Many P2P systems try to implement anonymity at the application layer,
instead of at a lower-level network layer. A robust free
infrastructure which can anonymize any Internet traffic would benefit
a wide array of existing protocols and current p2p systems, since the
anonymous connection could seamlessly replace the current
connection.
Our main designs goals, ordered by priority:
- Application independence: The system should provide the
abstraction of an IP tunnel and perform transparently to user applications.
- Anonymity against malicious nodes: It should ensure
that colluding nodes cannot link a participanting host as the sender
(or recipient) of any message.
- Fault-tolerance and availability: The system should resist an
adversary's attempts to overload the system or to block system entry
or exit points. It should minimize the damage any one adversary
can cause by running a few compromised machines.
- Performance:The system should maximize the performance of
tunnel transmission, subject to our anonymity requirements.
- Anonymity against a global eavesdropper: An adversary
observing the entire network should be unable to determine which
system relay initiates a particular message.
Wasn't this system named "Tarzan"?
The name of the system has been changed out of respect for the trademark
rights of the Edgar Rice Burroughs Foundation. The previous title of the
program had no connection with, or endorsement from, the owners of the
"TARZAN" trademark.
| 
