There is a silent conflict going on where users of the Internet that want to reach certain types of content are faced with other online entities that are interested in knowing what content is being accessed and using that information for tracking or blocking/filtering. On May 1, 2011 I decided to re-launch The MagusNet Anonymous Public Proxy to continue providing anonymity and deliver a way around Internet filtering for free.
From September 1997 to September 12, 2001 I operated The MagusNet Anonymous Public Proxy for web browsing while at the same time running an Anonymous Remailer ( Mixmaster ) for anonymizing email. The personal satisfaction I got from running both services came in the form of email from various countries where users were thankful that I was able to help them get around Internet filtering at no cost. Professionally, I was able to use my demonstrated knowledge of deploying an open proxy that was popular, secure, and easily usable the entire time it was in service.
My family was not pleased with phone calls and “unofficial” visits from the agencies like the FBI and the RCMP, along with the use of barratry to try to limit, monitor, harass, and shutdown a perfectly legal service. It amazes me to see the disconnect when the U.S. State Department can have a fund set aside to support the creation of services like I provide, while the U.S. Congress works at legislation to try to make operation of the same types of services a criminally punishable offense.
At the time I was using a known set of IP address ranges and ports and many filtering services went to great lengths to make my service and web pages unreachable. In fact, after 10 years of being offline, there are still vendors selling Internet filtering software that have my original URL listed. In order to bring back the MagusNet Anonymous Public Proxy I needed to decide on how to protect my users while giving myself greater flexibility in preventing the service from being filtered into obscurity.
The challenges to overcome were many and here are just a few:
* IP Address flexibility to defeat filtering
* Domain name decoupled from service
* End User Data security ( No Logging, No Data Capture )
* My Security ( Secure System, Location Independent )
* Manage Costs for Delivering a Free Service
I have found a way to deal with all of the issues mentioned, and a few others I discovered along the way, in order to re-launch what I consider a much needed service for Internet users.
By moving certain portions of the service into a “cloud” server, I no longer have to be concerned with the filtering of IP addresses since the Internet facing server is using a dynamically assigned IP address than I can change as needed to defeat most filtering.
Behind that server is a set of servers that run diskless as virtual machines to ensure that no data is stored on any physical media and as a side effect I get a benefit of efficiency by running everything in memory. I did this not only as a way to resolve data retention and data security workarounds, but also in case a server is ever compromised or has any non-security related issues, I can reboot from read-only media and be up quickly while analyzing the problem. My current configuration allows me to perform an hourly reload for each node and boot from read-only media with the capability of handling ~10,000 users per server, load balanced as needed.
The last hurdle was to make sure that my “core” servers were not visible for inbound and outbound traffic. By having OpenVPN used to encrypt and manage inbound traffic and requiring the use of The Onion Router ( Tor ) for traffic exiting into the Internet, I found I could not only deploy the “core” servers anywhere, I can replicate from a single read-only image to expand the number of nodes for improving loading and availability. Once I figure out how to transparently merge in and load balance multiple Tor exit nodes, going global will be complete.
I realize there are many global users of the Internet that do not have a need for this kind of service but for those individuals that are Human Rights Workers, live in a location that filters Internet content, or just everyday people that aren’t interested in having the most mundane of personal information looked at for any reason, I’ll be here and I’ll keep doing what I can to help out.
If you are a fellow citizen of the United States of America,
and feel this service is not needed since you have nothing to hide,
start sending all of your letters on post cards ( no envelopes! ) ,and
here is some reading material:
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565
-- Jean Francois - MagusNet, LLC
Owner and Operator of The MagusNet Anonymous Public Proxy ( Torduckin )*
http://www.magusnet.com/proxy.html
* The name comes from how this is set up:
It uses an OpenVPN Tunnel stuffed into an SSH Tunnel stuffed into Tor.
Thursday, May 5, 2011
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment