Pharisees, and of the leaven of Herod."--Mark 8:15

"And he said unto them in his doctrine, Beware of the scribes, which love to go in long clothing, and love salutations in the marketplaces,"--Mark 12:38


see my ROAD TO THE UNITED FRONT http://www.mysolution.ws

Edison Carter

unread,
Aug 11, 2003, 8:08:43 PM8/11/03
to
"Captain FUD" <f...@fubar.org> wrote in
<V1C1050J37830.7089699074@anonymous.poster>

<FANFARE. A caption announces "Network 23"; although obviously produced on
tens of thousands of dollars-worth of graphics equipment, the crude overuse
of edge styles and drop shadows has conspired to give it the appearance of
cheap Letraset. Female announcer's voice over:>

This is Network 23. The network that means business now transmitting live to
the world the award-winning Edison Carter on the "What I Want To Know Show".

<Close up of reporter, sitting in the passenger's seat of the helicopter as
it flies through the gray and rain-laden skies of Dresden heading for the
site of the University. He has a tall, narrow face with intense, searching
eyes, and a shock of tousled blond hair; he is clearly holding his own
camcorder pointed directly at himself to shoot this scene.>

This is Edison Carter, reporting for Network 23, asking the questions that
*you* want answered. Tonight on the 'What I Want To Know Show', I'll be
investigating the mysterious disappearance of privacy surrounding the JAP
web mix-proxy. What I want to know is, who knows what about who's been
surfing where? And why aren't they telling us? And just how long has this
all been going on? Helping us get to the truth tonight is an anonymous
programmer and privacy advocate, and some of the things he has to say make
pretty disturbing listening.

<Cuts to prerecorded interview; anonymous programmer is visible only in
silhouette>

This is very interesting stuff. FYI, none of the crime-related stuff appears
in the two old versions of the proxytest.src.tar that I have lying around,
dated 24/02/2002 21:29 and 05/12/2002 22:19. It should be possible to tell
from the JAP Sourceforge CVS exactly when these code modifications were
introduced.

Looking at the source code, there's no ambiguity at all: the system has been
fatally compromised, intentionally and by design. There is a back-channel
from the last mix (at which point all the data is unencrypted, but the
source IP it arrived from is unknown) to the first mix (at which point the
data is encrypted, but the incoming IP address is known).

The entire security of mix-systems, whether remailers or JAP, rests on an
attacker being unable to link the encrypted activity at the entry point with
the unencrypted activity at the exit point. If a mechanism is built into the
system which breaches that condition, there is no real security in the
system.

<Cut back to Edison Carter>

But that wasn't enough for this investigative journalist. We presented the
new versions of the JAP software source code for a thorough lab analysis to
confirm the accusations made by the anonymous source known only as 'Captain
FUD'. Come with me as we go live and right now, to determine the terrifying
truth behind these allegations.

<Cut to boffin in lab; white-coated, white-haired, and obviously goes to the
same hairdresser as Einstein.>

Here's how it works. At startup time, the software in the last mix in the
chain calls CALastMix::init() (CALastMix.cpp line #82) which includes these
lines:

#ifdef LOG_CRIME
m_nCrimeRegExp=0;
m_pCrimeRegExps=options.getCrimeRegExps(&m_nCrimeRegExp);
#endif

The getCrimeRegExps function is part of the commandline option handling in
CACmdLnOptions.cpp; as an argument passed to the proxy software on the
command line, an XML file is specified, containing the XML specs for a set
of regular expressions that are loaded and precompiled by the modules in the
'tre' subdirectory.

Having set up the list of regexes and the rest of the mix's internal data,
the last mix software then enters CALastMix::loop(). This function receives
packets from the previous mix, decrypts them, and forwards them to the squid
cache that actually proxies the http requests from JAP clients to the
outside world. It contains the code (CALastMix.cpp, line #367)

#ifdef LOG_CRIME

if(payLen<=PAYLOAD_SIZE&&checkCrime(pMixPacket->payload.data,payLen))
{
UINT8 crimeBuff[PAYLOAD_SIZE+1];
memset(crimeBuff,0,PAYLOAD_SIZE+1);
memcpy(crimeBuff,pMixPacket->payload.data,payLen);
UINT32 id=m_pMuxIn->sigCrime(pMixPacket->channel,tmpBuff);
oqueueMixIn.add(tmpBuff,MIXPACKET_SIZE);


CAMsg::printMsg(LOG_CRIT,"Crime detected -- ID: %u --
Content: \n%s\n",id,crimeBuff,payLen);
}

#endif

The checkCrime function looks like this:

#ifdef LOG_CRIME
bool CALastMix::checkCrime(UINT8* payLoad,UINT32 payLen)
{ //Lots of TODO!!!!
//DNS Lookup may block if Host does not exists!!!!!
//so we use regexp....
UINT8* startOfUrl=(UINT8*)memchr(payLoad,32,payLen); //search for first
space...
if(startOfUrl==NULL)
return false;
startOfUrl++;
UINT8*
endOfUrl=(UINT8*)memchr(startOfUrl,32,payLen-(startOfUrl-payLoad));
//search for first space after start of URL
if(endOfUrl==NULL)
return false;
UINT32 strLen=endOfUrl-startOfUrl;
for(UINT32 i=0;i<m_nCrimeRegExp;i++)
{
if(regnexec(&m_pCrimeRegExps[i],(char*)startOfUrl,strLen,0,NULL,0)==0)
return true;
}
return false;
}
#endif

What this does is to separate the url from the "GET http://url/path
HTTP/1.x" request and test it against a set of regexes for matches. This
could be used to detect attempts to access specific sites or urls; also, it
could be used to detect various kinds of hacking attempts directed at
webservers, such as unicode exploits or xss. The processing here is very
simple: unless there are regexes covering all sorts of variations of a url,
you might be able to slip past the regex match by url-encoding some or all
of the url in question, or by referring to a site by IP address rather than
dns name.

It is interesting to note that the code that finds startOfUrl and endOfUrl
is buggy: it will be thrown off by putting an extra space in between "GET"
and "http://url", and will think the url has zero length. You can also fool
this code by using what is known as the HTTP/0.9 format, "GET url" without
any trailing HTTP/x.y version identifier, assuming that that format still
works anywhere. Perhaps by including PAYLOAD_LENGTH spaces in between the
http "GET" and the URL contained in the actual request, you might be able to
push the url into the second mixpacket; I haven't fully analysed the
situation, but if the last mix is only examining the first packet to come
down each virtual mix channel, and assuming the squid proxy isn't thrown off
by lots of spaces in the http request, then that would probably bypass the
detection as well. This is currently the crudest sort of NIDS there is: see
all the papers about bypassing NIDS for more ideas.

Assuming that a match is found, the line

UINT32 id=m_pMuxIn->sigCrime(pMixPacket->channel,tmpBuff);

is the next critical one: it allocates a random ID number to identify the
current packet, and sends a special packet back along the mix chain with the
CHANNEL_SIG_CRIME flag set in the mixpacket flags. It then logs the details

CAMsg::printMsg(LOG_CRIT,"Crime detected -- ID: %u
--Content: \n%s\n",id,crimeBuff,payLen);

including the ID number and the content of the packet that triggered the
regex match. The return packet proceeds back along the mix chain until it is
received at the first mix. That mix is also running a packet-processing
loop, in CAFirstMix::loop(). At CAFirstMix.cpp line #784, we see this code:

#ifdef LOG_CRIME
if((pMixPacket->flags&CHANNEL_SIG_CRIME)==CHANNEL_SIG_CRIME)
{
UINT32 id=(pMixPacket->flags>>8)&0x000000FF;
CAMsg::printMsg(LOG_CRIT,"Detecting crime activity - ID: %u
--In-IP is:
%u.%u.%u.%u\n",id,pEntry->pHead->peerIP[0],pEntry->pHead->peerIP[1],pEntry->
%pHead->peerIP[2],pEntry->pHead->peerIP[3]);
continue;
}
#endif

Here, very clearly, the ID code that was generated at the last mix and
logged along with the URL request that triggered the regex match is being
logged again, along with the incoming IP address from which the URL request
originally came.

<Cut back to Edison Carter in the helicopter, now touching down outside the
University of Dresden. In the background, a building explodes in a ball of
flame.>

BOOOOOOM!!!! What was that? It was JAP's anonymity going up in smoke.

<Edison leaps from the helicopter and sprints toward the scene of the
explosion. A number of Teutonic academics are fleeing the scene, lab-coats
in tatters, beards still smouldering. Edison scans the crowd of fleeing
professors and singles one out; he runs over and falls into step, jogging
alongside the fleeing man. The professor keeps his head down and covers his
face from the camera with his hands; Edison addresses questions to his
fleeing form.>

Dr. Federrath, I see you're quite keen on protecting your own privacy there,
but what do you say to the allegation that JAP users no longer can expect
any privacy from the mix operators?

Dr. Federrath, on the JAP project website, at
http://anon.inf.tu-dresden.de/Selbstverpflichtung_en.html, it quite clearly
says that "All mix providers for the JAP internet service declare in the
following official declaration, that they do not save connection log files
or exchange with other mix providers data which could be used to uncover JAP
users".

Dr. Federrath, what is this back-channel, if not an exchange of data between
mix providers for the specific purpose of uncovering JAP users?

Doctor, will you confirm that this new software places the entire JAP
project in breach of its own promise?

<The sinister doctor, having answered nothing, disappears behind a shield of
bodyguards into a limo with blacked-out windows that speed off rapidly into
the distance. Edison heads back into the helicopter which returns to the
skies, and does a to-camera shot to wrap up.>

The situation then is that the JAP system is completely compromised, as
compared to its original ideal to be a mix-mailer like system for the web.
Originally, tracking traffic through JAP would have been as hard as tracking
it through the remailers: an attacker would need to record ALL traffic at
ALL points throughout the mix-net to stand a good chance of identifying one
user's traffic. Now, the system includes a back channel, specially designed
to link the first and last mix, thereby eliminating the need to monitor all
the traffic, and making real time tracking simplicity itself. The URLs in
the http requests sent by JAP clients are compared against a list of
'criminal' URLs, and if a match is detected, the first and last mixes in the
mix-chain collaborate to record the IP address from which the request was
sent and the details of the request.

<Closing credits begin to roll over picture.>

Tune in again next week, when I'll be asking the questions you want to hear
answered, such as "Why does the JAP client software contain an XML-RPC
server?" and "Why, if the entire client is written in nice safe Java, is
there now code in there that wants to load a native dll, japdll.dll, when
there's no such dll distributed with the client package?" This is Edison
Carter, Network 23, signing off.

<Cut to black.>


JAP Team

unread,
Aug 14, 2003, 9:46:05 AM8/14/03
to
Hello,

it is good to know there are people who read the source code. Yes,
your analysis of the backchannel is correct…
… but the most important thing: JAP still allows anonymous surfing,
still on the probably highest level world-wide. So there is no reason
to exaggerate a single case and read too much into things.

What has actually happened? The project operators of AN.ON received a
judicial instruction that said that the access to a particular IP
address had to be recorded for a limited time period. The background
is preliminary proceedings by the German Federal Bureau of Criminal
Investigation. Such a judicial instruction cannot be rejected without
risking severe sanctions. This applies even if you consider this
judicial instruction to be not correct. It's the same thing here: The
operators of AN.ON have taken measures against this instruction but
they have to adhere to it until a higher instance has made a decision.

What was the alternative? Shutting down the service? The security
apparatchiks would have appreciated that – anonymity in the Internet
and especially AN.ON are a thorn in their side anyway. No, in
contrast: AN.ON must be continued and made even more unassailable by
use of further mixes. If we chickened out just because of one single,
quite limited judicial decision that is still to be verified in the
next instance we obviously would not have much to contribute to the
struggle for anonymity in the Internet.

The JAP update of July did not have to do anything with this process;
it is rather a product of the suggestions for improvement by thousands
of JAP users.

However, since the judicial instruction landed on the desk at this
time, a server update (but not one of JAP) was necessary. As already
mentioned it is good to know that people actually read our source
code, but this time, it lead to the misunderstanding that the JAP was
generally opened for the sake of criminal prosecution.

Why the operators of AN.ON have not been addressing the public by
themselves, yet? In Germany, there are holidays, too, and a judicial
instruction of this kind was something perfectly new for all involved,
particularly the holiday crew.

Therefore: keep cool. AN.ON is and will remain *the* service when it
comes to anonymity. Only because one single judge has decided
(provisionally) that all access to a particular IP address are to be
recorded for a limited time period, there is no reason to throw the
baby out with the bathwater.

MfG
The JAP Team

Vidkun Quisling

unread,
Aug 15, 2003, 12:11:40 PM8/15/03
to
On Mon, 28 Jul 2003, f...@fubar.org (Captain FUD) wrote:

This is the language of the obligatory "trojan horse" update announcement by which
people were tricked into downloading spyware versions of JAP:

>UPDATE! As soon as our servoce works again an obligatory Update (version
>00.02.001) is needed
>by all users.

Here is a response by the JAP Team, or at least it could be. It could be a troll making stuff
up, too, because they don't bother to sign it.

On 14 Aug 2003, j...@inf.tu-dresden.de (JAP Team) wrote:
>Hello,

>it is good to know there are people who read the source code. Yes,
>your analysis of the backchannel is correct…

This is the important point. They did, in fact, shut down the service as it previously existed and install
a compromised version of the servers, then trick people into downloading a trojan horse as an
"update."

This is the main point. They did, in fact, trick people into downloading a Trojan


>… but the most important thing: JAP still allows anonymous surfing,
>still on the probably highest level world-wide. So there is no reason
>to exaggerate a single case and read too much into things.

The whole network is compromised now. Certainly you know that.

>What has actually happened? The project operators of AN.ON received a
>judicial instruction that said that the access to a particular IP
>address had to be recorded for a limited time period. The background
>is preliminary proceedings by the German Federal Bureau of Criminal
>Investigation. Such a judicial instruction cannot be rejected without
>risking severe sanctions. This applies even if you consider this
>judicial instruction to be not correct. It's the same thing here: The
>operators of AN.ON have taken measures against this instruction but
>they have to adhere to it until a higher instance has made a decision.

>What was the alternative? Shutting down the service? The security

You DID shut down the service as it previously existed, as an anonymity
service. You continued operation as a trojan horse operation after tricking your
users into downloading a compromised version.

How do we know you won't do that in the future?

>apparatchiks would have appreciated that – anonymity in the Internet
>and especially AN.ON are a thorn in their side anyway. No, in
>contrast: AN.ON must be continued and made even more unassailable by
>use of further mixes. If we chickened out just because of one single,
>quite limited judicial decision that is still to be verified in the
>next instance we obviously would not have much to contribute to the
>struggle for anonymity in the Internet.

Hmm, so in the struggle for anonymity, you

A) shut down the original service
B) tricked all your users into downloading a compromised version so you could
spy on them
C) then proceeded to do just that.

If that's struggling for anonymity I'd hate to see what would happen if you firmly
committed yourself to the other side! It appears you not only turned over any information
you had, you joyously became a member of the secret police yourself!

>The JAP update of July did not have to do anything with this process;
>it is rather a product of the suggestions for improvement by thousands
>of JAP users.

Ah. Which one of those thousands suggested JAP would be better with
spyware installed?

>However, since the judicial instruction landed on the desk at this
>time, a server update (but not one of JAP) was necessary. As already
>mentioned it is good to know that people actually read our source
>code, but this time, it lead to the misunderstanding that the JAP was
>generally opened for the sake of criminal prosecution.

No, just operated for the sake of criminal prosecution whenever you're asked.
And you can be trusted to do the work of the secret police and keep it quiet, too.

>Why the operators of AN.ON have not been addressing the public by
>themselves, yet? In Germany, there are holidays, too, and a judicial
>instruction of this kind was something perfectly new for all involved,
>particularly the holiday crew.

>Therefore: keep cool. AN.ON is and will remain *the* service when it
>comes to anonymity. Only because one single judge has decided
>(provisionally) that all access to a particular IP address are to be
>recorded for a limited time period, there is no reason to throw the
>baby out with the bathwater.

If the baby is anonymity, that was chucked out the moment you tricked your users
into downloading spyware.

Vidkun Quisling

unread,
Aug 15, 2003, 2:28:01 PM8/15/03
to
On Mon, 28 Jul 2003, f...@fubar.org (Captain FUD) wrote:

This is the language of the obligatory "trojan horse" update announcement by which
people were tricked into downloading spyware versions of JAP:

>UPDATE! As soon as our servoce works again an obligatory Update (version


>00.02.001) is needed
>by all users.

Here is a response by the JAP Team, or at least it could be. It could be a troll making stuff


up, too, because they don't bother to sign it.

On 14 Aug 2003, j...@inf.tu-dresden.de (JAP Team) wrote:

>Hello,

>it is good to know there are people who read the source code. Yes,
>your analysis of the backchannel is correct…

This is the important point. They did, in fact, shut down the service as it previously existed and install


a compromised version of the servers, then trick people into downloading a trojan horse as an
"update."

This is the main point. They did, in fact, trick people into downloading a Trojan

>… but the most important thing: JAP still allows anonymous surfing,
>still on the probably highest level world-wide. So there is no reason
>to exaggerate a single case and read too much into things.

The whole network is compromised now. Certainly you know that.

>What has actually happened? The project operators of AN.ON received a


>judicial instruction that said that the access to a particular IP
>address had to be recorded for a limited time period. The background
>is preliminary proceedings by the German Federal Bureau of Criminal
>Investigation. Such a judicial instruction cannot be rejected without
>risking severe sanctions. This applies even if you consider this
>judicial instruction to be not correct. It's the same thing here: The
>operators of AN.ON have taken measures against this instruction but
>they have to adhere to it until a higher instance has made a decision.

>What was the alternative? Shutting down the service? The security

You DID shut down the service as it previously existed, as an anonymity

service. You continued operation as a trojan horse operation after tricking your
users into downloading a compromised version.

How do we know you won't do that in the future?

>apparatchiks would have appreciated that – anonymity in the Internet


>and especially AN.ON are a thorn in their side anyway. No, in
>contrast: AN.ON must be continued and made even more unassailable by
>use of further mixes. If we chickened out just because of one single,
>quite limited judicial decision that is still to be verified in the
>next instance we obviously would not have much to contribute to the
>struggle for anonymity in the Internet.

Hmm, so in the struggle for anonymity, you

A) shut down the original service
B) tricked all your users into downloading a compromised version so you could
spy on them
C) then proceeded to do just that.

If that's struggling for anonymity I'd hate to see what would happen if you firmly
committed yourself to the other side! It appears you not only turned over any information
you had, you joyously became a member of the secret police yourself!

>The JAP update of July did not have to do anything with this process;


>it is rather a product of the suggestions for improvement by thousands
>of JAP users.

Ah. Which one of those thousands suggested JAP would be better with
spyware installed?

>However, since the judicial instruction landed on the desk at this


>time, a server update (but not one of JAP) was necessary. As already
>mentioned it is good to know that people actually read our source
>code, but this time, it lead to the misunderstanding that the JAP was
>generally opened for the sake of criminal prosecution.

No, just operated for the sake of criminal prosecution whenever you're asked.


And you can be trusted to do the work of the secret police and keep it quiet, too.

>Why the operators of AN.ON have not been addressing the public by


>themselves, yet? In Germany, there are holidays, too, and a judicial
>instruction of this kind was something perfectly new for all involved,
>particularly the holiday crew.

>Therefore: keep cool. AN.ON is and will remain *the* service when it
>comes to anonymity. Only because one single judge has decided
>(provisionally) that all access to a particular IP address are to be
>recorded for a limited time period, there is no reason to throw the
>baby out with the bathwater.

If the baby is anonymity, that was chucked out the moment you tricked your users
into downloading spyware.


John E. Hadstate

unread,
Aug 15, 2003, 3:42:32 PM8/15/03
to

"Vidkun Quisling" <vid...@quisling.org> wrote in message
news:72ac3cc04861a133...@remailer.frell.eu.org...

> On Mon, 28 Jul 2003, f...@fubar.org (Captain FUD) wrote:
>
> This is the language of the obligatory "trojan horse" update announcement
by which
> people were tricked into downloading spyware versions of JAP:
>

However thought-provoking your posts may be, they appear to have little or
no relevance to the mechanics of cryptology, which is the focus of the
sci.crypt newsgroup. Perhaps you could find a more appropriate forum?

Douglas A. Gwyn

unread,
Aug 15, 2003, 4:54:25 PM8/15/03
to
Now all your base are belong to us!

John E. Hadstate

unread,
Aug 16, 2003, 11:04:48 AM8/16/03
to

"Juergen Nieveler" <juergen.nie...@arcor.de> wrote in message
news:Xns93D9A767CAD7...@nieveler-43544.user.cis.dfn.de...
> Juergen Nieveler / juergen....@web.de / PGP supported!
> Said the fly, "Let us flee." Said the flea: "Let us fly."

And they flew through a flaw in the flue!


Michael Schierl

unread,
Aug 16, 2003, 1:47:43 PM8/16/03
to
[reduces cross posting a bit]

j...@inf.tu-dresden.de (JAP Team) wrote:

>What has actually happened? The project operators of AN.ON received a
>judicial instruction that said that the access to a particular IP
>address had to be recorded for a limited time period.

Does that mean the IP of the user (which sites he uses) or the IP of a
website (which users visit it?). I guess the latter.

>What was the alternative? Shutting down the service?

Destblocking that IP (show an information to all users that try to
access that host that this cannot be done anonymously due to judicial
instructions.) would be a better alternative.

What would you think of a contraceptive that automatically gets holes
when you try to fuck Monika Levinsky (sp?) with it?

A service that provides high anonymity in 99.9% of all cases and no
anonymity at all in 0.1% of all cases is IMHO useless (as long as the
users do not know which cases that are). Better tell the users that
this site is unavailable so that they can use at least a "less secure"
anonymizing service.

>The security
>apparatchiks would have appreciated that - anonymity in the Internet


>and especially AN.ON are a thorn in their side anyway. No, in
>contrast: AN.ON must be continued and made even more unassailable by
>use of further mixes.

And where is the problem of destblocking a given IP on all "exit"
mixes?

>If we chickened out just because of one single,
>quite limited judicial decision that is still to be verified in the
>next instance we obviously would not have much to contribute to the
>struggle for anonymity in the Internet.

I'm sorry to say that, but a service that is "known" to contain holes
is nothing i'd see as a "contribution to the struggle for anonymity in
the Internet".

>The JAP update of July did not have to do anything with this process;
>it is rather a product of the suggestions for improvement by thousands
>of JAP users.

This might be - but even if you only updated the mix software, it
would eventually become visible to someone that there is a "backdoor"
in your mixes.

>However, since the judicial instruction landed on the desk at this
>time, a server update (but not one of JAP) was necessary. As already
>mentioned it is good to know that people actually read our source
>code, but this time, it lead to the misunderstanding that the JAP was
>generally opened for the sake of criminal prosecution.

Who tells us that you won't add lotsa more addresses to that "watch
list"? If you destblocked them, users would notice.

>Why the operators of AN.ON have not been addressing the public by
>themselves, yet? In Germany, there are holidays, too,

/me knows...

>Therefore: keep cool. AN.ON is and will remain *the* service when it
>comes to anonymity. Only because one single judge has decided
>(provisionally) that all access to a particular IP address are to be
>recorded for a limited time period, there is no reason to throw the
>baby out with the bathwater.

NAK. YMMV.

regards,

Michael
--
"New" PGP Key! User ID: Michael Schierl <schi...@gmx.de>
Key ID: 0x58B48CDD Size: 2048 Created: 26.03.2002
Fingerprint: 68CE B807 E315 D14B 7461 5539 C90F 7CC8
http://home.arcor.de/mschierlm/mschierlm.asc

Eldridge Currie

unread,
Aug 17, 2003, 2:21:12 AM8/17/03
to

"John E. Hadstate" <nos...@null.nil> wrote in message
news:Jxr%a.2266$sA4....@fe02.atl2.webusenet.com...

I just uninstalled the NOW useless program.


Markus Wiese

unread,
Aug 20, 2003, 1:16:39 PM8/20/03
to
There is now a press release of the Independent Centre for Privacy
Protection (ICPP resp. ULD):
http://www.datenschutzzentrum.de/material/themen/presse/anonip_e.htm

hans

unread,
Aug 20, 2003, 9:37:34 PM8/20/03
to

Juergen Nieveler <juergen.nie...@arcor.de> wrote:

>ha...@xxx.ooo (hans) wrote:
>
>> It's secret, man, they're not going to tell us anything. Don't you
>> understand how the secret police operate?
>
>It's not "secret police", it's the plain ordinary police.

Any govt affiliated entity which engages in secret undercover operations
can properly be called 'secret police'.

>Apparently
>the JAP team has been handed a court order to log all traffic going to a
>kiddie-porn site, and of course publishing the address of said site
>would interfere with the police trying to catch the people surfing for
>said kiddie-porn


Yeah sure, a likely story. It's the standard excuse given by sycophants
for all oppressive regimes -- we've got to place everyone under
surveillance
so we can catch kiddie porners, terrorists etc. Of course what
you really want to do is identify everyone who doesn't love Big
Brother.

I might ask, if the URL of the kiddie porn site is already known, why
don't the German authorities take steps to shut it down? I suspect
I know the answer. It's a sting operation of the type that the U.S.
FBI runs all the time. The site is actually run by a secret police
outfit - German, American or other - and it's being used to troll for
suckers. They are trying to entrap poor unsuspecting saps by
inviting them to connect to a "really hot site", and when they do,
BAM they're busted.

And you think that it is worth compromising JAP's security in order
to cooperate with that kind of crap?

hans

unread,
Aug 21, 2003, 3:15:03 AM8/21/03
to

goat troll

unread,
Aug 21, 2003, 10:10:40 AM8/21/03
to
A reverser engineerering reveals of they pretty call:
CAMsg::printMsg(LOG_INFO," that they is references the IP
212.187.157.242 - which you sees is not pr0n at all, but a completely
inoffensive site. They lame stingering operations had gone off wrong
a little bits, methinketh!

ha...@xxx.ooo (hans) wrote in message news:<4B4C4V3U37854.3853587963@Gilgamesh-frog.org>...
> Juergen Nieveler <juergen.nie...@arcor.de> wrote:

JAP Team

unread,
Aug 21, 2003, 11:01:39 AM8/21/03
to
Perhaps you might want to have a look at the Press release from the
AN.ON project:

http://www.datenschutzzentrum.de/material/themen/presse/anonip_e.htm

The AN.ON service allows users to surf the web anonymously by use of a
system in which the communication is lead via anonymising intermediate
computers, so-called mixes. The new version of the mix software
includes a function by use of which the access to a particular web
server can be recorded. Many people felt irritated about this. Due to
the vast number of queries to the collaborators of the research
project at Dresden University of Technology and Free University Berlin
and to the Independent Centre for Privacy Protection
Schleswig-Holstein, Germany, (ICPP) in this context, the ICPP gives
the following statement on the background of the implementation of
this function:

Within the context of concrete preliminary criminal proceedings by the
German Federal Office of Criminal Investigation (BKA) – not against
the ICPP, as wrongly reported –, the ICPP received a judicial
instruction by the Local Court (Amtsgericht) Frankfurt / Main,
Germany, by which the collaborators of the research project AN.ON were
bound to record all access to a particular IP address (which was
probably connected with the release of criminal contents) and to
provide information on the stored data.

Since it is not permissive to release information about current
proceedings according to German law, the project partners did not
inform the public at first. Based on the fact that the developed
software has been released in the source code since the beginning of
the Open Source Project, also the implemented recording function was
of course released. The project partners underestimated the problems
caused by the dilemma between the observance of secrecy within the
context of concrete preliminary proceedings and their own claim for
transparency. They did not want to be accused of aiding and abetting
or penalty thwarting to prevent AN.ON from being criminalised. Since
this was the first judicial instruction of this kind, they did not
have any experience in this context. Because of many AN.ON users'
uncertainty , the project partners feel bound to make a public
statement on this case.

As far as the ICPP is concerned, there is no legal ground for the
judicial instruction in the quoted legal instructions of the code of
criminal procedure. The legal view by the ICPP is supported by the
prevailing commentary literature as well as by the Official
Explanation by the legislator in the legislation process of the
corresponding legal instructions. According to the legal instructions
of the §§ 100g and h of the Code of Criminal Procedure
(Strafprozessordnung, StPO) which have become effective on Jan. 1,
2002 as successors to § 12 of the Law on Telecommunication Facilities
(Fernmeldeanlagengesetz, FAG) and on which the lower district court
and the federal bureau of criminal investigations based their claim,
such a claim for information by the criminal prosecution officials may
only refer to those data that are collected and stored by the service
providers in a permissive manner on the basis of given regulations.
However, as the name says, the anonymisation service will not collect
and store any data referring to the user. According to the
Teleservices Data Protection Act (Teledienstedatenschutzgesetz,
TDDSG), this would not be permissive anyway. The order for a data
recording is not supported by the legal regulations the Local Court's
instruction is based on, i.e., the instruction is obviously unlawful.

According to the Code of Criminal Procedure, the order for a data
recording is exclusively permissive in very restricted cases., i.e.,
there has to be the suspect of a criminal offence which is explicitly
recorded in the § 100a of the Code of Criminal Procedure. A decision
based on this paragraph has not been ordered by the police, probably
because the requirements are not met.

The ICPP has immediately made use of the formal measure of appeal from
the decision. Since this appeal has no postpone effect, i.e. the
content of the decision has to be realised until another court
decision in spite of the appeal, the AN.ON developers have programmed
such a function and implemented it in the current version of the mix
software.

By use of this function, it is possible with the co-operation of the
mixes to record the access to a particular given IP address for the
future only. The IP address of the requesting user, the request, date
and time will be recorded. All other web pages and all other users of
the AN.ON service will not be affected, though! The JAP software as
such which has to be installed by all users of the AN.ON service does
not include a recording function. The current, obligatory, update of
the client software JAP has nothing to do with this function.

The ICPP points out explicitly that only the access to the IP address
mentioned in the judicial instruction will be recorded. The AN.ON
operators guarantee that also in the future, no access will be
recorded without a judicial instruction. The AN.ON service is operated
in every respect in accordance to the valid laws, i.e., a collection
and storage of user data would be unlawful and will therefore not be
carried out. On the other hand, the commitment to law and order means
that a judicial instruction cannot be simply ignored.

Therefore, making the monitoring of access to a particular IP address
related to criminal contents possible does not mean that all users of
the service are monitored. Only in single cases and if all legal
requirements are met, i.e. if there is a binding judicial instruction,
the AN.ON service will record the access to a particular IP address
which has been precisely defined by the judge.

Except for the case mentioned above, the protection of the users'
anonymity is and will remain the central warranty of AN.ON. The AN.ON
operators warn against the generalisation of this single case and the
general jeopardising of the whole service. Anonymity in the internet
makes still sense when the access to a single website with illegal
content is recorded for a limited time period due to a court decision.

From the beginning, AN.ON has been the target of suspicion and
scepticism by many security officials at home and abroad. This had the
result that AN.ON has not only been attacked in police publications
but that single collaborators of Dresden University of Technology have
even been summoned by the police for interrogation. The operators did
not submit to the police pressure but they have to keep to a judicial
instruction just like everybody else. Certain security circles would
probably be very happy if the AN.ON operator would give up now and
drop the guarantee for the anonymous internet access. But the AN.ON
operators do not want to give them this favour. Therefore, AN.ON will
be continued. Those who are really concerned about the anonymity in
the internet should deal with the police procedure in a critical way
and support AN.ON instead of regarding AN.ON operators as the "main
enemy". It is not AN.ON that endangers anonymity but legally dubious
police interference in the operation of AN.ON. Another thing to be
questioned is why a decision about the ICPP appeal has still not been
made after more than six weeks.

We are convinced that the right for anonymity is secured by the
constitutional law. Further on, it results explicitly from the
Teleservices Data Protection Act. All those who want to defend this
right like the ICPP should support AN.ON and the ICPP. We actually
know about our responsibility for the AN.ON users.

Information on the work of the ICPP:

Independent Centre for Privacy Protection

Schleswig-Holstein
Holstenstraße 98 / 24103 Kiel
Germany
Phone: 0431/988-1200 / Fax: 0431/988-1223
E-Mail: ma...@datenschutzzentrum.de
Homepage: http://www.datenschutzzentrum.de

Information on AN.ON:

www.anon-online.de

A.Lizard

unread,
Aug 21, 2003, 5:15:07 PM8/21/03
to
j...@inf.tu-dresden.de (JAP Team) wrote in message news:<26e1a3d6.03082...@posting.google.com>...

> Perhaps you might want to have a look at the Press release from the
> AN.ON project:
>
> http://www.datenschutzzentrum.de/material/themen/presse/anonip_e.htm
>
> The AN.ON service allows users to surf the web anonymously by use of a
>

As is rather plain from this The Register article
http://theregister.co.uk/content/55/32450.html
one can NOT surf anonymously with the AN.ON application, you did not
make any attempt to warn your user base, somebody had to disassemble
your code to find the backdoor.

There is nothing that your press release *can* contain that can spin
this away. There is no such thing as "anonymous except for" any more
than there is "she is only a little bit pregnant".

Any end user of your product with a working brain will find another
solution.

You might as well shut down your project, your credibility is
disappearing as the word gets around.

Anonymous

unread,
Aug 21, 2003, 5:15:57 PM8/21/03
to
On 21 Aug 2003, Juergen Nieveler <juergen.nie...@arcor.de> wrote:
>ha...@xxx.ooo (hans) wrote:

>> Yeah sure, a likely story. It's the standard excuse given by
>> sycophants for all oppressive regimes -- we've got to place everyone
>> under surveillance
>> so we can catch kiddie porners, terrorists etc. Of course what
>> you really want to do is identify everyone who doesn't love Big
>> Brother.

>Well, it's the story that the JAP team has been given, and they cannot
>ignore a court order.

I can't imagine a court order that explicitly states that they must create a spyware version
of software, then trick people into downloading it under false pretenses. Additionally, the
fact that they admitted it upon being asked seems to indicate they were NOT under any
compulsion not to explain themselves. They only admitted it when they were flat-out
caught.

Additionally, tricking people into installing spyware may even be illegal. At the very least,
tricking people into installing spyware under the false pretense that it is privacy software is
a form of fraud.

I'd like to see this "court order" and where it required tricking people into installing spyware
and quite possibly violating laws against distributing viruses, worms and trojans.

Scott

unread,
Aug 21, 2003, 6:54:31 PM8/21/03
to
gy...@gyges.net (goat troll) wrote in message news:<9a5fcb75.03082...@posting.google.com>...

Well, you can telnet to port 25 of that IP and reach a mail server there.
But I just am grasping at straws and not a privacy expert so I don't know
what JAP will route, other than ports 80 and 443.
Try fishing around with port 443. I get either cgi-bin/ access forbidden,
or
This is the Plesk Server Administrator™ default page.

If you see this page it means:

1) hosting for this domain is not configured
or
2) there's no such domain registered in Plesk.

- Scott

Randall Bart

unread,
Aug 21, 2003, 11:31:12 PM8/21/03
to
'Twas 21 Aug 2003 17:09:11 GMT when all alt.privacy.spyware stood in awe
as Juergen Nieveler <juergen.nie...@arcor.de> uttered:

>Well, it's the story that the JAP team has been given, and they cannot
>ignore a court order.

If there's a court order that stops them from distributing their software
with back doors, they should stop distributing it. SO far they have not
sid they were ordered to distribute it.
--
RB |\ © Randall Bart
aa |/ ad...@RandallBart.spam.com Bart...@att.spam.net
nr |\ Please reply without spam I LOVE YOU 1-917-715-0831
dt ||\ http://RandallBart.com/ Ånåheim Ångels 2002 World Chåmps!
a |/ Multiple sclerosis: http://www.cbc.ca/webone/alison/
l |\ DOT-HS-808-065 The Church Of The Unauthorized Truth:
l |/ MS^7=6/28/107 http://yg.cotut.com mailto:s...@cotut.com

Richard Nienhuis

unread,
Aug 22, 2003, 6:00:24 AM8/22/03
to
I googled the IP and came up with this:
http://www.zone-h.com/en/defacements/view/id=365453/

Maybe someone hacked it and were using it to distribute stuff.
(warez, pr0n who knows)

spac...@fastlink.com (Scott) wrote in message news:<ae6867c2.03082...@posting.google.com>...

> Well, you can telnet to port 25 of that IP and reach a mail server there.
> But I just am grasping at straws and not a privacy expert so I don't know
> what JAP will route, other than ports 80 and 443.
> Try fishing around with port 443. I get either cgi-bin/ access forbidden,
> or

> This is the Plesk Server Administrator? default page.

adejood...@dizum.net

unread,
Aug 22, 2003, 1:50:10 PM8/22/03
to
[..]
: Within the context of concrete preliminary criminal proceedings by the
: German Federal Office of Criminal Investigation (BKA) ? not against
: the ICPP, as wrongly reported ?, the ICPP received a judicial

: instruction by the Local Court (Amtsgericht) Frankfurt / Main,
: Germany, by which the collaborators of the research project AN.ON were
: bound to record all access to a particular IP address (which was
: probably connected with the release of criminal contents) and to
: provide information on the stored data.


Well at least JAP has come clean. In Holland a blackmailer has
been arrested who used http://www.surfola.com/ to surf anonymous.

Unfortunately for him, Surfola gave out his address to the FBI
*without a court order* so their claim "SURFOLA.com will not give out
your name, residence address, or e-mail address to any third parties
without your permission, for any reason, at any time, ever." is
false.

A nice feature of the blackmailer was that he used stego to get a
copy of the magnetic-strip (on a bankcard) so he could withdraw money
from ATM's worldwide. He made one mistake, he requested the picture
be posted on a carsale site, he was than tracked (to surfola) by
getting the logfile and see who downloaded the picture. Surfola
gave the address so he could be put under surveillance.

Guess he never heard off usenet, remailers and mail2news gateways.

for those able to read dutch:
http://www.netkwesties.nl/editie67/artikel1.php
http://www.surfola.com/
http://www.politie.nl/utrecht/nieuws/landelijk_030821_regionaal_persbericht.asp

Cheers,
--------------------------------------------------------------------
Alex de Joode mailto:adejoode(at)dizum.net
Dizum Networking BV (i/o) http://www.dizum.net

Shell access ...... because in the end, it's just you and your shell.

ptsc

unread,
Aug 22, 2003, 7:14:48 PM8/22/03
to
On 22 Aug 2003 17:50:10 GMT, adejood...@dizum.net wrote:

>[..]
>: Within the context of concrete preliminary criminal proceedings by the
>: German Federal Office of Criminal Investigation (BKA) ? not against
>: the ICPP, as wrongly reported ?, the ICPP received a judicial
>: instruction by the Local Court (Amtsgericht) Frankfurt / Main,
>: Germany, by which the collaborators of the research project AN.ON were
>: bound to record all access to a particular IP address (which was
>: probably connected with the release of criminal contents) and to
>: provide information on the stored data.

>Well at least JAP has come clean. In Holland a blackmailer has
>been arrested who used http://www.surfola.com/ to surf anonymous.

"Coming clean" is rather less impressive after you get caught red-handed.
--
Home of the Buttersquash Conspiracy http://buttersquash.net

Anonymous via the Cypherpunks Tonga Remailer

unread,
Aug 23, 2003, 9:57:31 AM8/23/03
to
On Thu, 21 Aug 2003 21:15:57 GMT, Anonymous <Use-Author-Supplied-Address@[127.1]> wrote:

>On 21 Aug 2003, Juergen Nieveler <juergen.nie...@arcor.de> wrote:
>>ha...@xxx.ooo (hans) wrote:
>
>>> Yeah sure, a likely story. It's the standard excuse given by
>>> sycophants for all oppressive regimes -- we've got to place everyone
>>> under surveillance
>>> so we can catch kiddie porners, terrorists etc. Of course what
>>> you really want to do is identify everyone who doesn't love Big
>>> Brother.
>
>>Well, it's the story that the JAP team has been given, and they cannot
>>ignore a court order.
>
>I can't imagine a court order that explicitly states that they must create a spyware version
>of software, then trick people into downloading it under false pretenses. Additionally, the
>fact that they admitted it upon being asked seems to indicate they were NOT under any
>compulsion not to explain themselves. They only admitted it when they were flat-out
>caught.
>

That's not necessarily so. I don't know German law, but e.g. the UK RIP act would compel them to do exactly as they have done. Again e.g. under the UK RIP act, it is illegal to disclose that you have been compelled to install logging, had a warrant served on you, had your encryption keys seized etc.

I think perhaps all they could do to tip people off that the system was now bugged, was "dumbly" publish the source code as usual in the hope that somebody spotted it.

That said and done, they could have taken a small risk and simply leaked things here anonymously.


All that notwithstanding, the JAP project is now effectively over. It has been fatally compromised. Sadly it has fallen all too easily when challenged. Perhaps the only bit of good to be taken from this, is the proof that any system that can be compromised by a legal attack at a single point offers no real protection.

Jay T. Blocksom

unread,
Aug 23, 2003, 3:01:55 PM8/23/03
to
On 21 Aug 2003 08:01:39 -0700, in <alt.privacy.spyware>,
j...@inf.tu-dresden.de (JAP Team) wrote:
>
[snip]

> The AN.ON service allows users to surf the web anonymously by use of a
> system in which the communication is lead via anonymising intermediate
> computers, so-called mixes.

[snip]

ITYM "via raping open proxys", hence criminal activity in and of itself
(regardless of the fact that such insecure/misconfigured hosts are
themselves a serious security threat to every internet user, not to mention
a HUGE source of spam, and thus get blocked and/or shut down nearly as fast
as they can be found). This conclusion is based on the inescapable fact
that if all of the "intermediate computers" are under *your* control, the
"service" is by definition insufficiently anonymous to be non-trivially
useful.

> Within the context of concrete preliminary criminal proceedings

[snip] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Is that an oxymoron, or what?

The remainder of your doublespeak gobbledygook is equally devoid of
substance. Hence...

*plonk*

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Thomas J. Westgard

unread,
Aug 25, 2003, 8:36:24 AM8/25/03
to
I just sent the following message the JAP Team:

So, if you really want to make up for the controversial manner in
which you handled this court order, there is a way to do it.

Switch from a centrally-controlled system to a decentralized one.

The models are Napster and LimeWire. Napster was subject to
court-ordered control because one entity held the central files.
LimeWire is not, because the users can freely pick any other users to
exchange files with. So create a browsing system that causes pools of
users to gather and mix up their browsing data.

I understand there's more money in creating software that you maintain
an ongoing control over, so if you have investors they may be
hesitant. But I think the credibility you would need to make that fly
in the long term is pretty much shot at this point. If you create an
open-source, decentralized model, you probably get less money, but
effectively helps people keep their browsing private.

Best of luck.
Tom


--
Thomas J. Westgard
Attorney at Law
1325 West Farwell, Suite Two
Chicago, Illinois 60626
(773) 761-5073
t...@ilmechliens.com
http://www.ilmechliens.com
--

Naibed

unread,
Aug 25, 2003, 11:11:51 AM8/25/03
to
"Comrade" <avera...@mysolution.ws> wrote in message news:<pan.2003.07.28....@mysolution.ws>...
[...]

> see my ROAD TO THE UNITED FRONT http://www.mysolution.ws

..just change http:///www.mysolution.ws/images/dragon.gif
in http://www.mysolution.ws/images/dragon.gif

;-)


N
--
rien n'est plus beau ...(refrain connu)

CustServ

unread,
Aug 25, 2003, 3:39:56 PM8/25/03
to
In article <Xns93E2CF0DDA50...@nieveler-43544.user.cis.dfn.de>
Juergen Nieveler <juergen.nie...@arcor.de> wrote:

>
> t...@ilmechliens.com (Thomas J. Westgard) wrote:
>
> > So, if you really want to make up for the controversial manner in
> > which you handled this court order, there is a way to do it.
> >
> > Switch from a centrally-controlled system to a decentralized one.
>
> I'm afraid that this won't be easy for JAP... just think of the
> bandwidth requirements.
>


Hmm.

CustServ

unread,
Aug 25, 2003, 4:53:35 PM8/25/03
to
In article <Xns93E2CF0DDA50...@nieveler-43544.user.cis.dfn.de>
Juergen Nieveler <juergen.nie...@arcor.de> wrote:
>
> t...@ilmechliens.com (Thomas J. Westgard) wrote:
>
> > So, if you really want to make up for the controversial manner in
> > which you handled this court order, there is a way to do it.
> >
> > Switch from a centrally-controlled system to a decentralized one.
>
Reply all
Reply to author
Forward
0 new messages