Switzerland Privacy Notes

From the Switzerland Version 0 README file:

In this release, a switzerland server publishes the IP addresses of all connected clients.

Your client is designed to only summarize traffic exchanged with other switzerland clients, and should not tell the server anything about communications with computers that are not switzerland clients.

Summary information uses cryptographic hashes of packets, so it's hard to reconstruct the contents of your packets from what you send to switzerland. However, when it detects forged packets, the switzerland server may ask your computer for full copies of packets sent around the time that the forgery was received. Therefore it is likely that running switzerland will result in portions of your unencrypted communications being logged at the server. By default, switzerland clients will use a server run by the EFF, but you have the option of running your own server and telling your clients to connect to that instead.

In this release, traffic between switzerland clients and the server is unencrypted, so it's possible for an eavesdropper near the server to see information about what kind of connections you have open with which other switzerland clients, and how frequently you're exchanging data (an evesdropper near you could probably see most of this information regardless of whether you were running Switzerland).

Later releases will reduce some of these privacy issues and add more options for fine-grained privacy control. For now though, treat any traffic travelling between switzerland clients as "public record" information.

Related Issues

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Mayweather or Pacquiao? Regardless of who wins, Internet intermediaries are the losers: https://eff.org/r.qbeb

May 1 @ 5:09pm

How private DNA data led Idaho cops on a wild goose chase and linked an innocent man to a 20-year-old murder case https://eff.org/r.3832

May 1 @ 3:08pm

We think that YouTube should celebrate its 10-year anniversary by fixing ContentID eff.org/r.lc85

May 1 @ 11:08am
JavaScript license information