It’s a fine line between protecting privacy and potentially helping criminals. Wherever this line is, it is sure to be subject to criticism. Where does Anonymizer draw this line?

Answering these questions will go a long way towards explaining what services Anonymizer provides and what services should not be expected. Not fully answering is an answer by itself. Many feel the answers have not been provided. We also understand that you may be under court order not to provide answers to some of these questions and you may not be able to reply.

Whatever the answers are, they should not be criticized. Your company is providing a very valuable service. Where to draw the line when it comes to anonymity is up to you. There is no right or wrong here. However, it is critically important to know where the line is.

With deep respect for what you have been doing and the great help you have provided to those living under repressive regimes,
Anonymous3

Do you keep logs of or regularly track from what IP address a user connects to your service?

Your reputation and that of Anonymizer is solid. I think I can trust you, but I’m paranoid. Tell me how you ensure someone else at Anonymizer, working undercover for the NSA or Chinese government for example, hasn’t installed a logger without your knowledge. And let’s say Anonymizer is bought out or you leave. The most trustworthy asset of Anonymizer is Lance Cottrell, not the technology. If you’re not in the picture or your control is compromised, will you broadcast that to your users immediately?

Thanks. Stay honest.

–Jeff

The failure of HideMyAss.com clearly shows the problem with keeping logs (in their case in the UK). You are correct that Anonymizer can be compelled to produce any logs that it possesses. We are not obliged to keep any logs which would show which of our subscribers visited what sites, when, or what they did there.

If Anonymizer had been forced to hand over logs which penetrated a user’s privacy it would not stay secret. Again look at the example of HideMyAss.com. We have received a great many subpoenas and other kinds of court orders over the years. This is not a theoretical or academic point. Our policy has withstood this for many years. If we could be forced to expose our users, there would be lots of people shouting about it. We do know who our users are, but being an Anonymizer subscriber is not a crime, nor is it evidence of any kind of illegal or malicious activity. In particular it can not be tided to any specific incident or event.

Try as the might, the code is not going to provide the privacy, people are. You need to trust those people. Yes, there is risk in that. Think very long and hard about who and where you choose to trust.

But since it’s open source software, meaning that the software code and the Tor network’s architecture is available for review and critique, it is in a separate category than services like Anonymizer.

External parties are not in a position to do a full audit of Anonymizer. The software and network architecture are not open to all eyes.

Again, I’m not interesting in attacking Anonymizer or Lance. For certain users with certain adversaries, it’s an appropriate solution. If you are dealing with an adversary such as the North Korean government, Anonymizer might be an adequate solution.

But if Anonymizer is subject to any particular jurisdiction, such as the US, then all bets are off.

As mentioned, with the USA PATRIOT ACT, the US government can grab logs, billing information, etc., while Anonymizer would face a gag-order to not make a peep about it. Not even to their users. There is no such option with Tor. The array of Tor node operators can be good or bad, but they can’t be put in the same pot or subject to the same governments, regulations, and so on.

Open systems have their weaknesses. Tor itself is continually under attack day-to-day, not to mention at technical conferences. But that is also the beauty of open source systems. There can be that critique, thus driving more review and enhancements. Everyone gets to hear about the warts and blemishes without makeup. External parties are not able to do that with Anonymizer and other private proxy-type services.

Quick note to Jeff: determine *who* your adversary is to assess your solution. It’s hard to say X or Y is the best fit for you without knowing if you’re a political dissident in China or a Wikileak-submitter at the Bank of America, or a teenager browsing pr0n to avoid your parents Nevertheless, stick to the solution you are most comfortable with so that you can continually critique it and improve with experience. There are no snake oils in anonymity, unfortunately.

We keep no logs of what IP addresses are assigned to our users. All of the users are randomly assigned to one of a small number of addresses that are active on any given day. There are a great many users attached to each IP address at any given moment. We have no idea what traffic comes from which users, and do not do any monitoring of that traffic.

Our standard consumer services are targeted at typical users. People with very high threat models need to take additional precautions including running their operating system from a completely clean operating system every time.
Turning off all active content can be effective, but it will prevent access to a lot of content, and absolutely flags you as someone very unusual (and potentially interesting).

When thinking about the best tools to use, you need to think carefully about exactly who you are trying to protect against, and what capabilities they can realistically use against you.

Any more detailed advice is likely to be too sensitive to conduct in the comment thread. Please email me at blog@anonymizerinc.com if you want more help.

I need help to better understand your service. I presently use TOR via a thumb drive at the library in an attempt to keep a project as secret as I am able. I am not a computer person and do not understand how a TOR node operator could advantage or expose me. With regards to your service, I would like you to clarify if you keep any records that matches my IP to the new IP you assign? If you keep these records, how long before you destroy them? It seems to me that Hidemyass was keeping records of which users were assigned to which IP. This information could then be used to identify which person visited which website or sent which email. I am willing to use your service if you can keep me 100% anonymous. I am sorry to ask for clarification, but it would be great if your website had a “plain English” version of what you offer. Also, the TOR project says that they use the special Firefox browsers that does not contain Java because that can leave a trace as to my real identity. When using your service do I need to use a different browser? Please address and pardon my lack of technical knowledge.