Slashdot Mirror

pixie writes: "A new press release from Zero Knowledge announces a new service that offers protection against invasive tracking and other security threats called WebSecure. The basic difference between this service and the Freedom Network is, that instead of bouncing the request to a number of different servers to obfuscate the original request, WebSecure makes a single pass through servers at Zero-Knowledge." This Internet Explorer-only, not-really-private-at-all service is a big step down from the services they used to provide.

VulgarBoatman writes: "ZeroKnowledge, providers of Freedom.net and Freedom privacy software, have abruptly decided to stop providing anonymous web browsing and private, encrypted, untraceable email for its customers. They give users 7 days before the system is shut down and all untraceable email addresses are disabled. They also say that your "secret" identity may not remain a secret for long." Well, note that that last link is a warning about using the service during the shutdown period, not a warning that they plan to compromise nyms in general. At least they're offering a refund. Update: 10/04 19:00 GMT by M : ZKS has a statement in the comments below.

AtlCyberCzar writes: "Zero Knowledge to Stop Supporting Linux... Zero Knowledge Systems, the Canadian-based software maker of security and privacy software "Freedom", has announced today that it will no longer support Linux. Their reasons? "Due to strong customer preference for the Windows platform, there will be no further releases of Freedom for Linux." As if that's not bad enough: "During this period, you are encouraged to migrate to a supported platform..." Only problem: Only supported platform now is Windows. Gee, here I thought most Linux users migrated from Windows. I haven't met one yet that actually migrated to it. Email Freedom Support and let them know that there are also preferences for other operating systems, too!" It's a shame. This means I'll never end up using their software, and I would gladly pay for their service, if they would serve me.

My brief experience with Freedom's software - I attempted to run their first version, on Windows. It didn't work on my machine, and totally killed networking when I uninstalled it.

Fine, I said. I'll wait, because the concept here is great, and obviously what they're doing is pretty technically challenging.

So when version 2 came out I tried again, this time on my Debian GNU/Linux system. (I had defenestrated myself in the meantime.) They only offered support and downloads for Red Hat systems. However, if I compiled from source, including a "kernel shim" and some modules and a half-dozen other knick-knacks inserted into the system at various places, it should theoretically work, they said. (Zero Knowledge described the process as "non-trivial", hah-hah.) I tried. I think I almost got it working. I asked for help. Couldn't get any. I gave up.

Oh, and while I'm at it, they never made it easy for broadband users to use their system either - it was (I'm not entirely sure this is still true, so I'm hedging a bit) geared entirely toward dial-up users. Hmmm, they have a product which is attractive to technically-inclined people, and they're limiting it to inferior operating systems and slow internet connections. What is wrong with this picture?

So, that's my story of attempting to use Freedom. The Zero Knowledge people badgered Slashdot for a while, asking if we would do a review of their software. See above for why we never did. Frankly, I'm not at all surprised that the population of Red Hat Linux users is much smaller than the number of Windows users using their service. Linux users probably would have been a bigger chunk if they had ever reached out to people not using Red Hat. I suppose it's a pretty good thing that I didn't end up actually using their system, because they would be cutting me off with this decision - I'm obviously not going to "upgrade" to Windows.

Cryptobox has been in the news recently. They're another project trying to do roughly what Zero Knowledge is trying. Secure, anonymous communications over the internet is obviously a nice target, but just as obviously a very hard one to hit. I'm still waiting. I'm willing to pay. Here's my optimum criteria:

• Easy installation packages for both client and server (apt-get install foo)
• Must not fsck up the the machine upon installation or removal
• Both client and server source available
• Reasonably low service fee, if there's a fee (ideally, the server cloud would be provided by volunteers, I'd be happy to be one)
• Best possible anonymity and security

These are in rough order of priority. A system which offers a significant improvement in anonymity but perhaps has various attacks which could be made against it, BUT is easy to install and meets all the other criteria, is far far better than a system which is theoretically invulnerable but impossible to install, or worse, not deployed at all. Everyone building these types of systems keeps attempting to get it perfect on the first try, and as a result, there is nothing.

Eloquence writes: "NymIP is a new project that aims to set a standard for Internet anonymity at the IP level. It was started by Zero Knowledge Systems, but is now led by Harvard's Scott Bradner, an IETF member. Some of the biggest players in the field participate in the project, which will be introduced at the 49th IETF Meeting that starts today." Comments especially sought from anyone who attends that meeting.

jailbreakist writes "Zero-Knowledge Systems, a Montreal based privacy software company, has released the source code to their Linux client. The software in question provides anonymous web browsing, pseudonymous email, form filling, cookie management and more. You can get the source at opensource.zeroknowledge.com. The source is available under the MPL, and our clientshim and Yarrow (random number generation) implementations are under GPL." A while ago, we had covered Mike Shaver's move to ZK.

MEconomy asks: "I'm the CTO of a commercial entity developing a technology that we plan to 100% open source. I'm looking for other options, opinions, and bulletproof arguments to take to Open Source-leery business types to convince them to release earlier (my preference) rather than later." While releasing the source early is a good thing, it can be released too early. I would never release the code to a project that wasn't in a runnable state, and would honestly consider holding off source releases until the project was at least in the "beta" stage. What do you think?

"I am very curious what peoples' thoughts are on the tradeoffs (business risks, community reputation, etc...) between:

1. immediate release of the source code at product launch,
2. waiting until the technology has acquired a large enough user base to insure a competitor won't just 'take the code and run',
3. commit to full source code release and release piecemeal (ala ZeroKnowledge),
4. a short-term (~1yr) closed-release to mutually trusted third parties (e.g. EFF),
5. placing the code in a provable timed-release escrow."

   [Update by nik]: Accepted practice seems to be to wait until about a year after you're bought by Sun. . .

Mike Shaver, who recently left the Netscape/AOL conglomerate, has apparently landed a job with Montreal-based Zero Knowledge. The press release has more details, but it appears that Zero Knowledge is privacy company which promises the ability to post, browse and all those good things anonyomously. Mike will be their Chief Software Officer, while continuing to work on Mozilla as time permits.

Peter Hernberg writes "We, it looks like someone has found another exploit to get your PIII ID. The new story is here.. " Cyrix and AMD are looking shinier each day.

Peter Hernberg writes "We, it looks like someone has found another exploit to get your PIII ID. The new story is here.. " Cyrix and AMD are looking shinier each day.