Looking at Steganos Internet Anonym
I have had a look at Steganos Internet Anonym. Some remarks:
- You have to trust Steganos itself; if Steganos is corrupt, you are better off without it. But small fry need not fear - if they out too many customers, their cover will blow.
- It is terribly slow. Which again means that Steganos use is an indication that you really have something to hide.
I tried to use an echo script
to see what happens to e.g.
REFERER. But the response was so slow, I did not hang around to see the response. Update: After a
602LAN SUITE è limitato!error, I finally found that cookies, referers,user agents etc. are still present in the HTTP header.
- Steganos is incompatible with my HTTPLook sniffer. So I suspect that a http request travels unencrypted from my browser til the Steganos server. If so, that leaves me vulnerable to net based sniffing in the local ethernet or wifi. Which is where spouses and bosses usually lurk. As spouse & boss will probably not tolerate the presence of Steganos, there might be a market for a version running uninstalled off a USB memory stick? (Anyone with a net based sniffer care to comment?)
- I suspect that Firefox RSS bookmark requests somehow slip around Steganos, I'll have to look into that.
- The Steganos servers will attract intelligence services like honey. They don't even need to infiltrate them, they can just watch the request traffic entering the server. Or - if requests are SSL-encrypted, they can still learn a lot by comparing the traffic in with the traffic out.
- If I ran an intelligence service or were fighting child porn or just terminally curious, I'd offer a service like this to collect information. And I'd make sure it was slow, to improve on my signal-to-noise ratio. (I once had a summer job that included listening in on phone lines for diagnostic purposes. Believe me: random eavesdropping is not very entertraining.)
- Steganos is running a HTTP server on the client. I fail to see the wisdom of that. Not that I suspect malice - they can spy on their customers at their servers, and need not install spyware. But running a server is always risky - one risk is that people may scan it and see that you run Steganos.
To conclude: Probably OK to stay anonymous at the server side. But maybe less effective when hiding from The Spouse or The Government. Could be useful for congressmen's aides who engage in Wikipedia edit wars? No, Wikipedia would block the IPs.