Bilateral anonymity and prevention of abusing logged Web addresses

A lot of effort has been taken to hide the content of a message from eavesdroppers. However, often not only the content, but also the address and identity of sender and/or receiver of the message are of interest for attackers. For that reason, several approaches were developed to guarantee anonymity in the case of email. A lot of services offer users to access Web pages unrecognised or without the risk of being backtracked, respectively. This kind of anonymity is called user or “client anonymity”. However, there are only a few offers that provide an equivalent protection for content providers, although this feature is desirable for many situations in which the identity of a publisher or content provider is to be hidden. This property is called server anonymity. The term “server anonymity” is explained in detail with the help of an existing system fulfilling some hundreds of thousand user requests per day. We also describe our experiences in providing such a system with respect to misuse. Furthermore there is another sensitive fact. While browsing Web pages, the used URLs are logged both by the Web client (Web browser) which is used and the Internet service provider (ISP), or any other instance or organisation that is involved in the communication. Hence the ISP can investigate the content a user is interested in afterwards simply by reusing the logged URLs. The same problem results from the behaviour of regular Web browsers to build an address history and local copies (browser cache) of the visited Web pages. We demonstrate a way of preventing the reuse of logged Web addresses by introducing the concept of temporarily valid Web addresses