Overview

Crowds is a system for protecting your privacy while you browse the web. For example, Crowds prevents a web server that you visit from learning information that could identify you. Named for the notion of blending into a crowd, Crowds operates by grouping users into a large and geographically diverse group (crowd) that collectively issues requests on behalf of its members. Web servers are unable to learn the true source of a request because it is equally likely to have originated from any member of the crowd, and indeed collaborating crowd members cannot distinguish the originator of a request from a member who is merely forwarding the request on behalf of another.

Why this is important:

The lack of privacy on the web makes us susceptible to a number of abuses, which are now starting to be well publicized (see below). Of course, there are many good reasons for being concerned about the privacy of your browsing behavior on the web. Possibilities range from a distaste for targeted, junk e-mail to the desire to search out certain topics in private. For example, you may have a health condition that you do not wish to share with others, and there may be a wealth of information available on the web. Crowds provides a mechanism for hiding your identity from others while obtaining the information that you desire.

How it works:

The approach is based on the idea of "blending into a crowd", i.e., hiding one's actions within the actions of many others. To execute web transactions in this model, a user first joins a crowd of other users. The user's initial request to a web server is first passed to a random member of the crowd. That member can either submit the request directly to the end server or forward it to another randomly chosen member, and in the latter case the next member independently chooses to forward or submit the request. When the request is eventually submitted, it is submitted by a random member, thus preventing the end server from identifying its true initiator. Even crowd members cannot identify the initiator of the request, since the initiator is indistinguishable from a member that simply passed on a request from another.

A proxy running on your local machine (or another machine you trust) executes the Crowds protocol on your behalf. Participating in a Crowd simply requires that you start this proxy and set your browser to use it as the browser's proxy. This proxy is written entirely in Perl; you must have version 5.004 or later. Perl can be obtained from the Perl institute. Crowds runs on Win32 and Unix platforms. To get the code, click here.

Risks of using Crowds:

If you run a Crowds proxy on your machine, then it is possible that web servers will receive requests from your machine that you did not initiate, because your proxy will forward others' web requests and sometimes submit them. If suspected of originating these requests, simply explain that you were participating in a crowd (regardless of whether you were or not!) and thus that you could not control what requests were submitted from your machine.

A second risk of running Crowds is that by routing your requests through others' machines, Crowds may increase the risk of disclosure of the data in the request and corresponding reply. That is, while other crowd members will not be able to determine who originated a given request, the contents of the request and reply may by exposed to other crowd members. This is primarily a concern when, e.g., passwords for accessing web pages are included in this content. In such cases where the web server authenticates you by password, Crowds does not protect your anonymity anyway, and we thus recommend that you "turn off" Crowds (i.e., change your browser's proxy setting) to access such pages.

Further information about Crowds:

A technical paper, in June issue of ACM TISSEC.
A slide presentation
The Crowds communication specification.
The Crowds user manual
There is a Crowds mailing list, crowds-talk@research.att.com, to which you can subscribe by sending an email to majordomo@research.att.com with subscribe crowds-talk in the body of the message. This list has an archive.

Some press about Crowds:

Want More Online Privacy? Join the Crowd by Jeri Clausing. New York Times on the web, August 22, 1998.
Anonymity by degrees by Michael Stutz. Wired News, October 1, 1997.
A PC World News Radio report. PC World Online, October 1, 1997. (Audio; requires RealPlayer to hear.)

Some interesting anonymity/privacy links:

A project on Anonymous communications on the Internet being conducted by the American Association for the Advancement of Science. You might want to fill out their online survey about anonymity.
Electronic Privacy Information Center
W3C privacy work
Yahoo!'s Privacy page
Do you trust the web? Tracking users is getting easier, but user's want anonymity by David Sims. Web Review, January 24, 1997.
A special report in Time Magazine (August 25, 1997) on online privacy issues.

Prizes for frequent users:

Users who keep their Crowds servers alive all the time will be identified and rewarded with a free

Crowds T-shirt. Recipients so far are:

Michael Reed
Iain Brown
Frank Ch. Eigler
Ian Rowan
Aaron Porter
Uthacalthing Tymbrimi
Steve Czetty

Thank you for your support.
(Credit: T-shirt design by Lorrie Faith Cranor; slogan idea by Matthew Franklin).