Secure Web Surfing

Michael — Sun, 28 Feb 2010 20:03:20 +0000

Is CMU’s Perspectives project the best way to secure web browsing? This chap seems to think so, and I broadly agree. However, there is a potential privacy leak when using Perspectives that is enough to stop me using it all the time. Then I realised that with a trivial change, I could have the best of both worlds – using Perspectives whilst preserving my privacy.

I like the Perspectives project: the Firefox plugin gives me confidence that I am not about to be the victim of a MITM attack, and it also gives me enough confidence in the longevity of a certificate that I can usefully accept self-signed certificates for many sites.

One minor concern that I have is that my browsing habits could be determined by those that run the notary services. The Notary Server Privacy Policy states:

All notary servers adhere to a strict policy of never recording client IP addresses, period. The Perspectives project and its software will only contact Notary servers that follow this privacy policy. Your privacy is important to us.

I trust these people (although I’ve never met them!), but I’d prefer not to need to trust them. For all I know, the traffic to/from CMU might already be monitored by some 3rd party unbeknownst to them.

I like the Tor project for several reasons, but I find it too slow for normal use. However, if I could use Tor for my notary requests…

FoxyProxy is a useful Firefox plugin. Once installed with Tor support, I can add the following URL pattern to my Tor proxy rule:

*.ron.lcs.mit.edu:8080/*

And all the notary lookups will be performed over Tor!

If you plan to do this yourself, I’d recommend confirming correct operation with Wireshark. Periodic checking with Wireshark also strikes me as wise, in case the notary addresses change and you need to update the rule.

Michael's Blog » Uncategorized

Secure Web Surfing