I chatted today with Lance Cottrell, the founder and president of Anonymizer. They’re a little 30-40 person company, but even so they do three different interesting kinds of things. In increasing order of importance, these are:
- Provide anonymity services to ordinary individuals.
- Provide anonymity services to enterprises (aka enterprise sneakiness support).
- Help people get through the national firewalls in Iran and China.
For the record: They’re profitable, only ever took about $2 ½ million in mainly angel funding, get 70% of their revenue from enterprises (an increasing percentage even though the consumer stuff is growing to), and are paid by Voice of America for their Iran work but do China on a pro bono basis.
The consumer service, for an annual fee of $20-40 or so, is designed to reduce the marketing-related hassle of using the internet. If you need to give out an e-mail address, you can use a pseudonymous one, from which Anonymizer will re-route mail to your main address – until such time as you shut it down, because that particular address is attracting spam or other unwanted traffic. They also work to make you untraceable via IP address or cookies, protect you from spyware, and so on.
Is this worth the hassle for an individual to use? Well, I hate getting 100+ spam/day, but given how widely published my main e-mail address is, new sign-ups are the least of my problems. But if you’re an enterprise, it’s a whole other matter. That’s because enterprises have lots of reasons to be sneaky. These reasons fall into two major categories.
First, enterprises have a lot of legitimate reasons for concealing their interest in a subject. If they’re going after a bad guy – hacker, fraudster, whatever – it’s good not to be spotted. If they’re so much as checking out a possible merger target, it’s good not to be spotted. AOL accounts and the like will do the job too – but if you’re a professional snoop, having a professional cloaking device makes sense.
Second, there are cases where web sites are automatically configured to defeat snooping. Lance cited a number of cases – hackers again, trademark infringers, and so on. Most interesting, however, are the enterprises who engage in hardcore automated price-checking. It wouldn’t be unreasonable for an airline or major online retailer to fire off hundreds of thousands of competitive price inquiries daily – and for competitors to detect that and try to feed incorrect information back.
How big is this need? Lance assures me that he has commercial customers – not just government/intelligence – with low thousands of seats each, paying low hundreds per seat per year. But does that go far beyond a few obvious-suspect airlines and the like, plus a few top-tier Fortune-50-type brand owners? I don’t know.
One subject I forgot to ask about – and a hat-tip goes to Linda for raising the question after I got off the phone: Why isn’t this sneakiness-enabling technology a boon to bad guys too? Offhand, I couldn’t think of anything Anonymizer provides to crooks that isn’t simply provided by consumer free e-mail, encryption, and the like – unless they’re mega-spammers, and then they don’t need Anonymizer anyway because they have their botnets to conceal their identities. Still, I’m e-mailing Lance for follow-up, and will ask him to address the point in the comment thread below.
Some interesting aspects of enterprise deployments – they’re subscription-priced, they’re appliance-based, and the appliance is just a Juniper/Netscreen box configured to route traffic through Anonymizer’s servers. (Usually, at least – I get the impression they’ve tried other vendors’ boxes, but are mainly standardized on Netscreen.)
As for their penetration of the Great Firewall of China — that’s too important to bury this far down. I’ll write a separate post for it.