Re: IDEA: "Site Cloaking" Technology

Mark Grant (
Wed, 12 Mar 1997 22:49:17 +0000

On Tue, 11 Mar 1997, Chris Hind wrote:

> A few months ago, I came up with this idea for a new technique I like to
> call "Site Cloaking". It's possible to create a Perl CGI script that would
> grab a file or webpage from another site & display it for the user without
> telling the user the original location like a proxy.

Yes, I was thinking of something like this a few days ago; essentially it
would become an anonymous remailer for Web pages. The system I was
thinking of was something like:

Browser sends URL to proxy; this is encrypted with the public
key of the proxy.
Proxy decrypts URL and fetches the appropriate page. This page is
also encrypted with the public key of the proxy, which decrypts
it and passes it back to the browser.

This serves two functions; firstly, even if someone finds your web page at
the real host it will be encrypted so that only the proxy can read it.
This means that if the Feds ask you to decrypt the page *you can't*. You
would need the private keys of all the proxies in the chain to decrypt it
(of course, you'd need to keep a plaintext copy in case one of the proxies
goes down or changes the key).

Secondly, a proxy which works in this way can be chained just like a
remailer. The encrypted URL can contain another encrypted URL to be sent
to the next proxy in the chain. Using five or six proxies should
complicate traffic analysis enough to keep your page hidden if the traffic
levels are high enough.

Most likely you'd want the equivalent of a Web 'nymserver', such that you
could create a URL like 'http://www.nymserver/cool-illegal-page.html' and
the nymserver would read the full encrypted URL from a database. This
would also allow you to mirror pages easily, and could be used as a
justification for the site. You could sell it as a server allowing people
to move their pages around but keep a fixed URL, and the 'remailed' URLs
would just be a special case.


|Mark Grant M.A., U.L.C. EMAIL: |