spacer back contents
ERCIM News No.49, April 2002


An.on - Privacy Protection on the Internet

by Hannes Federrath

An.on is a joint project from Dresden University of Technology and the Privacy Commissioner of Schleswig-Holstein/Germany. Its aim is to enable every user to protect his privacy on the Internet.

Using Internet services nowadays means leaving digital traces. More and more companies try to use these traces to create individual profiles of Internet users. Moreover especially people searching for help or advice in the Internet do not want others to get knowledge of their problems or diseases. Just imagine drug-related advisory services or medical information services. Even in the field of e-commerce anonymity plays a big role because no one is happy receiving spam email as a result of his Internet activities.

The An.on project wants to help everyone to protect his e-privacy. The open-source software developed within the project tries to reach this goal. The client software JAP provides anonymous and unobservable communication in the Internet. Upon this basis any privacy- related Internet service could be built. JAP runs on the JAVA platform and is easy to install and use to enable greenhorns among Intenet users to protect their privacy. Two scenarios using JAP are thinkable:

  • JAP helps to protect the personal privacy of a single user. JAP can be installed on the user&Mac226;s computer to protect his Internet actvities.
  • JAP helps to protect the privacy of an organization. JAP can also be installed on a dedicated machine, for example on a proxy or firewall. There JAP serves as a privacy gateway for the entire company, and there is no need to install software on the user’s workstation. This might be very useful for companies in order to hide their transactions and/or research activities on the Internet against observation by competitors or against other spying activities. (Note that a single user within the organization is traceable by the organization.)

JAP acts as a local proxy between the browser and the insecure Internet. All requests for Web pages go directly to JAP, and are multiply encrypted there. Instead of directly fetching the requested pages, the request is forwarded through a chain of multiple intermediate servers (named Mixes by the inventor of the theoretical background, David Chaum) offered or initiated by the An.on project. The encrypted requests travel through this chain of Mixes to the final destination on the Internet. The web server’s responses are returned along the same route. Figure 1 illustrates the architecture of the system. The multiple layers of encryption protect all messages. A Mix samples messages in a batch, changes their coding (removes one layer of encryption) and forwards them all at the same time, but in a different order. All messages have the same length.

Figure 1: Architecture of the system.

The final system developed within An.on will withstand so-called traffic analysis: Even an adversary observing all communication links cannot decide which incoming and outgoing packet belongs to each other. A surfer remains anonymous within the group of all users of the service. The system protects a user's Internet behaviour against tracing as long as at least one Mix in the chain works correctly. The Mixes are run by different organizations who were willing to participate in the An.on project. The chaining also prevents these Mixes from observing. Thus the system provides anonymity even against the anonymity service itself. The client program (JAP) runs on the Java platform. JAP works on all major platforms, for instance Windows, Macintosh, Linux, Solaris, etc. The Mix-servers are written in C++ and work on many different platforms including Windows NT, Linux, Solaris, Irix and other Unix-like operating systems. JAP and Mixes are Open-Source software. Everybody may inspect it and convince himself that the software provides the expected functionality and contains no hidden trapdoors. Figure 2 shows the user interface.

Figure 2: JAP user interface.

Future research in the An.on project concentrates on integrating a payment function in JAP and research on services (eg pseudonymous email) that might be built upon the infrastructure An.on already provides. We are always looking for partners - ISPs, IT security companies, networking companies, privacy commissioners - who are willing to operate a Mix and would like to support the idea of providing a world wide anonymity service. We are open to partners who want to discuss commercialization of our service.

An.on is a joint project from Dresden University of Technology and the Privacy Commissioner of Schleswig-Holstein, Germany. From 2001 to 2003 the project is sponsored by the German Federal Ministry of Economics and Technology.

An.on project:

Please contact:
Hannes Federrath, Dresden University of Technology, Germany
Tel: +49 351 463 38247