Introduction and summary

The interception detector is an online, complex but easy-to-use javascript/crypto tool available inside your browser without any installation. It allows you to check whether the information sent over your secure connections (https - TLS/SSL) is being intercepted. You can access the tool here: Interception Detector



This tool is complementary to Peersm and iAnonym projects.



As you probably know, the principle behind secure connections is that you receive a certificate from the site you are visiting. This certificate contains a public key that is used by your browser to encrypt a secret key. The secret key is then decrypted by the server using its private key and only the server's private key can decrypt the secret key. Only the browser and the server have access to the secret key and they use it to encrypt communications between each other.



The certificate also contains a signature produced by a certificate authorithy. The browser checks that the certificate is valid by checking the certificate's signature with the public key of the certificate authority. To keep things simple, let's assume that certificate authority means a certificate authority or a sub certificate authority.



Finally, the browser, in theory, checks that the server name in the certificate is indeed the one that you are accessing.



All this is based on a chain of trust in which you are supposed to trust the certificate authorities. Unfortunately it's not unlikely that authorities ask certificate authorities to produce valid certificates so that they can intercept your communications. This is more commonly known as a "Man in the middle attack". The interceptor intercepts your secure connection handshake and sets up two secure connections: one with your browser and one with the target site. Because the interceptor is using a valid certificate, your browser doesn't detect it and the interceptor receives all your messages decrypted.

Who is intercepting my data?

It's probably your ISP, your company, nodes in the path controled by certain authorities, proxies that you are wrongly using to hide yourself, nodes that proxy the traffic of major sites, etc.

Principles of the detector

It's simple. To check that nobody is intercepting your data, you intercept it yourself (i.e. your browser intercepts itself).



The browser sets up a https connection with itself (see the drawing Interception detector). It first creates a connection with our server using standard Websockets and then opens the page https://test.my_bank.com. This is intercepted by our server and then sent back to your browser using the websocket connection.



For each connection the browser creates a unique certificate that you are aware of. This certificate is not valid since it is self-signed and not produced by a certificate authority. Therefore, when you open https://test.my_bank.com, the browser will display a warning. You then use the warning information to check that the certificate used for the connection is indeed the one created inside your browser.



In such a scenario, if the certificates match, you are absolutely sure that your information has not been intercepted. If they don't match or you don't get a warning, then you are absolutely sure that your information has been intercepted.

Is it risky or illegal?

Absolutely not. Once you have given your authorisation, our server just intercepts the messages from your browser and sends them back to it as it would for any web site. It doesn't keep a record of these messages. However, you should never disclose the secret code that we provide for you to use the tool.

Extension

You can use test urls such as secret.my_bank.com or secret.download_stuff.com to check that there is nobody between you and our server and nobody paying particular attention to specific urls like download_stuff.com. As an extension for sensitive sites, the detector could be installed directly on the sites (my_bank.com) so you can check that there is nobody between you and my_bank.com simply by clicking somewhere on the site. Sites that are interested in providing this feature can contact us at the email address provided below.

How can I use it?

You first need to purchase your secret code (using paypal or whatever other means you like). Our contact address is contact (at) ianonym.com. We will then send you your secret code. The only information we need is an email address.



By buying your code you will be helping to finance projects such as iAnonym and node-Tor and helping protect freedom and privacy on the internet.



The tool is available here: Interception Detector

More technical details?

For more technical details, please visit: iAnonym | node-Tor