Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

Safeweb is a Fed Front

By Crusader in Internet
Tue Oct 16, 2001 at 07:28:46 AM EST
Tags: Freedom (all tags)

An enterprising Cryptome reader has discovered that the vaunted web privacy provider (already known to have CIA funding) Safeweb utilizes a Department of Defense server(s?) (anongo.com) as a proxy for user requests.

The whois record for anongo.com shows that it's owned by Safeweb's CEO, Jon Chun (who made a big deal out of the fact that he's Chinese-American, and hopes that his service would be used by Chinese nationals with censored web service in the PRC). The netblock for anongo.com belongs to the Network Information Center of the Department of Defense (215.*.*.*); a simple traceroute to anongo.com and nic.mil confirms that packets travel through the same routerspace to get to both destinations.

So what is Safeweb? A honey trap for people believing their web surfing can be carried out without prying eyes ("if you have nothing to hide, you shouldn't be worrying about us watching you")? A mini-Carnivore for users considered to be worth watching by the Federal government?


Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure


Related Links
o Cryptome
o discovered
o funding
o Safeweb
o Also by Crusader

Display: Sort:
Safeweb is a Fed Front | 29 comments (29 topical, editorial, 0 hidden)
Hilarious! (3.66 / 3) (#1)
by thejones on Tue Oct 16, 2001 at 01:18:34 AM EST

It just makes me wonder, did the government approach Mr. Chun to be a front, or did he offer, knowing that the money stream wouldn't dry up? I'm betting on the latter.

At least the conspiracy trolls will be well fed for a while.

Dry up? (3.50 / 2) (#3)
by J'raxis on Tue Oct 16, 2001 at 02:55:32 AM EST

Probably’ll dry up now...

— The Obvious Raxis

[ J’raxis·Com | Liberty in your lifetime ]
[ Parent ]

What else is new? (4.00 / 1) (#2)
by lucidvein on Tue Oct 16, 2001 at 02:43:30 AM EST

I've always wanted to use safeweb without feeling that I was routing my browser thru fed proxies, now the fantasy is gone. It is a nice service though, and at least blocks people on your LAN from seeing where you go. Triangle-boy sounds like a cool service too, although not to difficult to re-impliment. I don't think I'll stop using it just because it's fed related, I never trusted it that much anyway.

Maybe someone will create a chaffing web browser that pulls down random pages in a pop-behind window when you aren't active. Or a round robin, crowds based proxy that pulls a cached copy to a few local machines for you to browse from. Er, that sounds like Freenet doesn't it?

As little faith as I have in federally funded projects, maybe we'll see some good out of this yet...

Might as well read the privacy policy again. https://fugu.safeweb.com/sjws/priv_policy.html

Ok Columbus, thanks for the discovery (3.50 / 4) (#4)
by CrazyJub on Tue Oct 16, 2001 at 09:50:01 AM EST

1. This is not a shocker, it's old news.

CNN: CIA-backed venture eyes anonymity software Feb 15th, 2001

Nando Times: Technology: Want to surf the Web anonymously? The CIA will help -- Feb 20th, 2001

2. It's not a very big secret, and if it is they do a lousy job of hiding it.

3. So the US gov is snooping on the occasional browser - good. I only use this to hide my work we habits: F--ckedcompany, Maxim, Personal webmail, etc... If I wanted to hide from the gov, I'd probably be aware of this fact, and use another method anyway.

News flash: The US military created the original Internet, you don't think they retained "some" control?????

You're missing the point... (4.33 / 3) (#5)
by Crusader on Tue Oct 16, 2001 at 10:10:05 AM EST

Safeweb has repeatedly and categorically *denied* that just because CIA gave them money for Triangle Boy, it would change anything about how their business operated ("CIA is just another client").

USENET posting relaying an e-mail denying any significant relationship:

SafeWeb's free consumer consumer service will continue to be 100% private and secure and is operated completely independently. We want to reassure all of our users that our core business is the protection of their online privacy.
This the first *real* evidence to come to light that implies something more sinister. Maybe they have a good reason to be routing packets through DoD networkspace that doesn't involve monitoring, but damned if I can think of what it could be.

Also, quick correction to my original story: Chun is President of Safeweb.
[ Parent ]

The Original Internet.. so what? (none / 0) (#24)
by mindstrm on Wed Oct 17, 2001 at 12:42:07 PM EST

Let's get something straight: The US military did not 'create' the internet.
Yes.. they created the protocols. Yes, they created MILNET/ARPANET, precursors to the internet.

But the Internet, ladies and germs, was created by every single individual telecom and computer owner who's connected to it, piece by piece, not by anyone else.

The Internet is a phenomenon, not a 'thing'. IP address allocation works because everyone agrees to obey a central registry. The intial idea was simply that anyone who had a network could get unique address space so, someday, they could connect to anyone else however they wanted to without a collision of address space. This has now become perverted.

[ Parent ]
Or did you consider... (3.66 / 3) (#6)
by fluffy grue on Tue Oct 16, 2001 at 11:04:53 AM EST

Maybe the government people behind SafeWeb actually do want privacy for American citizens. Just because it's from the government doesn't necessarily mean it's corrupt.
"Is not a quine" is not a quine.
I have a master's degree in science!

[ Hug Your Trikuare ]

Yeah, and the Senate just passed ... (4.00 / 1) (#7)
by nstenz on Tue Oct 16, 2001 at 11:12:33 AM EST

... an anti-terrorism bill 96-1.

If the people I vote for aren't going to protect my privacy (actually, Feingold is trying to... he appears to be the only one though), the people I'm not voting for probably won't either.

If they were out to protect our privacy, they'd make a big deal of their support for Safeweb and how much they're trying to help. I don't see that happening.

[ Parent ]

So? (4.00 / 1) (#8)
by fluffy grue on Tue Oct 16, 2001 at 02:46:34 PM EST

The Senate isn't running SafeWeb any more than the Department of Agriculture has any say in foreign policy.
"Is not a quine" is not a quine.
I have a master's degree in science!

[ Hug Your Trikuare ]
[ Parent ]

grain (none / 0) (#10)
by dr k on Tue Oct 16, 2001 at 04:24:31 PM EST

Except for all that surplus grain we sell to needy nations... oh, and all the subsidies we pay to farmers for honey and cheese to keep imports down... and the various sanctions that keep superior products (like pistacios) out of the US markets...
Destroy all trusted users!
[ Parent ]
Okay, fine (none / 0) (#16)
by fluffy grue on Tue Oct 16, 2001 at 07:22:12 PM EST

I just pulled two random things out of the air, hoping they'd be something not connected. Department of Agriculture and Department of Defense would have probably been a better pairing - the DoA doesn't dictate DoD policy. Similarly, the CIA, if they even had anything to do with SafeWeb, has nothing to do directly with Senate rulings.
"Is not a quine" is not a quine.
I have a master's degree in science!

[ Hug Your Trikuare ]
[ Parent ]

Typo Anyone? (5.00 / 10) (#9)
by skullY on Tue Oct 16, 2001 at 03:18:28 PM EST

anongo.com has address

Hmmm, that does seem to point to a DOD IP. However, that IP doesn't ping, doesn't have any ports open, and in short doesn't seem to be up. Now, let's look at some of the other hostnames associated with anongo.com.

fugu.anongo.com has address
redirect.pooka.anongo.com has address
dns1.pooka.anongo.com has address

Hey, lookit this. These have almost identical IPs as the hostname for anongo.com, except instead of pointing to IP space at the DoD, it points to IP space at exodus. And let's look at some safeweb.com hosts.

safeweb.com has address
dns1.pooka.safeweb.com has address
norm.pooka.safeweb.com has address

Well, lookit this. Those all have similer addresses too.

So, big conspiracy? Doesn't look like it to me. It looks like the simpler explanation is that someone just typoed the IP address.

I'm not witty enough for a sig.
Question though... (none / 0) (#11)
by Crusader on Tue Oct 16, 2001 at 05:08:19 PM EST

...if this was the case, and anongo.com pointing to military networkspace was an accident, wouldn't Safeweb's service then not work at all? Due to their routing pointing to a server that's not even accessible, much less setup as a proxy for Safeweb to use?

Can someone who's smarter with regards to networking and proxies (Squid in particular?) clarify this?
[ Parent ]

Re: Question though... (5.00 / 1) (#13)
by skullY on Tue Oct 16, 2001 at 05:26:15 PM EST

Not neccesarily. When I goto http://www.anongo.com, it redirects me to https://www.safeweb.com/. When I goto http://anongo.com, I never connect to anything. When I goto http://safeweb.com, I get redirected to https://www.safeweb.com/.

As a test, here's what shows up in my apache logs when I connect to it through safeweb: - - [16/Oct/2001:21:35:31 +0000] "GET / HTTP/1.0" 200 6641 "http://darkstar.frop.org" "Mozilla/4.75 [en] (X11; U; Linux 2.4.5 i686)"

Notice that it comes from, which is in the same netblock as www.safeweb.com. It also reverses to

So far, nothing I've done has had to interact with the hostname anongo.com, or the IP

FWIW, I emailed root@safeweb.com, and found out that anongo.com isn't used anymore. It's all under the safeweb.com domain. The anongo.com reference by their squid cache is just leftover from their early days, they didn't think anyone was still using it.

I'm not witty enough for a sig.
[ Parent ]
Grrr... (none / 0) (#14)
by Crusader on Tue Oct 16, 2001 at 05:38:15 PM EST

Yes yes, did even you read the original article I linked to? It went over all of what you already said, and yes, it doesn't show up in the connecting IP, it's in the HTTP_VIA variable string, as the Squid proxy server. My question to HTTP protocol/proxy gurus, is how accurate does that string have to be? If it's referring to an invalid server/IP, will the secure connection work at all? Is HTTP_VIA verified by anything?

On another note, it looks like they're switching it over right now to 216 anyway, so our various inquiries kicked over a can of worms whether it was intentional or not:

nslookup anongo.com NS.ABOVE.NET
Server: ns.above.net

Name: anongo.com

nslookup anongo.com proxy1.alntn1.tx.home.com
Server: proxy1.alntn1.tx.home.com

Non-authoritative answer:
Name: anongo.com
[ Parent ]

Can I have a price check on a clue please? (5.00 / 1) (#15)
by skullY on Tue Oct 16, 2001 at 06:13:17 PM EST

I'm sorry, apperrantly I was trying to interject fact into a conversation based on theory and unknowns. I won't make that mistake again.

HTTP_VIA, like all other HTTP headers the server might be recording, are client supplied. The server and client know who they're talking to already, because of the 3-way TCP handshake. Everything in the HTTP layer is data supplied by one or the other. So yes, HTTP_VIA is client supplied. It's only reporting what squid thinks its hostname is. Unless you've written some apache handler or CGI to check for said header, apache doesn't even care that it exists. The fact the socket is open and able to recieve data is all that apache cares about.

Then again, had you phroased your original question properly, by say, asking about the HTTP_VIA, instead of just saying "wouldn't it not work at all" which is obviously not the case, we might have understood each other better. It's amazing how much communication is enhanced by asking correct question and retarded by asking incorrect questions.

Anyway, I think you've proven your lack of clue on this matter. I'm not feeding this thread anymore.

I'm not witty enough for a sig.
[ Parent ]
Thanks (none / 0) (#18)
by Crusader on Tue Oct 16, 2001 at 08:28:38 PM EST

Thanks for finally answering my question (sort of)... do you (or anyone else for that matter) have any Sqid configuration experience? Would Squid operate correctly if the wrong hostname (or if the hostname is resolving to a wrong IP) is being utilized?

I freely admitted I had no idea how HTTP_VIA was generated; there was hardly any need to be that rude. I also find it credible that it was all nameserver screwup on their part... to a certain point. It's a bizarre coincidence that the one anonymous service with existing government connections would have a proxy server pointing to a government network space, of all the places a typo could've ended up pointing to.

Also, you'll find communication is also improved when you make less typos in your posts ;)
[ Parent ]

Hrmm. (none / 0) (#20)
by mindstrm on Tue Oct 16, 2001 at 08:44:49 PM EST

HTTP_VIA may be set manually in the squid configuration, I think.... It's not critical.

It's a bizarre coincidence.. but it's rather obvious, when you see that the address matches exactly except for one character (5 instead of 6)

I think HTTP_VIA is used so that the client (your browser) knows that the request to the server went through the address indicated in the HTTP_VIA header. If this is wrong, it probably has absolutely no effect whatseover.

[ Parent ]
Orangatango -- a SafeWeb alternative (4.00 / 1) (#12)
by bruckie on Tue Oct 16, 2001 at 05:13:47 PM EST

Orangatango offers a product similar to SafeWeb that may be of interest to some here. It offers encrypted browsing, web-based bookmarks, anonymous e-mail, and other features.

I work there as a programmer, and I can assure you that we don't filter anything through the government. In fact, we have a Privacy and Non-Disclosure Agreement that allows disclosure of your information only if "we are required to disclose the information pursuant to any law, regulation, subpoena, court order, or legal process" among other things.

If you'd like to protect your privacy, check it out. I think it's cool enough to work there. :)

Orangatango -- a SafeWeb alternative (none / 0) (#23)
by juju2112 on Wed Oct 17, 2001 at 11:46:23 AM EST

Why does it want my e-mail address verified for the 7-day trial? That's not very anonymous if you ask me. It does look cool, though.

[ Parent ]
Anonymity (none / 0) (#25)
by bruckie on Wed Oct 17, 2001 at 01:44:59 PM EST

Why does it want my e-mail address verified for the 7-day trial? That's not very anonymous if you ask me.

Well, the idea is that you aren't completely anonymous to Orangatango. Instead, you give Orangatango limited information, which Orangatango is legally obligated to protect because of the NDA that it is bound by. In other words, you trust Orangatango, and that trust is enforced by contract (and thus by law).

However, Orangatango does make you largely anonymous to the rest of the internet. Your IP address is hidden, your e-mail address is replaced by an anonymous forwarding address when you type it into forms, you get fine-grained control over cookies, etc.

[I'm just an employee, so don't take what I say as official company policy.]

[ Parent ]
NDA (none / 0) (#29)
by vectro on Thu Oct 25, 2001 at 12:56:46 PM EST

Protected by law, unless a subpoena is issued, in which case it dosen't mean dick.

“The problem with that definition is just that it's bullshit.” -- localroger
[ Parent ]
Please check your facts. (none / 0) (#17)
by mindstrm on Tue Oct 16, 2001 at 08:22:31 PM EST

As far as I can tell, anongo.com is in 216, not 215.

The A record for anongo.com is
The A record for www.anongo.com is

216.104.228 is registerd to Exodus.

I can't find anything whatsoever linking it to the DOD

Oi, covered below... (none / 0) (#19)
by Crusader on Tue Oct 16, 2001 at 08:34:51 PM EST

...covered in this thread:


Also, please refer to the original links in the story post for further confirmation.
[ Parent ]

To change the topic slightly.. (none / 0) (#21)
by mindstrm on Tue Oct 16, 2001 at 09:42:59 PM EST

Given that that it's been determined that there is no DOD involvement; that this was a typo (the network is 216, not 215)... what does everyone thing of the criticizms going on at cryptome of safeweb?
It seems people take issue with their logging practices, and their policy of 'complying with law enforcement subpoenas'.
It seems to me that, whether they say so or not, they have no choice but to comply with a subpoena.

Safeweb response on Cryptome (none / 0) (#22)
by truth versus death on Wed Oct 17, 2001 at 06:57:13 AM EST

Sounds like they are pretty open about their practices. If 7 days is too long, you can always use another service. And, yeah, the power of a subpoena, once issued, is fairly absolute (else prison).

"any erection implies consent"-fae
[ Trim your Bush ]
[ Parent ]
DOD Involvement (none / 0) (#27)
by Shalom on Wed Oct 24, 2001 at 11:38:08 AM EST

Read the responses from Cryptome (on the link the other guy posted). Specifically, the 215.* server (an address that is in the DOD), whatever it was, was offering similar services on similar ports. I don't know about his methods, but if he did anything more than a portscan, and if any of the ports were non-standard, this raises flags. Three possibilities here: - DOD was using the DNS trouble to snoop on people still using the anongo address without Safeweb's knowledge - Safeweb and DOD collaborated to make this happen - Pure, unadulterated coincidence. I leave it up to you to decide which. I don't buy coincidence, and I think doing this without Safeweb's involvement would involve way too much random chance (Safeweb screws up DNS, someone at DOD notices, someone with the intent to spy on Chinese-Americans find out, and he is savvy enough to get his techs to take advantage).

[ Parent ]
Subpoena (none / 0) (#28)
by vectro on Thu Oct 25, 2001 at 12:53:52 PM EST

Well, you can avoid having your logs subpoenaed by not making logs. But they apparantly don't follow this practice.

“The problem with that definition is just that it's bullshit.” -- localroger
[ Parent ]
Not true (none / 0) (#26)
by awptic on Sat Oct 20, 2001 at 03:20:28 AM EST

The last simular router both traceroutes appear to go through is, this IP is infact owned by Qwest, not the DOD, after which ICMP traffic seems to be blocked, which isn't uncommon.

Safeweb is a Fed Front | 29 comments (29 topical, 0 editorial, 0 hidden)
Display: Sort:


All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!