Slashdot Mirror

Yeah, they work for Corel, Alias, Hummingbird, MKS, Cognos, Zero Knowledge, Blackberry, Nothern Telecom ...

if there would be no customers reacting to the offers, then the advertisement would be useless
Spam is cheap - the article gave rates as low as $25/million emails. That means that even a 0.01% response rate (which would kill any other marketing medium) covers the outlay. And rather more than 0.01% of people could be classed as "got into the gene pool when the lifeguard wasn't looking" - believing even the most seemingly obvious scams.

So we should strive to increase the database quality of the advitisers. This can be done by creating a national/global database were everybody enters his preferences/hobbies and other personal data.
No thanks - my personal data is just that, personal. You seem to labour under the delusion that all consumers welcome marketing "information" and just want a way to be able to have the choicest pieces delivered to their door. In reality, the majority of consumers find most advertising a waste of resources and something to be tolerated at best and would not be prepared to disclose personal data just for the dubious privilege of receiving "targetted" junk. Why do you think the Do Not Call list gained 50 million entries? This isn't expressing a preference for marketing, this is a rejection of it completely.

The idea that people should have to submit all their personal details just to have "high quality" marketing is the typical view of the professional marketer who cannot accept the simpler truth that most people would rather do without them completely. If someone wants a product or service, they should make that decision on their own initiative, do research to find the best price/make and then make a purchase. Advertising simply increases the price, promotes presentation over quality of product and, psychologically adds a great deal of stress to most people's lives since it tries to "create" a need by promoting feelings of inadequacy. Feel intimidated on the streets? Get some Nike trainers! Can't pull the opposite sex? This new aftershave/perfume/car will!

self appointed privacy advocates come into play. With their zealot mission to destroy any storage of data of customers or citizens, these people effective block the road to the SPAM solution
Quite a statement given that you haven't yet provided a solution. In any case, privacy advocates are about "freedom of choice" - you do know what that is, right? Most databases are assembled without the knowledge, let alone the consent of those included and most only find out about them when incorrect data causes problems (like with identity theft). There are occasions where data does need to be stored - I want to be able to see my bank account transactions or utility bills for the last month. However, I do not want this information then sold on to all and sundry and this is where legislation is needed. In the US, this approach is currently piecemeal (with over 90 separate pieces of legislation covering areas such as health, biometrics and children - a more detailed comparison between the US and EU can be found in this PDF) while the EU has a single directive.

In Europe their lobbying pressure got even "privacy bills" issued which make any high quality direct marketing

It all started with David Chaum's DigiCash and it was very promising. The patents and the technology however are owned by InfoSpace today and are collecting dust. The Blind Signature patent will become available soon, though, and somebody might pick it up. Then there was CyberCash (with Cybercoin), and they went belly up. Then there was Millicent, they died, too. Amir Herzberg (see here) used to be very active in the space but also gave up. Then there was Stefan Brands' system (see here) which never really saw the light in an implementation. Stefan used to work at DigiCash with Chaum (but they did not really mix) and then moved on to ZeroKnowledge where he left from a couple of years ago. This is just a brief recollection of things, I am sure I missed a lot, but they all failed. And this should tell us something ...

No DMCA either.

I wonder if Zero Knowledge, Inc. might decide that it might be time to re-introduce their personal anonymous web browsing service.

It's difficult to tell what will be the attributes of any method that will exist, but it's not hard to give requirements. I'll use the word "spyee" to mean the person whose data is being stored.

* First of all, it cannot be done without people's permission. Every single piece of info that is stored MUST be there with the spyee's knowledge and consent. If someone wants to store their sexual preference or medical records, etc. etc. let them, but don't reqiure me to tell you my SSN / Credit Card info.

* Second: It MUST be distributed. This is because it can work iff (if and only if) the spyee retains ownership and complete rights to his data. Nobody else can even think for a minute that they own it. Even if they store it. It's paramount that each spyee's info be broken up and different chunks stored on different computers. In this sence, it would work like The Eternity Service (here's even more info) or (my favorite), Freenet.

*Third, Every piece of info must be stored encrypted. Let the user's browser have a session keys. Let the user have a few keys. That way, the user can access his data (with the help of front-end programs) and he can have a stupid form filler, but the company or Skriptkidd1e can't use it.

*This MUST be a subscription service. I believe that it would be far too expensive for advertising to be the source of driving revenue. The storer MUST NOT be able to sell the data, thus depriving him of that form of revenue as well.

*The user can pay the same way as payment worked in ZKS FREEDOM - The user bought an activation number and used it to buy the service - but the end user name _cannot_ be traced to the person who bought it (Hence "zeroknowledge"). It was awesome!

This can be accomplished quite easily, and built in to any UI so that working it requires minimal gray matter. I think that the best way would be to store it on freenet. It takes care of all the above problems, but introduces one of its own: data expiration.
Reply and tell me what you think, this topic is fascinating.

Learning to use the traditional remailer network takes some time and effort. And this time and effort pays off handsomely by providing the user with a highly secure method to communicate privately and anonymously. But many privacy-minded folks (and their ranks are increasing daily!) are looking for an easier and less time-intensive approach. Some are even willing to pay for it. To satisfy this niche there have arrived many new products and services that provide various combinations of anonymous email, newsgroup posting and Web-surfing with varying degrees of anonymity.

I have provided URLs for some of these services below. I have categorized them into two groups: free of charge and fee-based. Noteworthy amongst these is the fee-based Freedom Software by the Montreal-based Zero Knowledge Systems (ZKS). Launched in December 1999, Freedom is a 'privacy system' not unlike the traditional remailer network . It allows users to send email, post to newsgroups, chat and surf the Web in total privacy without having to trust third parties with their personal information. Freedom users create multiple digital identities - "nyms" - with which their online activities are associated. All data packets Freedom users send are encrypted and routed through a global privacy infrastructure called the Freedom Network, which is hosted by participating ISPs and other independent server operators. A 30-day free trial is available.

The package has been criticized <http://cryptome.org/zks-v-tcm.htm> for not being open-source. But that is changing. The source code of the kernel module of the Linux version of Freedom <http://opensource.zeroknowledge.com/> has been released; and the release of the Windows version source code is "coming soon."

Free of Charge
GILC Web-Based Remailer <http://www.gilc.org/speech/anonymous/remailer. html>
Hushmail <http://www.hushmail.com>
Safeweb <http://www.safeweb.com>
Zixmail <http://www.zixmail.com>
Anonymouse <http://anonymouse.is4u.de/>
COTSE <http://www.cotse.com/home.html>
Somebody.net <http://somebody.net/>
ANON.XG.NU's Web-Based Remailer <http://anon.xg.nu/remailer.html>
Chicago <http://xenophon.r0x.net/cgi-bin/mixnews-user.c gi>

Fee-Based
ZKS Freedom <http://www.freedom.net>
SkuzNET's The Internet Mail Network <http://www.theinternet.cc/ http://www.mailanon. com/>
IDcide <http://www.idcide.com>

As a business, we are focusing on the product that customers and partners want. Here's an official Zero-Knowledge Systems statement on the matter:

With the release of Freedom 3.0 and the discontinuation of the Freedom Network (our anonymous browsing and encrypted pseudonym service) there have been a number of questions for more details about the decision to stop offering the Freedom Network services. Hopefully this will help clarify things.

When we released Freedom 1.0 close to 2 years ago we saw a significant percentage of our users subscribe to the premium Freedom Network services. This was anticipated as our early adopters were very privacy and technology aware and had expressed strong interest in the Freedom Network offering.

As we began to increase the distribution of Freedom into the mass market with the release of Freedom 2.0 & 2.2, we saw a disproportionately high percentage of users who subscribed to the standard features (and not Freedom Network services). The initial interest in the premium (FN) services amongst our early adopters simply didn't carry over to the mainstream and as our user numbers grew, we began to realize that the market was looking for the kind of features we are now offering in Freedom 3.0.

As we began our feature triage for Freedom 3.0 (almost 9 months ago) we heard from customers and focus groups of users, as well as channel partners, and reflected on the statistics from our existing user base, and decided that there was not enough mass market demand for the premium services to justify continuing the service.

This was entirely a market related decision. The market demand for consumer Internet security and safety tools has grown considerably in the 4 years our company has been in business. Freedom 3.0 is a strong competitor to security offerings from companies such as Symantec and McAfee and we have gotten very positive market support and a warm reception from channel partners to this new version of our suite of privacy and security tools.

There has been speculation that this decision was somehow related to government pressure or was made in the wake of the tragedies of September 11. This is simply untrue. For the past 3 months we have been beta-testing this version with partners, getting certification from Microsoft for our drivers and completing our Alpha and Beta cycles with our beta users. Support for the Freedom network offering was removed from the client code base well before the recent tragedies of September 11.

Our research team is continuing work in the area of privacy enhanced network protocols, and we are open to any suggestions the research community offers on how we can leverage the work that went into the Freedom Network design and operation to advance this area of computer science. If you have suggestions or interest in this, please contact us at corporate@zeroknowledge.com.

Zero-Knowledge continues to offer our consumer protection utility Freedom 3.0 and we are very excited by the prospects for this product. We also have a division that is addressing the market need of enterprise privacy technologies that stem from managing consumer data that require strong security and policy frameworks to adhere to privacy regulations and customer preference management (Healthcare; Financial and other consumer data that is subject to new security, privacy restrictions relating to legislation like HIPAA, GLB, PIPEDA, EU privacy directive).

Our company continues to evolve and focus our efforts on market needs and customer demands and we remain very confident of our prospects in these markets.

As a business, we are focusing on the product that customers and partners want. Here's an official Zero-Knowledge Systems statement on the matter:

With the release of Freedom 3.0 and the discontinuation of the Freedom Network (our anonymous browsing and encrypted pseudonym service) there have been a number of questions for more details about the decision to stop offering the Freedom Network services. Hopefully this will help clarify things.

When we released Freedom 1.0 close to 2 years ago we saw a significant percentage of our users subscribe to the premium Freedom Network services. This was anticipated as our early adopters were very privacy and technology aware and had expressed strong interest in the Freedom Network offering.

As we began to increase the distribution of Freedom into the mass market with the release of Freedom 2.0 & 2.2, we saw a disproportionately high percentage of users who subscribed to the standard features (and not Freedom Network services). The initial interest in the premium (FN) services amongst our early adopters simply didn't carry over to the mainstream and as our user numbers grew, we began to realize that the market was looking for the kind of features we are now offering in Freedom 3.0.

As we began our feature triage for Freedom 3.0 (almost 9 months ago) we heard from customers and focus groups of users, as well as channel partners, and reflected on the statistics from our existing user base, and decided that there was not enough mass market demand for the premium services to justify continuing the service.

This was entirely a market related decision. The market demand for consumer Internet security and safety tools has grown considerably in the 4 years our company has been in business. Freedom 3.0 is a strong competitor to security offerings from companies such as Symantec and McAfee and we have gotten very positive market support and a warm reception from channel partners to this new version of our suite of privacy and security tools.

There has been speculation that this decision was somehow related to government pressure or was made in the wake of the tragedies of September 11. This is simply untrue. For the past 3 months we have been beta-testing this version with partners, getting certification from Microsoft for our drivers and completing our Alpha and Beta cycles with our beta users. Support for the Freedom network offering was removed from the client code base well before the recent tragedies of September 11.

Our research team is continuing work in the area of privacy enhanced network protocols, and we are open to any suggestions the research community offers on how we can leverage the work that went into the Freedom Network design and operation to advance this area of computer science. If you have suggestions or interest in this, please contact us at corporate@zeroknowledge.com.

Zero-Knowledge continues to offer our consumer protection utility Freedom 3.0 and we are very excited by the prospects for this product. We also have a division that is addressing the market need of enterprise privacy technologies that stem from managing consumer data that require strong security and policy frameworks to adhere to privacy regulations and customer preference management (Healthcare; Financial and other consumer data that is subject to new security, privacy restrictions relating to legislation like HIPAA, GLB, PIPEDA, EU privacy directive).

Our company continues to evolve and focus our efforts on market needs and customer demands and we remain very confident of our prospects in these markets.

As a business, we are focusing on the product that customers and partners want. Here's an official Zero-Knowledge Systems statement on the matter:

With the release of Freedom 3.0 and the discontinuation of the Freedom Network (our anonymous browsing and encrypted pseudonym service) there have been a number of questions for more details about the decision to stop offering the Freedom Network services. Hopefully this will help clarify things.

When we released Freedom 1.0 close to 2 years ago we saw a significant percentage of our users subscribe to the premium Freedom Network services. This was anticipated as our early adopters were very privacy and technology aware and had expressed strong interest in the Freedom Network offering.

As we began to increase the distribution of Freedom into the mass market with the release of Freedom 2.0 & 2.2, we saw a disproportionately high percentage of users who subscribed to the standard features (and not Freedom Network services). The initial interest in the premium (FN) services amongst our early adopters simply didn't carry over to the mainstream and as our user numbers grew, we began to realize that the market was looking for the kind of features we are now offering in Freedom 3.0.

As we began our feature triage for Freedom 3.0 (almost 9 months ago) we heard from customers and focus groups of users, as well as channel partners, and reflected on the statistics from our existing user base, and decided that there was not enough mass market demand for the premium services to justify continuing the service.

This was entirely a market related decision. The market demand for consumer Internet security and safety tools has grown considerably in the 4 years our company has been in business. Freedom 3.0 is a strong competitor to security offerings from companies such as Symantec and McAfee and we have gotten very positive market support and a warm reception from channel partners to this new version of our suite of privacy and security tools.

There has been speculation that this decision was somehow related to government pressure or was made in the wake of the tragedies of September 11. This is simply untrue. For the past 3 months we have been beta-testing this version with partners, getting certification from Microsoft for our drivers and completing our Alpha and Beta cycles with our beta users. Support for the Freedom network offering was removed from the client code base well before the recent tragedies of September 11.

Our research team is continuing work in the area of privacy enhanced network protocols, and we are open to any suggestions the research community offers on how we can leverage the work that went into the Freedom Network design and operation to advance this area of computer science. If you have suggestions or interest in this, please contact us at corporate@zeroknowledge.com.

Zero-Knowledge continues to offer our consumer protection utility Freedom 3.0 and we are very excited by the prospects for this product. We also have a division that is addressing the market need of enterprise privacy technologies that stem from managing consumer data that require strong security and policy frameworks to adhere to privacy regulations and customer preference management (Healthcare; Financial and other consumer data that is subject to new security, privacy restrictions relating to legislation like HIPAA, GLB, PIPEDA, EU privacy directive).

Our company continues to evolve and focus our efforts on market needs and customer demands and we remain very confident of our prospects in these markets.

The open sourced client and routers are here.

Jedidiah

Chase

Well, when I asked about FreeBSD availabity, they pointed me at this site which indicates that the client code has been released under the GPL.

I don't know enough about crypto to say much more on that, but I would assume it isn't illegal to reverse engineer the server from GPL'd code. (But, IANAL either.)

Who knows? Maybe some crypto geek will pick it up.

--William L. Dye
willdye at willdye dot com

Like this story in Wired that talks about Zeroknowledge licensing out Stefan Brands patents in toolkit form and eCash doing the same with the (way, way more important) Chaum's blind signature and other patents. This will give interested parties the opportunity to develop anonymous networks, with limited traceability (another Chaum patent) and with anonymous payment methodologies (utilizing the blind signature patent) or building other applications. And then somebody is talking about yet-another-scam payment system. Yawn! Good night!

Freedom is open source!

I, and a few others, have stated this elsewhere, but i'm going to make this real simple for those with a short attention span.

Go to their open source page, grab the code for the client (dated April 30, 2001) and server (27 October, 2000), and hack away. Form your own Freedom-esque network. Go crazy.

"Even if it "required a little hacking," ZeroKnowledge is closed source."

Or, to rephrase that, it's open source.

In the case of ZeroKnowledge's Freedom, there's no need to duplicate the functionality, they've released the source over yonder.

While the code they've written is no doubt super groovy (and, indeed it is - i've paid for their top level of service), what they're actually selling is the service. They have a network servers scattered around the globe shifting, I suspect, not insignificant amounts of traffic around. Someone has to pay for that...

The previously free version of their software and service was worth having in itself. Their ad-blocking and password/form management stuff is super-neato. The privacy stuff (what you pay for) is even sweeter.

Now, if someone wants to tell me how to get Freedom on a Windoze box to work behind a twice masquaraded connection, i'll be a happy bunny (yes, I could, and should, ask their support people, but it's not that high a priority for me right now. Aren't I a good customer, paying for their service, and then not using it for a couple of months?)

...j

no sweat. We should all use encryption plus a pseudonymous mix-master such as ZeroKnowledge's Freedom. That way both the contents and your location/identity are masked. not only can the NSA not decrypt the mail, but they have no clue whom to subpeona for keys.

Companies like Digicash (today eCash Technologies) or Zeroknowledge are having a hard time these days. eCash was shut down completely in Europe with the stop of the Deutsche Bank support (see here), ZKS let go more than 25% of their employees a couple of weeks ago, not many people are using Hushmail's premium service, etc. etc. yada yada. Everybody wants privacy, nobody wants to pay. It costs money to run a mixing network, it costs money to issue and check coins instead of just doing a LUN check to see if you CreditCard# is valid. SET was also a failure in the US. 3D Secure (see here) is coming up, protecting only the merchant, not the sensitive information of consumers. Why? Nobody wants to pay.

Not only is it unenforceable in the case of spammers ("Hey, look a bogus FROM line. We'll have to prosecute these guys. If only we knew who they were!"), but it makes it illegal for individuals to use software like Freedom 2.0 from Zero Knowledge Systems to protect their identity or send protected email.

Please remember that who you communicate with is just as much a privacy issue as what you say to them. Give up on the first part, and you may as well give up the whole game.

Gee, let's give the government a tool to force open all of our private communications. What a great idea!

These politicians are NOT doing us any favors. They push these bills for their own reasons and then try to rationalize it by painting a veneer of public service over them.

It's a lie and a trap; don't trust them.

Is a subscription to Zeroknowledge, and you wouldn't have to worry about them finding out who you are. People who are stirring up shit should always wear gloves...

Which should we do? Arrest everyone on Napster (I imagine its a misdemeanor), stop them by monitoring their machine via Carnivore, or write new legislation that is cognizant of the new problems brought about by the new technology? I opt for the latter.

I've got a different perspective on the whole matter of Peer-To-Peer copying. I'm all for it. I think that whether it's legal or not, the widespread availability of media has opened my eyes to whole different genres of music and culture, allowed me to experiment at little or no cost with independant music (some of the stuff I listen to would cost rediculous amounts of money imported from Europe), and because of this, encouraged me to spend money - on tangible things, like concerts, stickers, and t-shirts - not infinately reproduceable media. Really good music and games - and movies - I've even been inclined to buy (and buy it in a media that I can listen/watch forever, without endless royalties).

Another observation: I've been around computers for something like 14 years or so - and they've ALWAYS been used as tools to pass copyrighted media around to your friends at no charge. There's been the profiteering scum, yes - but they're quick to catch.

What I see happening is that shutting Napster down will be the worst thing the record industry ever did - because then a bunch of hackers are going to design a better, noncentralized, two way anonymous, global system like FreeNet, make it easy to use, and then you have the ultimate tool for freedom - or piracy, depending on how you look at it. Properly designed, it becomes near impossible to track people down, and could become part of every internet enabled OS out there. (I suspect this is what initiatives like Windows XP are about - I hope that product flops worse than DivX). This is also why people are horny to get protections on hard drives before we start talking about terabytes instead of gigabytes - although, I suspect they're not going to be successful.

Even better is the technology developed by Zero Knowledge. Too bad it's not free, but I like their tech - a lot.

Interesting times ahead. What is the law, anyhow? If the majority of the population decides that something is OK and acceptable, then it's going to be legal at that point in time - Yes, I'm all aware about slavery and WWII Germany - but all that was legal at the time, too. Comparing copying music to killing people is a little extreme, too. The government exists for the people, and by the people (in the USA, anyhow..). Not for the corporations, by the corporations. Profits or no profits, that's not what it's about - sorry.

Information wants to be free, and two-way anonymous transfer & peer-to-peer copying means that it's about to be.

It really bugs some people when they can't locate which door to kick in, doesn't it?

People actually do many other interesting things on-line, and here's some of them:

• Many folks read and contribute opinions to public or semi-public discussion forums, as you and I have done here. Perhaps it is less than in the glory days of usenet, but it's certainly a healthy percentage. Public discussing boards are common at many websites, and they tend to be filled with comments. That's no tiny fraction of users.
• Most users exchange private messages with a limited set of other users. E-mail is used, at least somewhat, by nearly ALL internet users. Many many users, at some point, exchange email with another person whom they would not have met and communicated with in the absence of the internet.
• A good number of people participate in real-time chat or instant messaging. AOL and MS wouldn't have a big IM war if there weren't an aweful lot of "eyeballs" at stake.
• A significant number of people exchange files with one-another. Napster's claimed 40e6 userbase, and actual 500k to 1e6 active-at-any-given-time numbers are very significant. Copyright issues aside, digital data copying creates an exchange of commodities based on abundance instead of scarcity. I personally find this environment of abundance very intriguing.
• A smaller, but meaningful number of users publish their ideas or creative efforts. Personal websites are often lacking content, but there are a good many that are among the most informative sites on the web, at least for their particular topic. Even though this number is small, the benefit is quite substantial, and when you consider the number of readers, the total number of users involved grows quickly.
• A good number of programmers write Free or Open-Source software, which would otherwise not come about with the net. While the number of programmers is small compared to the entire group of users, the combined group of programmers and users of their wares (the full set involved in the communication) is rather large.

It is a topic of much debate if anonymous access is a benefit. For people who can't see much value in the internet beyond on-line shopping, anonymous access must seem like a worthless persuit. In all of these examples listed above, anonymous access can add intriguing possibilities. Some possibilities are for abuse (spam email comes easily to mind), some allow users to exchange copyrighted or contraband material, and others allow people to express themselves and share ideas that they would have been afraid to share otherwise.

The in the subject line, anon.penet.fi was an anonymous remailer. (this paragraph is for the benefit of anyone who wasn't using the net back then.... back with on-line shopping more or less didn't exist) You sent an email, and it would resend it to someone else or to a newsgroup, without any identifying info about you. When someone replied, it would receive the reply and send it to you, in a similarily anonymous way. It was used heavily in the old days of the usenet (before being overrun with spam). It was commononly used by people in various alt.sex... groups, who obviously wanted to talk about their (often kinky) sex interests, without fear of neighbors and workmates learning their identity. There were many other legit uses, sexual abuse recovery discussions come to mind, though open sex related conversations seemed to be one of the largest legit uses. Unfortunately there were many abuses, such as posting hate speach, death threats, etc. I remember when it was shut down, but I've since forgotten the details. Perhaps someone else will post them. For a long time, it was believed that anon.penet.fi would never compromise. The guy running it (wasn't it something like "Julf") claimed he'd delete everything if a court order ever was served. Unfortunately, the court order did happen and enough pressure was applied that the authorities made him comply and they obtained all the data. Many people who had depended on the anonyminity were scared that they would be exposed. The whole anon.penet.fi case certainly is a lesson that in the long run, a central server won't work.

For better or worse, I'm quite interested in the technical aspects of how such an anonymous protocol could be designed. I was unaware of these other projects, fling and the work at zer0knowledge. Had it not been for this slashdot discussion, I probably would not have learned of their existance. Now I have some interesting reading to go do.... but I'll say just one more time: anyone who thinks the most intriguing aspect of the internet is on-line shopping really needs to open their eyes. I know it's less than 99%, and I hope it's a lot less.

It's just not a "promise" to keep the logging off... The freedom network is set up in such a way that even if the logging was on, Zero Knowledge would not be able to link Nyms to real IDs.

The Freedom linux client is out as well as the source (there was an announcement on /. about it).

So again: You choose the route. ZK promises, the logging is completely turned off on any of the machines. The machines are modified RedHat distributions with their software running. It _HAS_ to be a standalone machine. So it's at least nice.

It also masks your email address and indent identity (the email anonymizing is working even nicer than anon.penet.fi -> it's completely transparent to you)

As to technical use of Freedom.net, it is now only available for Windows, which makes me sad, because I don't use Windows. It attaches itself to the IP layer, so no other application-specific changes have to be made. Even sending/receiving e-mails is done on the POP3/IMAP/SMTP layer, not in the user's email agent.

They were promising the Linux version from the beginning, but I can't see it, which makes me sad. This announcement makes me happy, because I hope more people will develop software based on this (very wonderful) standard.

It provides untraceable web surfing, and encrypted, untraceable, pseudonymous email. The government will not be able to decrypt the emails, let alone determine where they come from. Freedom employs 1024-bit encryption to protect route information, and to encrypt outbound and returning emails.

It also provides a Firewall, Cookie Manager, Ad Manager and spam blocker.

This is not an idea. This is a reality.

(I am a Zero-Knowledge employee. I do not represent them in any offical capacity.)

Considering how Yahoo has caved in in the past in areas like subpoenas for the identities of stock chat board posters, I wouldn't trust them with anything that I really really didn't want other parties to be able to read. At the moment, my preference would be for ZeroKnowledge Freedom. It's designed not only to encrypt, but routes traffic thru multiple servers and doesn't retain records, making tracing extremely difficult (I suspect that if you're under surveillance by the NSA and the incentive was high enough, they'd find a way, but not many people would warant that level of effort).

For those of you who are seriously concerned about these issues, there are plenty of options for anonymizing proxy servers, such as Anonymizer.com and Zero Knowledge's Freedom Network.

As for the government, (Warning, US-centric stuff ahead), remember, we live in a democracy. I've sent letters (not email, the actual dead tree kind) to all my elected representatives, telling them where I stand on privacy issues like this one. If your congressmen, et. al., don't hear from you, they're going to have nothing to go on except those who advocate Big Brother tactics. Let your voice be heard too!

The author of the article is right, you can't overdo the paranoia.

To protect against unauthorized snooping, you can use Freedom from Zero-Knowledge Systems. It offers 4096 bit encryption of web browsing, pseudonymous email, cooie management, ad blocing and more.

So basically extending the remailer type of thing with a proxy like anonymizer that is better able to handle traffic and which is based on a standalone application? How trustworthy are they? Has there been any actual evidence that they will protect your information from being captured?

These are the guys who figured out a way to get a P!!! to send out its serial number even if that capability was supposedly shut off in the BIOS, something Intel insisted could never happen. (/. covered it in this article about a year and a half ago.) I would characterize that as a white-hat activitity (though INTC was able to convince a few anti-virus companies otherwise).

Having someone fire or sue you isn't the only danger. If you post using your own name on Usenet (or even here on SlashDot), there's always the danger that someone like a divorcing spouse or an employer is going to check out what you've been saying, and may use it against you. I personally know of one poster on Usenet who had to pledge to his new employer that he wouldn't post to Usenet any more. The employer had looked at his previous writings and was sufficiently perturbed to extract this promise. Personally, I use ZeroKnowledge Freedom for all of my postings here and elsewhere. You can also consider using Anonymizer, but I think the protection is less robust there if someone is really determined to find you.

1. "Customer" browses various, seemlingly unconnected web sites, all of which have innocent looking .gifs that track every page they look through harmless cookies.
2. The customer buys something at one of these sites, authorizing their credit card for use in future purchases. Don't worry, the customer is told this in the jargonfied fine print.
3. ZKS kicks in: according to the web pages that the new ZKS customer has visited recently, they are "sold" things that ZKS decides they need. Been visiting sites that review video cards? ZKS saves you the trouble of finding a site to sell you one!

~=Keelor

The software in question routes all HTTP requests along an anonymous route of Freedom servers. Only the last and next hops are known to any server in the route; the destination node doesn't know where the request came from, and the intermediate nodes don't know the destination or the source!

In addition to this, private email is included.

Zero Knowledge has a commercial product called Freedom that provides several different anonymized internet services.

Yet Another Libertarian Theory That Ignores Simple Reality

Privacilla's primary argument and probably its whole raison d'etre is to argue that privacy is not really a concern when personal information is placed in the hands of businesses, and that only government infringments are dangerous to the public.

This ignores simple reality - I use a simple system of pseudonyms to judge which of my online transactions are leaked for cash, and in all cases so far, a business has been the culprit. Especially major businesses like CNN.com and bn.com, although it sometimes is difficult to decide whether the leak was intentional or an inadvertant loss to some cracker. According to Privacilla, these are the merchants who supposedly will be checked by market forces.

The problem with this fine theory is that the majority of users put no forethought into tagging their transactions and thus they have no means of pegging loss of privacy on any culprit. After all, my name, address, and telephone number are always the same, irrespective of who leaks them.

I simply don't trust market forces or any other "invisible hand" to keep my data private. So far no such thing has worked for me or the majority of people online. Otherwise, why would it be an issue? For a real solution to this problem (albeit an expensive one) consider Zero Knowledge, which offers pseudonyms and dual-anonymizing proxies while on the web.


-konstant
Yes! We are all individuals! I'm not!

Here's what I will use when I grow up, get a job, my own address and own computer and internet account.
I am getting so paranoid and worried seeing all the basic freedoms slip away that first of all, in the real world, I will try to give as little information about me as possible. I already do this on the net.
And for my internet use, I will use Freedom from zero Knowledge. It can make your online activity totally private. So you write your program and unleash it on the unsuspecting netizens totally anonymous.
And if you're worried about compilers putting strings in the executable, why not use some free compilers like DJGPP or Cygnus? You can always find a free compiler with sources so you know exactely what it does, or just distribute the source code.

Zero-Knowledge Systems, the company that developed freed0m, has a fantastic work enviroment -- it is an open loft, huge desks, computers, toys, food -- apparently, it is quite good at encouraging good work =) (You can see more pictures and details here.)

However, I believe that I have a pretty good job myself -- I'm an admin on GameSpy Arcade, and I work from my house! =)

--
CitizenC

Zero-Knowledge Systems, the company that developed freed0m, has a fantastic work enviroment -- it is an open loft, huge desks, computers, toys, food -- apparently, it is quite good at encouraging good work =) (You can see more pictures and details here.)

However, I believe that I have a pretty good job myself -- I'm an admin on GameSpy Arcade, and I work from my house! =)

--
CitizenC

Actually spoofed packets are useful in not-so-evil manners.

Well, tough. I'm afraid current internet practices of simply disallowing fake source packets will quickly render your protocols unusable.

Note that there are already other ways to send stuff anonymously, for example using onion routers. The freedom program by zeroknowledge uses this technology, for example.

With that kind of grouping of Linux Power, there's an awful lot of Linux interest in this town - hence, a great deal of interest in running a Symposium (Thanks AH!)... if you want a symposium in your neighborhood, start one up! Can't guarantee that Alan Cox will make it (I got to sit next to him and Telsa during Miguel's keynote speech... I think I absorbed some kernel-kung-fu via osmosis)... but you never know what might come of your attempt. Maybe a few attendees will create the next great OpenSource project...

Not necessarily. There is no reason why a pseudo-anonymous nym user (using zks's freedom for example) can't also rise up the ranks in terms of trust/quality/consistancy etc.

This is just another example of politicians commanding the tides to recede. Anonymizer/encryption services like ZeroKnowledge Systems Freedom make any attempts to bar access to certain sites futile. The hosting servers for the gambling sites are generally outside U.S. jurisdiction. Even if the U.S. were to pressure the hosting countries to block U.S. users, anonymous proxies operating outside the U.S. (Freedom is a specialized example of one of these) would make it impossible to know where their user is coming from. I suppose this sort of legislation is harmless, but it would be better if the authors of these bills devoted their time to real problems.

I, in addition to many others, am really curious as to how they're going to come up with some reasonable standard of damages. Indeed, figures from recent email viruses and DDoS attacks seem to be grossly inflated, such that this could be another bad move on the part of Lloyd's. In fact, this could be a example of one of their 'members', which is what partners are called, trying to forge a new e-business.

However high my regard for Bruce Schneier is, and it is considerable, isn't this the type of thing that would require a major-league hardware/network security partner? @Stake seems like a much better candidate to provide this kind of service. Or Zero Knowledge.

But with the social engineering factor beyond their control, and the cost-assessment of damages impossibly arbitrary, I question the wiseness of this move on the side of both parts. I can't see the win-win here, only the lose-lose.

Still, I can't wait until the first claim is settled. Then we'll know just how badly the f*ckers were lying about damages before.
--

A note about the freedom server from the ZKS FAQ:

When do you plan to port the Freedom Server software to Windows NT, OpenBSD, FreeBSD or other operating systems?

All efforts are currently being spent towards the development of the server software for Linux. Once this has been completed, we will begin developing versions for other operating systems.

"Hey, hey! Ho, ho! 100110!" - Robot rebels in Futurama

I was largely skeptical of the Sealand datahaven until I read that Ryan Lackey was the CTO.

This fella is one of the Financial Cryptography folks in Anguilla, along with Vince Cate. Some of the folks who sponsor the FC symposia include Zero Knowledge, E-Gold, and Hushmail.

I don't know about you guys, but when one of that trust-web is involved in something to do with liberty/cypherpunk/finance, I lend it more credence.