[Full-Disclosure] JAP service un-backdoored

From: Thomas C. Greene (thomas.greeneat_private)
Date: Thu Aug 28 2003 - 00:40:01 PDT

Next message: James Greenhalgh: "Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig"

Previous message: Vladimir Parkhaev: "Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://theregister.co.uk/content/6/32533.html

Net anonymity service un-backdoored
Higher court hits pause button

The Java Anonymous Proxy (JAP) service, a collaborative effort of Dresden 
University of Technology, Free University Berlin and the Independent Centre 
for Privacy Protection Schleswig-Holstein, Germany (ICPP), has been allowed 
to suspend its monitoring of users' IP traffic pending a decision on the 
legality of back-dooring it.

Collectively known as the AN.ON Project, the operators appealed a lower 
court's decision allowing the German Feds to obtain reports on users' access 
to a particular IP address (no doubt having to do with KP or bomb-making, 
etc).

The appeals court has allowed the operators to discontinue logging until their 
appeal has been answered. When a decision has been reached, the JAP team says 
they will document the whole affair, but cannot do so until the court issues 
its ruling.

A single record of access to the forbidden IP address has been logged but not 
yet disclosed to the Feds pending the higher court's decision, the JAP team 
says.

In a previous article The Register criticised the way the JAP team handled its 
initial confrontation with the Feds, ie., by waiting quietly until a user 
discovered the back door before acknowledging the situation.

We believe there were better ways of dealing with the court order, either by 
posting a prominent warning that the service might be subject to monitoring 
by the authorities, by leaking the information to the press outside Germany, 
or by disabling the affected proxies temporarily in protest.

We hope that if the JAP team should lose its appeal and be ordered to resume 
monitoring, particularly under a gag order, it will find a way of giving the 
public a proper heads up. Their previous performance hardly inspires 
confidence, but there is always opportunity for redemption. Ž


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: James Greenhalgh: "Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig"
Previous message: Vladimir Parkhaev: "Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 28 2003 - 09:29:32 PDT