Domain: zks.net
Stories and comments across the archive that link to zks.net.
Comments · 7
-
Variations on a theme in encryption"Stego!" the masses scream. While stegonography is a very interesting technology, it can be extremely dangerous. It tends to lull the communicators into a false sense of security.
Too many images floating back and forth, or accidently using an image thats available elsewhere (so the oppressor can do a comparason and determine that stego is being used) and the opposition is likely to use what I believe Bruce Schneier termed "Rubber Hose Cryptography"... That is where they get a rubber hose and beat the key (or the message) out of you.
With stego, deniability becomes the most important aspect, that that a much harder to measure factor.
Hopefully, one day, anonymous communications mechanisms like Zero Knowledge's Freedom system will become common enough that we can all find solace somewhere.
-
Reinventing Onion Routing / PipenetA first readthrough of the documentation tells me that it needs better documentation
:-) No surprise - new projects are often that way, but doing a good architectural description is a critical factor in making a project like this succeed, because people can understand where it needs work and where to help, and because security models need to address a lot of issues to be able to meet their goals.
I had trouble telling what the technical goals of the project were - are they addressing traffic analysis, or only protecting content? They're describing a bunch of complex shuffling, but don't indicate why they chose those methods and what attacks they're trying to protect against. Some of the earlier projects like Pipenet and Onion Routing found that there are theoretical weaknesses if you only send traffic when you have real traffic, or if you do anything that makes it possible for an eavesdropper to tell what the boundaries between messages are, because the eavesdropper can do enough correlation to identify reasonably accurately where the traffic is going. The alternative is to build connections between sites that always have constant traffic levels, using filler traffic when there's no real traffic. This has a major cost/performance impact that affects the willingness of servers to support this kind of application. By contrast, IPSEC gives you all the privacy you need by encrypting, but doesn't try very hard to block the user identification.
Privacy servers like this also depend on having lots of users - if there are only two people using it, it's easy to tell who's communicating with whom. It's nice to do technology, but you also need to work on a social or business model that encourages lots of people to run the client, and if it's got separate servers, to run servers as well. That's one of the cool things about Zero Knowledge - they've got a model that they hope will achieve this, though whether they succeed will depend on whether they implement it well enough for users to accept it and whether they can market it well enough to really take off. Some things are overnight successes - Hotmail, Napster - while others limp along at a low level for a long time, like the current remailer networks, mainly because they're annoying to administer and responding to complaints when they're abused is annoying. I wish the Fling folks good luck - but there's a lot of work they've got ahead of them to make it working and accepted.
-
Re:Drive Business Offshore?
You mean like China does to the outside world?
All those evil, capitalist sites? Sites where
people speak freely about their governments?
Even sites like slashdot?
Or what a country like Iran would do given the
chance -- if a woman had a picture of herself
wearing an andover.net t-shirt and shorts, it'd
be banned.
These firewalls are already pretty regularly
penetrated; cryptography and steganography only
make it easier. Someone could host content
offshore, relayed through any third-party country
like the UK or India, and then redistribute it
through the US. Unless you can get *everyone*
in the world to blackhole route a site, it'll
find a way through, especially if it's valuable
data. During the recent Kosovo war, Serbian
sites were still on the net, after all -- including free radio sites mirrored in Amsterdam
detailing the plight of those trapped in the
crossfire.
After all, one person's "evil vile filithy trash"
is another's message of freedom. Systems like
ZKS Freedom
will only make it harder to censor the net.
If people want to protect privacy, they should
do it themselves, using Freedom, throwaway accounts, or Junkbuster; they should run crying
to the government to do it for them. -
Re:So what?And thus we also need more anonymous remailer type proxies. You could encrypt your information, and then encrypt it again, this time including final destination info and intended for the re-router, and then send it to an anonymous re-router. The re-router would decrypt the stuff you encrypted for it, and then use the destination info to send along your encrypted data to wherever it was destined. This way IP analyses becomes much more difficult. This is especially true if the re-router has a lot of traffic, and intoduces random delays before sending packets back out into the world.
This is exactly what these guys are doing. Read their white paper, interesting stuff.
-
Re:Encryption
-
Ultimate solution
Copyright and patent laws are both obsolete. Combine strong anonymity with an eternity service, and ideas and software can be published permanently, without repercussion. Digital identities based on public keys can be built and maintained without reference to physical persons. With a little more work and digital signatures to stamp official releases, open-source projects could be maintained anonymously. It does make it a little more difficult to put the work on your resume... do you want to get good Jobs, or do you want to change the world?
-
I have three words for you people
Check them out, its good stuff.