This project's funding goal was not reached on July 29, 2013.
This project's funding goal was not reached on July 29, 2013.
Don’t you find it really irritating that every time you open a web page you also get a whole load of advertising pop-ups that you spend ages trying to close?
And when you log in to your bank accounts do you wonder if someone's watching you?
And did you know that when you visit a website, a vast network of other websites and companies know about it within seconds?
And what about the recent PRISM scandal - is it safe to let organisations collect and store your personal data without your consent?
Our project is called iAnonym. Its aim is to address the above by empowering all Web users to make their own choices about tracking, advertising, censorship and Web security because you don’t need to be up to no good on the internet to need to protect your privacy and personal data.
iAnonym is a free tool that can be used with any modern browser on any device (smartphone, PC, tablet). It runs inside your browser so you don’t need to install any new software. It uses a network that makes you anonymous by hiding your identity (IP address) and the real addresses of the sites you visit when you surf the Web. For example, if you use internet banking, the address www.my_bank.com becomes www.abcdefg.com. Once you're set up, you can pretty much do what you want:
iAnonym can be used in conjunction with our Interception Detector solution. It’s a separate tool designed to check whether your personal information is being intercepted without your knowledge when you surf the Web. It’s a complex tool but it’s really easy to use – you just need to get your own secret code from us. It’s currently the only solution of its kind on the market.
We're offering Interception Detector codes as rewards for backing iAnonym. We think it’s a great way of raising awareness about internet security issues.
For more details on the interception detector, go to the end of this article. You can also see the demo video here:
or here (better full-screen quality): http://www.ianonym.com/intercept.html#video
The short answer is yes. We are all painfully aware of what it's like to fall victim to unwanted ads and intrusive content. However, most of us don’t suspect that supposedly “trusted” entities can also be colluding to track us.
Let’s look at some examples of how our every Web move is under scrutiny and then if you still don’t believe privacy is an issue, please read the complete project description on http://www.ianonym.com
Example 1) Websites share your information without your knowledge. You visit one site. That site tells another and another and within seconds your movements are broadcast as shown below.
You probably already knew tracking went on but did you suspect that it could go this far?
Example 2) In addition to web site tracking, browsers take it upon themselves to send out information without your consent. Even if you monitor your connection you have no way of knowing what is being sent over the https links.
Example 3) Some browsers are actually tracking you themselves and not telling you about it.
Example 4) You have a unique internet fingerprint that can easily be used to track you.
Your internet fingerprint is likely to be unique at any one time but it can change from one unique fingerprint to another so cannot be used to reveal your identity. However, it is a distinguishing factor that can be used to track you and eventually help to identify you if, for example, you happen to log on to one of your accounts.
Example 5) Some web sites change HTTPS certificates without telling you.
Why do they do this? Probably to protect themselves, not you (see below).
Example 6) Browsers decide who they trust and major companies can issue HTTPS (SSL/TLS) certificates themselves.
This can make https interception very easy and is directly linked to example 5).
And that's just a taste of some of the invisible things going on behind your back.
"Do Not Track" (DNT) is the only protection solution currently under development but we are ready to bet that DNT will unfortunately never make it because it only works if websites actually comply with it.
Web specifications are written by major internet companies and it's extremely unlikely that this trend will change. It's more likely that current and new Web specifications will continue to include more and more intrusive capabilities.
There are some organisations like Mozilla with Firefox (by the way, that should be your default browser if you care about privacy) that are currently trying to address the problem by removing third party cookies. However, it's turning out to be more complicated than they anticipated and is still a weak response.
So that leaves iAnonym - the only viable option currently available. It's based on a certain number of assumptions and best practices that are designed to maximise your privacy and security. iAnonymn doesn't hack into the browser. It uses the browser normally but enhances the impact of the best practices by, for example, eliminating all third party cookies and reinforcing the principles of the Same Origin Policy - the basis for web security - for domains and cookies management.
To see the iAnonym demo video, click on the main photo above or, for a better quality full-screen version, the below link or photo: http://www.ianonym.com#video
You can use https at all times, even to access sites that don't normally support it. That means that you're intercepting yourself and, by getting there first, ensuring that no one else can intercept you.
No more iframes, active content, third party cookies, etc. iAnonym also adds a script to run a full check on the web pages you visit and prevent them from inserting dangerous content.
The protection level can vary depending on what you want to do. iAnonym defaults to the most secure level which involves accessing an anonymiser network independently from your browser and hiding your IP address.
All this is transparent for you. No add-ons, plugins, extensions, third party software... your browser does all the (hard) work.
Trying to protect your privacy can have the opposite effect and leave you even more vulnerable if you don't choose the right system. There are no existing systems you can trust except this one (unless, of course, you can't trust yourself).
You should. Basic trackers can now get to know everything about you. And even if you're not concerned for your own sake, you need to be thinking about:
If we don't act now, these security issues won't just affect our smartphones, PCs and other similar devices. They'll start having an impact on all the things we take for granted... our cars, houses, TVs, etc.
The below diagram describes the general principles (click to expand). However, it's probably best to read the whole story first and then come back to this later.
So far, the project has been submitted mainly to experts, labs, organizations and other people who are sensitive to, or currently working on, internet privacy-related issues. They have all shown a great deal of interest in the project.
The below diagram is about as simple as we could make it. It's a snapshot of what we're doing now and what we think the future holds. It shows how we leverage the very latest web techniques such as using browsers to route internet traffic.
The anonymised traffic is routed by the browser, which is the entry point to the anonymiser network. Thanks to the iAnonym router, which is the second entry point to the anonymiser network, neither the router nor the browser has a clue about what you're doing.
See the videos at the beginning of this article.
Above is the very first successful test with everything inside the browser. Funnily enough, "Liberty leading the people" was in the news that day. Let's hope it was a good omen.
(As mentioned in the videos, the final user interface won't actually look like that.)
As the CTO of jCore, my full profile and all our projects can be seen here: http://www.linkedin.com/pub/aymeric-vitte/26/55b/58
If you take a look, you'll see that we've developed a lot of web projects around the principles covered by our "Extract Widget" patent on real-time gadget/widget extraction from web pages.
Unfortunately, censorship by major companies forced us to put some of these projects on standby, much to the dismay and disappointment of jCore's core team and supporters:
We counterattacked by starting the node-Tor anonymiser network https://www.github.com/Ayms/node-Tor but as we became increasingly concerned about internet privacy we finally came up with iAnonym.
The node.js-based server-side routers for accessing the anonymiser networks are working well but still need optimising.
On the browser side, the proof of concept is working but we still need to do a lot of work to finish and optimise everything.
The funds will be used for both of the above.
If we reach our first funding target, we expect to ship the first version by the end of the year.
If we reach our stretch goal (which might shorten the schedule) we will work on:
iAnonym will be free of charge for users but we recommend that you use it in conjunction with the interception detector (see below), which requires you to purchase a secret code on a yearly basis. (That's just a recommendation, not an obligation.)
Browsers handle https and certificates in a way that's not transparent so you can't actually check what they're doing. The interception detector enables you to check whether your https connection is being intercepted.
For the brave-hearted, the technical details are available at the below links.
If you're really keen, we can provide an impressive list of research papers about privacy, anonymity and security themes used for this project.
The interception detector (http://www.ianonym.com/intercept.html) is an original and unique tool that can be standalone or work perfectly alongside iAnonym. It is a separate tool which, unlike iAnonym, is not free of charge for users. It checks whether information sent over your secure https connections is intercepted between your browser and iAnonym's routers. It works with a secret code that you must never disclose.
Like iAnonym, the Interception Detector is not just for a handful of dubious characters doing dubious things over the internet. Even in some democratic countries governments and official bodies are still persisting in trying to control the web. So if you want the peace of mind of knowing that your personal information is not being intercepted without your knowledge or you're just curious and want to have some fun, get your interception detector secret code.
If you've got your own website, you might want to get the interception detector installed directly on the site to ensure that your users' information is not intercepted up to your site.
If you want more evidence that browsers are really just doing whatever they like, try the interception detector with Google Chrome and a url such as my_secret.google.com. Then try to bypass the warning and see what happens.
This new approach implies big challenges for browsers which, in their new role, take on responsibility for a whole range of new tasks. We need to address some tough issues such as cryptography, the role of proxy for access to the anonymiser network, SSL/TLS over Websockets, etc.
But the proof of concept is working and it's happened faster than we could have imagined. We now need to put a lot of effort into optimising and improving the solution (e.g. SSL/TLS protocol inside the browsers, certificates verification).
We are confident about the above but one issue could remain around the user interface since browsers (although this is not specified anywhere) do not like what they consider to be "untrusted" SSL/TLS certificates generated by iAnonym. These are the certificates that are actually protecting you but the browsers display a warning when surfing from one fake domain to another.
We are currently investigating ways to overcome this.
And, who knows, if there is enough community interest around the project, together we might be able to influence browser behaviour.Learn about accountability on Kickstarter
Yes, iAnonym is for anybody who cares about their privacy
Yes, of course! iAnonym and the Interception Detector are perfectly legal. What's not legal is others spying on you.
OK but it's a unique tool and you get your own custom code! All Web users can benefit from it and we think it will be a real eye opener...
Tor or a Tor-like, see https://www.github.com/Ayms/node-Tor, the difference being that you access it the way you like and choose the routers.
- (40 days)