Deanonymizing Users of the SafeWeb Anonymizing Service

OpenBU
→
College of Arts and Sciences
→
Computer Science
→
CAS: Computer Science: Technical Reports
→
View Item

dc.contributor.author	Martin, David	en_US
dc.contributor.author	Schulman, Andrew	en_US
dc.date.accessioned	2011-10-20T04:42:41Z
dc.date.available	2011-10-20T04:42:41Z
dc.date.issued	2002-01-11	en_US
dc.identifier.uri	http://hdl.handle.net/2144/1650
dc.description.abstract	The SafeWeb anonymizing system has been lauded by the press and loved by its users; self-described as "the most widely used online privacy service in the world," it served over 3,000,000 page views per day at its peak. SafeWeb was designed to defeat content blocking by firewalls and to defeat Web server attempts to identify users, all without degrading Web site behavior or requiring users to install specialized software. In this article we describe how these fundamentally incompatible requirements were realized in SafeWeb's architecture, resulting in spectacular failure modes under simple JavaScript attacks. These exploits allow adversaries to turn SafeWeb into a weapon against its users, inflicting more damage on them than would have been possible if they had never relied on SafeWeb technology. By bringing these problems to light, we hope to remind readers of the chasm that continues to separate popular and technical notions of security.	en_US
dc.description.sponsorship	Privacy Foundation; Boston University	en_US
dc.language.iso	en_US	en_US
dc.publisher	Boston University Computer Science Department	en_US
dc.relation.ispartofseries	BUCS Technical Reports;BUCS-TR-2002-003	en_US
dc.subject	Censorship	en_US
dc.subject	Privacy	en_US
dc.subject	Anonymity	en_US
dc.subject	Cookies	en_US
dc.subject	Internet	en_US
dc.subject	Web	en_US
dc.subject	Firewall	en_US
dc.subject	JavaScript	en_US
dc.subject	SafeWeb	en_US
dc.subject	PrivaSec	en_US
dc.title	Deanonymizing Users of the SafeWeb Anonymizing Service	en_US
dc.type	Technical Report	en_US