the-cloak faq

Q:	What exactly does the-Cloak do? What is encrypted anonymous surfing?
A:	The Cloak sits between your computer and any web sites you visit. It prevents the web sites you visit from finding out who you are. And it can use the standard SSL protocol to encrypt all communication from your browser, so that no one (except for the-Cloak) knows where you are surfing. The following figures illustrates the concept: Without the-Cloak, you are connected directly to the machines you visit (eg `www.acme.com`). These machines know where you are coming from. They know your computer's name, and they can even find out your name if your machine supports `finger` or `identd`. By tracking you with with `cookies` as you move from machine to machine, they can build up a complete picture of your surfing habits. Furthermore, anyone sitting between your machine and the machines you visit can see where you are surfing. For example, if your employer or web provider has a proxy server, it can log every access you make, every site you visit, every picture you download. But if you use the-Cloak, the sites you visit never see who you are or where you are coming from. All they see is the-Cloak. And if anyone happens to be spying on your surfing, they won't know where you are going or what you are viewing, because all traffic between you and the-Cloak is (if you choose) encrypted. They don't even need to know that it is web traffic!
Q:	What software do I need to browse using the-Cloak?
A:	Just your browser! The-Cloak uses the standard SSL (Secure Socket Layer) encryption that is built into most web browsers. No extra software is needed. If you don't have an SSL equipped browser, we suggest that you download Mozilla/Firefox, or Netscape Navigator or Microsoft Internet Explorer. We have reports that Opera and Konqueror also work, as do other browsers that use the Gecko engine.
Q:	How should I configure my browser when using the-Cloak?
A:	You should do the following: Turn on Javascript. The Cloak will automatically filter out Javascript from any documents you download, unless you tell it otherwise. However, the-Cloak needs Javascript for its control panel. In Netscape Navigator, you can turn on Javascript using the menu sequence Edit -> Preferences... -> Advanced -> Enable Javascript. The Enable Javascript button should be activated. In Microsoft Internet Explorer, use View -> Internet Options -> Security -> Custom -> Active Scripting -> Enable You should turn on warnings when leaving an encrypted site, so that your browser warns you when you are no longer surfing using the-Cloak. In Netscape, use the menus Security -> Navigator and make sure that you are warned (1) when you leave an encrypted site and (2) when a page contains a mix of encrypted and unencrypted material. In Microsoft Internet Explorer, use View -> Internet Options -> Advanced -> Security -> "Warn if changing between secure and insecure mode" You must enable cookies so that the-Cloak can give you a login cookie: In Netscape, use the menus Edit -> Preferences -> Advanced and choose any option that allows cookies. In Microsoft Internet Explorer, use View -> Internet Options -> Advanced -> Security -> Cookies and choose any option that allows cookies. Also, if you are using Netscape, turn off What's Related in Edit -> Preferences... -> Navigator -> Smart Browsing. This feature connects directly to Netscape, and can tell them where you are surfing.
Q:	Is the-Cloak 100% effective at safeguarding my privacy?
A:	Probably not. However, it is much better than using nothing at all. Although we have tested the-Cloak carefully, the web is complicated and all software is subject to occasional malfunctions. We do not guarantee that the-Cloak will maintain your privacy. Be sure to read the above suggestions for setting up your browser to make your surfing as safe as possible.
Q:	What if the Cloak is subjected to a court order or a subpoena?
A:	For your safety, you should assume that we will turn over log file entries if we are presented with a court order, subpoena, warrant, or other legal demand originating from a non-totalitatarian government entity. We do not have the resources to mount legal challenges. We do not know our users, and thus we cannot contact them to allow them to mount a challenge. In practice, we may elect to decline to comply with law enforcement demands that we deem inappropriate, if we are outside their jurisdiction.
Q:	HELP! I purchased a PIN and never received it!
A:	When you purchase a PIN (access code) for the pay service through 2checkout.com, be sure to hit the final button at 2checkout, and you should see the PIN on the page right after your payment submission. Be certain to write it down immediately. You will also get a transaction number through email. If you do not see your PIN, this probably means that your network connection to 2checkout failed at the moment the confirmation page was being sent. You will need to contact us directly or submit a support ticket to 2checkout. If you contact us directly, be sure to provide your order number if you have it - you should receive the order number in an email from 2checkout.
Q:	Do I have to use the encryption feature?
A:	No. You can select between encrypted and un-encrypted surfing when you log in.
Q:	What web pages will the-Cloak NOT work with?
A:	it cannot proxy ftp pages. it cannot proxy pages that contain certain types of active content that bypasses the HTTP protocol. For example: Java applets that connect directly to the server, like chat applets. certain types of streaming multimedia that work with their own network protocols (though these might be configured to use HTTP). Some pages that use complex Javascript that we cannot rewrite successfully. Some pages that contain broken HTML.
Q:	HELP! the-Cloak does not work on the Mac!
A:	There are serious problems with the-Cloak running on the Macintosh under Microsoft Internet Explorer. Macintosh Internet Explorer's Javascript window handling code appears broken, so you may get lots of errors and unwanted logout messages. The only solution we have found is to use Netscape Navigator instead.
Q:	HELP! Why does yahoo mail keep reloading?
A:	`mail.yahoo.com` tries to reload itself if it does not see the correct login cookie. But we try to bypass this by faking the cookie by rewriting the javascript. For most browsers, this seems to work, but for others it does not. If you turn on Delete Javascript when you start surfing, it should fix the problem.
Q:	HELP! Encrypted mode does not work in Microsoft Internet Explorer!
A:	Older versions of Internet Explorer appear not to support all encryption methods. You should upgrade to a new browser. Also, some more recent versions of Microsoft Internet Explorer are known to have a very buggy SSL implementation. We have tried to work around these bugs, but you may still experience problems like blank pages and apparent network errors. If this happens, please do us a favour and write a rude and nasty letter to Microsoft telling to get their act together and concentrate on writing software that actually works rather than devoting their all their efforts to increasing their anaconda-like stranglehold on the bug-infested bloatware market. End of tirade. You can get a browser upgrade from miscrosoft.com or netscape.com, or you can get the nifty Open Source Mozilla browser from mozilla.org.
Q:	HELP! I get a message about an invalid security certificate when I try to connect in encrypted mode!
A:	This problem seems to arise with Microsoft Internet Explorer 5.x. The difficulty appears to be that Microsoft Internet Explorer 5.x recognizes only those SSL server certificates that have been signed by a registered signing service (CA). Our certificate is self-signed, however. There are 2 possible solutions: Click here (Microsoft Internet Explorer) or here (Netscape/Mozilla and others) to accept us as a CA (not all browsers will support this). This is a bit risky, because you are saying that you trust us to validate the identity of other web sites. You should keep any warning messages enabled if you choose this option. If your browser allows you to disable CAs, you should disable our CA when you are not using the-Cloak. If this doesn't work, or you don't want to accept us as a CA, you may need to download Netscape Navigator instead of MIE.
Q:	How much does my proxy know about my surfing?
A:	If you access the-Cloak through a proxy in unencrypted mode, and the proxy keeps logs, then it has a complete record of your surfing. However, if you use the-Cloak in encrypted mode, then all the proxy sees is requests of the form `CONNECT www.the-Cloak.com` [Encrypted Data....]
Q:	Why don't you offer encrypted URLs?
A:	Some anon proxies now offer encrypted URLs to hide your requests from local snooping. For example, instead of going to `http://www/the-Cloak.com/Cloaked/http://www.acme.com/foo.html` the `http://www.acme.com/` would get scrambled, and you would go to `http://www/the-Cloak.com/Cloaked/KLJ987Hkjh79kjjKJGAWEMXvfD437` However, we feel that there is no reason for this feature when complete encryption is available. In encrypted mode, even if you connect to the-Cloak through a proxy, all the proxy sees is `CONNECT www.the-Cloak.com` [Encrypted Data....] So the-Cloak's encrypted surfing feature offers all the advantages of encrypted URLs, plus the further advantage of content encryption.
Q:	But I can still see the URL in my browser address box in encrytped/https mode! Can't a snoop also see it?
A:	No. Both the URL and the page content are encrypted (in encrypted/https mode). You can see them, but they are not visible to someone situated between you and the-Cloak. Encrypted mode (https/SSL) encrypts the whole connection.
Q:	What advantage does the-Cloak over an ordinary proxy?
A:	It supports encrypted surfing with minimal overhead. It allows user-controlled content filtration. Our remote cookies give you cookie functionality, without leaving a trail of cookies (ahem.. cookie crumbs?) on your machine. You can use sites that need cookies, but they can't track you from session to session...and advertising networks like doubleclick can't build up a profile of your surfing habits. Also, most ordinary proxies don't proxy `https`, so web sites can learn your identity by forwarding you to an https port.
Q:	What are some other privacy matters that I worry about?
A:	Here is an very incomplete list of things to worry about If other people have access to your machine, you should be aware that your browser cache and browser history files contain a record of your surfing. If you are using Internet Explorer 5 on Windows, there is a Javascript "feature" that allows remote sites to read your Windows clipboard. You can disable it by going to Tools --> Internet Options --> Security --> Custom Level, find allow paste operations by script, and click either Prompt or Disable and then click OK.
Q:	Why is the connection so slow?
A:	For free users, we have a bandwidth throttle that limits the total bandwidth through our server. Otherwise, we simply would not be able to afford the bandwidth fees. If many people are using our site simultaneously, then they will all have to share the limited bandwidth available, and the connection may appear slow. For pay users, there is no bandwidth cap, and the speed is limited only by the speed of the network.
Q:	Do you keep any records of my surfing? Of my identity?
A:	We purge all of our usage logs on a time scale of a few days. The information is destroyed when we do this. We need to keep logs for a short time in case someone misuses our service (eg, uses it to send spam). Also, we will obey laws that require us to turn over any information that we have to the authorities, if such demands arise. While you begin surfing, you are assigned a "key cookie"; this key is for keeping track of your preferences, and is deleted when you stop browsing, and does not follow you from session to session.
Q:	What about cookies?
A:	By default, the-Cloak handles cookies for you, so they never actually reach your machine. If you wish, you can turn off cookies altogether using the-Cloak Control Panel. The Cloak sets a single login cookie to act as your entrance key; this cookie stays alive only for the duration of your browser session. Our site may also set some cookies to control what advertisements are shown. For example, we may use cookies to ensure that we do not repeatedly show you pop-up advertisements. The only information contained in these cookies is what time a particular user saw a particular advertisement. These cookies may persist for several days.
Q:	Can I visit secure (https://...) sites using the-Cloak?
A:	Yes, the-Cloak can proxy https sites. All you have to do is is unset the "Delete HTTPS URLs" checkbox on the control panel. But this compromises one of the purposes of https: you are allowing the Cloak to "look into" the supposedly secure and encrypted communications between you and an https site. Be sure you understand this before you turn on https proxying.
Q:	Why do I need the-Cloak if I am already behind a proxy?
A:	See the answer to the next question.
Q:	Why can't I just use one of the thousands of ordinary proxies out there? I've even seen lists of them on the web.
A:	You can, but... (1) Most are private, and their owners might be annoyed if you use them. You might end up losing your privacy when you draw attention to yourself by unauthorized use of someone else's proxy. (2) Many of them deliberately tell the sites you visit where you are coming from; their business is forwarding and caching, not anonymity. (3) They often log your requests; a proxy log is a great way for your employer or internet provider to snoop on your surfing. (4) They provide no encryption. Encryption allows you to bypass the danger of logging and local snooping. (4) They do not generally proxy https (unless you use a "secure proxy"), so web sites can learn your identity by bouncing you to an https port.
Q:	What uses of the-Cloak are forbidden?
A:	You may not Use the-Cloak for any illegal purposes. This includes but is not limited to the transmission or receipt of illegal material. You may not use the-Cloak to violate copyrights or to break other forms of intellectual property law. You may not use the-Cloak to send spam (unsolicited advertising, bulk email, mass news posts, or any other kind of undesired large scale abuse of the net). You may not use the-Cloak to harass or annoy. Robots/web-crawlers and other non-human browsers may not use the-Cloak. The above is not a complete list; we reserve the right to deny access for any reason.
Q:	Can I surf for as long as I want?
A:	To allow as many people as possible to use this service, we may limit your surfing session to a certain number of megabytes. We may also limit the number of simultaneous users.
Q:	Why does the-Cloak make my browser crash?
A:	A web browser should never be crashed by a web page. In our experience, however, both Netscape and Microsoft Internet Explorer were very buggy, and often crashed. This is the mark of poorly written software. If your browser crashes, try a different brand or version number. And complain to the company that wrote the browser, especially if you paid for it, or bought it with your operating system. We have had positive experiences with the freeware Mozilla browser, including the Firefox version, and users have reported successfully using the non-free Opera browser.
Q:	Why is its safest to turn the "Delete SCRIPTs" control on?
A:	Because Javascript can easily break you out of the-Cloak's security. We try to filter Javascript to make it safe, but this is impossible to do in a completely general manner. If you are very concerned about security, don't turn off script blocking except for sites you trust, and if you know exactly what you are doing. But.. do not turn off Javascript in your browser. The Cloak needs Javascript to make its control panel work.
Q:	So how do I begin surfing?
A:	After you have read this page carefully and configured your broswer as instructed, read the disclaimer and then go to the login page and begin surfing.