Switzerland Privacy Notes

From the Switzerland Version 0 README file:

In this release, a switzerland server publishes the IP addresses of all connected clients.

Your client is designed to only summarize traffic exchanged with other switzerland clients, and should not tell the server anything about communications with computers that are not switzerland clients.

Summary information uses cryptographic hashes of packets, so it's hard to reconstruct the contents of your packets from what you send to switzerland. However, when it detects forged packets, the switzerland server may ask your computer for full copies of packets sent around the time that the forgery was received. Therefore it is likely that running switzerland will result in portions of your unencrypted communications being logged at the server. By default, switzerland clients will use a server run by the EFF, but you have the option of running your own server and telling your clients to connect to that instead.

In this release, traffic between switzerland clients and the server is unencrypted, so it's possible for an eavesdropper near the server to see information about what kind of connections you have open with which other switzerland clients, and how frequently you're exchanging data (an evesdropper near you could probably see most of this information regardless of whether you were running Switzerland).

Later releases will reduce some of these privacy issues and add more options for fine-grained privacy control. For now though, treat any traffic travelling between switzerland clients as "public record" information.

Related Issues

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

EFF "Stupid Patent" Buster @DanielNazer explains how we saved podcasting from a patent troll on @slategist https://eff.org/r.fhzl

May 6 @ 7:50pm

Good news: Virginia now requires warrants for drones. Bad news: @GovernorVA vetoed license plate reader limits. https://eff.org/r.xpit

May 6 @ 3:48pm

Libraries and HTTPS go together like 323.445 Freedom of information and 005.8 Data security. https://eff.org/r.s2d1

May 6 @ 1:17pm
JavaScript license information