Feeds

Net anonymity service un-backdoored

Higher court hits pause button

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

The Java Anonymous Proxy (JAP) service, a collaborative effort of Dresden University of Technology, Free University Berlin and the Independent Centre for Privacy Protection Schleswig-Holstein, Germany (ICPP), has been allowed to suspend its monitoring of users' IP traffic pending a decision on the legality of back-dooring it.

Collectively known as the AN.ON Project, the operators appealed a lower court's decision allowing the German Feds to obtain reports on users' access to a particular IP address (no doubt having to do with KP or bomb-making, etc).

The appeals court has allowed the operators to discontinue logging until their appeal has been answered. When a decision has been reached, the JAP team says they will document the whole affair, but cannot do so until the court issues its ruling.

A single record of access to the forbidden IP address has been logged but not yet disclosed to the Feds pending the higher court's decision, the JAP team says.

In a previous article The Register criticised the way the JAP team handled its initial confrontation with the Feds, ie., by waiting quietly until a user discovered the back door before acknowledging the situation.

We believe there were better ways of dealing with the court order, either by posting a prominent warning that the service might be subject to monitoring by the authorities, by leaking the information to the press outside Germany, or by disabling the affected proxies temporarily in protest.

We hope that if the JAP team should lose its appeal and be ordered to resume monitoring, particularly under a gag order, it will find a way of giving the public a proper heads up. Their previous performance hardly inspires confidence, but there is always opportunity for redemption. ®

Related Story

Net anonymity service back-doored

Related Links

Discussion at BugTraq
Discussion at Full-Disclosure

3 Big data security analytics techniques

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.