An anonymizer is a system that helps users maintain their anonymity on the Internet, especially on the World Wide Web. They are intended to help maintain data protection and data security when surfing. In their function, they are similar to remailers, which are used to anonymize emails.
Simple Anonymizers
An anonymizer is used as a so-called proxy or a virtual private network (VPN) between the user and the target computer. Since the proxy/VPN is now communicating with the target computer instead of the user, the connection to the original user cannot be easily traced. To do this, however, it is necessary that the proxy is really anonymous and does not, like a regular proxy, communicate via header data that the request comes from a proxy and which client is requesting.
Usually, the data stream between the user and the anonymizer is encrypted to prevent eavesdropping on the connection between the user and the proxy. This assumes that as many users as possible use the same proxy at the same time, so that individual connections cannot be assigned to specific users.
---
Many well-known anonymizers rely on the SSL or SOCKS protocol and can therefore be used with a variety of applications.
Mix Cascades
For systems with only one proxy server, security depends on the trustworthiness of the proxy machine. If it is corrupted or intentionally works against the user, the whole system will be affected.
Modern anonymizers therefore rely on several proxies connected in series, so-called mix cascades. Here, the data is encrypted multiple times and routed through several computers, whereby one encryption is decrypted per computer. It is only at the end of the mix cascade that the data becomes readable. However, because the connection data of different users is reshuffled at each link in the cascade, a clear assignment is impossible. Only an attacker who controls all machines in a mix cascade can monitor traffic. Even if only a single mix remains intact, the entire system remains secure.
Anonymous P2P Networks or Mix Networks
But even with mix cascades, there is no guarantee that the different operators will not work together, even if they are in different jurisdictions. You can only be 100% sure that there is no logging if you operate the anonymization service (i.e. a mix node) yourself, and thus mix and anonymize the traffic of others and your own. In order to get traffic from others, they have to know your own node and have their data stream routed through it. Mix networks such as the P2P anonymization network I2P are based on this philosophy: Each participant in the network routes third-party data traffic and mixes it with its own, which in turn is forwarded by other participants in the network (via so-called “tunnels”). However, since the data does not leave the I2P network by default, it is end-to-end encrypted and is only forwarded by the participants (nodes), the forwarding nodes are not associated with the users’ activities.
