Tomas

P.S. Please send me the results of your tests via helpdesk or the Contact Us form.

The refund guarantee covers all subscription plans, the trial one including. However, it may be best to email me at admin[-AT*]identitycloaker.com or contact us via the form at http://www.identitycloaker.com/cms/contact-us and I will personally do my best to find out why the connection is slow for you.

Also, in the next 2 days, there will be third server available in the UK. But again, there may be several reasons it is slow for you, including bad peering from your ISP so it’s best to contact me directly.

Tomas France
IdentityCloaker.com Administrator

Those are some good questions and as an IT guy and the Identity Cloaker administrator, I wished more people would be so security/privacy conscious as you

Identity Cloaker uses 2 different technologies to “forward” the data. The first one is called SSH Tunneling, the second one OpenVPN. The main client application uses the SSH Tunneling technology.

This one works similarly to what you described. First a “Secure Tunnel” is established between your PC and one of the physical servers in the Identity Cloaker network. Then it forwards the requests to software called Squid proxy server which is running on the physical server. The proxy server software then forwards the request to the destination website/server which then in return sends the reply back to the proxy server software and this data then flows back to your PC through the secured SSH tunnel.

OK, I know this may sound a bit confusing…sorry.

You are correct that at one point the physical server has to have an unencrypted copy of the data passed through it. However, this data is stored just for a very short while in the server memory only because the harddrive caching is disabled in the proxy server software configuration.

But you asked a very good question. How could you trust me that the data is really not stored on the server harddrives and that nothing bad is done with it? Well, this is not easy to answer. Honestly, you can never be 100% sure. There has to be some trust and credibility Identity Cloaker earns over time, I realize that.

You will face a similar problem with, for example, webhosting companies or email providers. Do you trust your webhosting company they will not do anything wrong with the data you store on their servers? Do you trust your email account provider that they will ensure that none of their employees does not sell your email data to spammers or hackers?

I realize that it may take some time before Identity Cloaker earns so much credibility that people will feel confident that what I say here is 100% true. I have also been considering other means, such as 3rd party privacy audits - a trusted 3rd party auditor company would have access to the physical servers, scanned the installed software periodically and confirmed that there was nothing wrong going on.

I believe this would work well because any skilled server administrator would soon discrover if what I said here was not true. But I need to find one. Someone I believe will not do anything wrong on the servers and at the same time, someone that has so high moral credibility that most other people trust her/him as well. And at a reasonable price too. Technically, those could be even 2 or more different persons coming from different backgrounds.

I’ll try asking some of the people at the Electronic Frontier Foundation website, perhaps they could give me some suggestions. Also, do not hesitate to contact me if you know about someone who could take this role. She/he would need to have high moral credibility and linux server administration skills. Someone with experience from the IT/network security field would probably be best.

I’ve been also considering other solutions, such as signing a legally binding document saying I will not do anything bad with the data, but I don’t feel this would work best for most customers.

You also asked another good question:

>> Also, if my ISP logs my requests to your website and the ISP connecting your proxy to the internet logs the requests from your proxy, there is still some matching possible, no? < <

The short answer is: NO. This would be possible with traditional proxy servers and with web proxy servers (those webs where you enter the URL you want to visit and hit submit). But Identity Cloaker works differently, see my explanation above.

The difference here is that with Identity Cloaker, you do not connect to the proxy server directly. Instead, you first establish the encrypted tunnel between your PC and the physical server via SSH. The ISP can only see that you created this SSH tunnel if they are skilled enough. It does not even connect to the IdentityCloaker.com domain directly but to a “harmless sounding” mirror domain name.

The data in the tunnel is encrypted and neither your ISP, nor your company boss or a hacker can see the unencrypted version. The whole path between your PC and the Identity Cloaker server is encrypted and nobody can see which websites you visited and the data you downloaded or uploaded.

The OpenVPN technology works, in this particular case, similarly. Let me know if you want me to explain the differences in details. The main difference in the Identity Cloaker implementation of the SSH Tunneling & OpenVPN technology is that with OpenVPN you can encrypt any Internet communication, not just web browsing. You can use it for Skype, online games, Outlook etc. Simply anything. You get the idea. But it has some disadvantages so Identity Cloaker offers both technologies to get the best of the two worlds.

OK, this got a bit longer than I expected…sorry for that

Please do not hesitate to tell me if I forgot to answer one or more of your questions,

Best regards,

Tomas France
IdentityCloaker.com Administrator

I’ve found your website and read it through and it seems a nice service indeed. However, I still have some privacy-questions. I understand your service as follows:
my http-requests are first encrypted and send to one of your proxies, which then decrypts them and send them to the proper server. The reply which is received at your proxy is then resend (encrypted) to my pc (browser).

Now, don’t you need to keep files which connects my encrypted requests with the requests to the wanted webpage? Even if not, how can I be sure you don’t, since this will be the vital point in the privacy preservation. Also, if my ISP logs my requests to your website and the ISP connecting your proxy to the internet logs the requests from your proxy, there is still some matching possible, no?

Cheers,
Biscuit

Anyway, I will be writing some more FAQs and improving the sales page soon so that should help too.

Ughh. Make brain hirt.