Tuesday, April 11, 2006

Technology to allow reviewers to anonymously view URLs

Reinhard Schneider and colleagues have proposed the following approach to protecting grant reviewers' anonymity. Comments from the ISCB community would be welcome; please post your comments by Friday, May 12, 2006!


Draft proposal: 0.1 (RS, April 10th, 2006)

How ISCB can help to allow the use of URL’s related to bioinformatics grant proposals

Background: See the proposed ISCB policy statement on URLs in grant proposals.

Solution: ISCB could function as the “anonymizer” for the reviewers.

Possible Technical implementation:

  1. Use of an “anonymizer” service on the web
  2. Implementation of a proxy server under the supervision of ISCB
  3. Implementation of a terminal server under the supervision of the ISCB

1) Using “anonymizer” services

The use of an anonymizer service is quite simple and can be done without much user intervention. The basic principle of these services is the use of one single static address (proxy or a net of proxies), which is shared by many users. Examples for these services are:

http://anon.inf.tu-dresden.de/index_en.html

http://www.the-cloak.com/anonymous-surfing-home.html

http://www.shadowsurf.com/

http://surfshield.net/

http://proxify.com/

http://www.guardster.com/?Services-Free_Web_Proxy

http://anonymouse.org/anonwww.html

2) Proxy-server setup by the ISCB

As an alternative to the above mentioned anonymizer services, one can use a proxy server that would be owned by the ISCB. Proxy servers are similar to the anonymizer, i.e. web pages are retrieved by the proxy server rather than by the person actually browsing the Web. By running such a proxy-server the ISCB could guarantee that no information is collected or otherwise abused. But there are important differences: proxy servers don't help with cookies, hostile applets or code (see below: possible problems).

3) Setup of a terminal server on an ISCB server

This solution would require the setup of a server running Microsoft “Windows Server 2003 Terminal Services”. The reviewer would login into this terminal server and would start a web-browser from this machine. By doing this all the traffic to the destination web-server will originate from the ISCB terminal server and as such protect the anonymity of the reviewer 100%.

Client software is freely available for Windows systems, Apple computer and Linux systems.

The funding for such a solution would need to cover the basic hardware for the server, the license for the operating system and the terminal server licenses (per user) as well as the maintenance costs for running this service.

Additional advantage: The URL’s can be password protected and can contain even unpublished data. The user would then provide the site login information in the grant proposal. By using the terminal server solution the reviewers could login anonymously and the proposal submitter would only know that her/his site is being reviewed.

Possible problems with solution 1 and 2:

There are ways of tracking down a web-surfer behind an anonymous proxy server. The following technologies can be used to break the anonymity of a user: Cookies, JavaScript, VBScript, Java, ActiveX and plug-ins. There are methods to increase the security of the user's own IP-number, but either they restrict the functionality (cookies, JavaScript…), are not 100% secure or require substantial knowledge and configuration of network setups (see http://www.freeproxy.ru/en/free_proxy/faq/anti_proxy.htm).

Due to these restrictions, option number three (terminal server) seems to be the most appropriate solution to secure the anonymity of reviewers and simplicity of use. The costs should be in a reasonable range and could possibly be covered by a small grant for running this service.

Possible workflow of the implementation

  • User registers at the ISCB web-site (Name, e-mail, title of proposal)
  • Confirmation mail is sent to the user with a link for activating the account (with or without administrator intervention?)
  • ISCB server sends username and password for the terminal server to the user
  • User puts username and password into her/his grant application
  • Reviewer logs into ISCB terminal server

Validity of account: 6 months (maximum?; automatic deletion after max days?)

3 comments:

kiran battula said...

I would like to recommend for a parallel solution. i.e. a satellite service can be launched by the ISCB, that would not interfere with the general/present activities of ISCB and hence would not displease anyone.

Anonymous said...

A comment to the argument against a terminal server:
Only the server is running a MS operating system. The clients can run Mac OS, Windows, or Linux. There are clients available for free for these OS'es.
On that server you can give the user the choice to start:
Firefox, IE or whatever other browser is running under the OS of the terminal server.
Even better when the funding agency is willing to run this service, but ISCB is willing to help here and top start at least a pilot project.

Marcus Breese said...

There is one disadvantage to the terminal services approach that hasn't been mentioned: lack of cross-platform testing. While I realize that there are terminal services clients for the major operating systems, there is no guarantee that the server-software will operate correctly on the reviewer's platform of choice. This is a crucial factor for many people, and it shouldn't be assumed that any single source solution would necessarily fit the bill.

Since Firefox/Mozilla is cross-platform, I'm specifically thinking of Apple's Safari. However, the same argument could be made if a recommended solution was a multi-user VNC connection to a Linux server.

While there will issues with any approach, I think that it is important to consider these cross-platform issues.

As a final note, I believe that this issue should also be considered separately from the issue of whether or not to even allow URLs. Once the decision to allow or not allow URLs is made, then the issues surrounding the technology to enable that decision will be more clear.