Web Monitoring: Anonymizers vs. Anti-Anonymizers

In the struggle to provide a sure way to surf the Internet anonymously, will anyone ever win?

In the mid-1990s a device appeared called the anonymizer. As the name suggests, this service allowed you to request files without disclosing your IP address. You would send the request to the anonymizer with the desired To: address tucked away on another field; it would strip out your address from the Reply field, replace it with its own, swap in the address of the destination server and send the request on. When the requested file was received, it would reverse the actions and (in theory) erase all evidence of the transaction, keeping your IP address a secret forever. Arbitrarily high degrees of security could be achieved by daisy-chaining two or more anonymizers.

When anonymizers appeared they were embraced as a pure good--a tool that defended against identity theft scams and allowed citizens suffering under oppressive regimes to use the Internet without fear, advancing human rights and the cause of progress. Among other considerations, in a world where data-retention policies were spreading and prosecutors in jurisdictions around the world seemed increasingly likely to file charges against foreign citizens for violating local ordinances, anonymization seemed only prudent. In time, distribution broke along the usual lines: open-source solutions, led by a program called TOR backed by the Electronic Freedom Foundation, and a proprietary segment of the industry, dominated by Anonymizer.com (which, given its name, prefers the term "non-attribution solutions").

After a few years, however, a new side to the technology emerged, one that wasn't quite so pure. "Non-attribution solutions" started to be used to spread worms and spam. People on blacklists for any reason--both good and bad--discovered that they could use the tools to evade detection. And employees found that anonymizers allowed them to surf the Internet freely at work, without their activities being detected or blocked by monitoring and control procedures. Some of these tools do, after all, make sense. According to sextracker.com, most porn traffic occurs during work hours. (To learn more about web monitoring, see CSO's in-depth story "How to Track Employee Data Access (Without Going Overboard).")

All these more problematic usages have triggered a counter-industry and created something of an arms race between the anonymizers and the anti-anonymizers. One of the first anti-anonymizer ideas was to maintain a blacklist of the proxy sites and block requests from those sites. That worked for a while, but then the "non-attribution" sites just started changing their IP addresses, and their numbers grew out of control. (There might be hundreds of thousands of websites offering anonymity services, often as a come-on to get viewers to look at ads.)

More recently, anti-anonymizers might try to restrict access to sites that subscribe to certain certificate authorities, or to allow connections only with a specific list of approved sites. Finally, they might try to identify proxy sites by their behaviors, as opposed to their URLs. These "anonymization management" tools are used, for instance, by companies who want to prevent their employees from using anonymizers. The Israeli security services company Aladdin is a representative vendor in this category, as is 8e6 Technologies, based in Orange, Calif. In their eyes, anyway, the whole good guy/bad guy layout has been reversed 180 degrees since those days when anonymizers were pure good.

So which tools ultimately will be more powerful--the anonymizers or the anti-anonymizers? It might not matter. The bottom line is that it is impossible to have a set of tools permitting anonymity without at the same time having a set preventing it. The Internet is like that.

Fred Hapgood is a freelance writer. Send feedback to CSOletters@cxo.com.


Copyright © 2008 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.