Slashdot Mirror
Mike Shaver Moves to Zero-Knowledge
Mike Shaver, who recently left the Netscape/AOL conglomerate, has apparently landed a job with Montreal-based Zero Knowledge. The press release has more details, but it appears that Zero Knowledge is privacy company which promises the ability to post, browse and all those good things anonyomously. Mike will be their Chief Software Officer, while continuing to work on Mozilla as time permits.
can be found here. The interesting part is this:
The Zero-Knowledge software works using three servers, located at leased sites in scattered locations worldwide. Client software encrypts Internet access requests and information using three layers of public-key encryption software. Each of the three servers only knows part of the information needed to identify a user and the contents of an Internet session. Even Zero-Knowledge itself doesn't know the identity of the owner of particular pseudonyms, so it can't divulge that information if subpoenaed.
Of course implementation is everything, but I'm all in favor of any step towards ubiquitous encryption and pervasive privacy.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
Right below you have Mozilla getting PKI source, and then you have an ex-Mozilla going to Zero Knowledge. Why is this significant? ZK is the maker of the aptly named "Freedom" (from privacy invasion) software, which acts as a very interesting model of secure internet access. White papers are here, and they've truly redefined (or is it defined) a new model for providing inet access privacy. I wonder if Mike Shaver's old ties at Netscape/AOL would help in the distribution of Freedom...
"In individuals, insanity is rare, but in groups, parties, nations, and epochs it is the rule." -Nietzsche
But if you are on Win9x, Freedom is great--fully anonymous surfing, email, telnet, whatever. With the paid version ($50) you can set up five "nyms," which each store their own set of cookies. You can use different nyms for different purposes, accept all the cookies and don't worry about it, no one will have any idea who you are. There is even an option to pay by anonymous money order.
Also:
"empowers Internet users to surf the Web, send email, post to newsgroups and IRC chat in total privacy."
Right now spam, and to a lesser extent, e-mail hoaxes and threats are an ongoing problem. I can see this software as a possible tool for spammers and hoaxers. Once again, does a person have legal recourse in a situation where an anoymous person has spammed them?
--
--
"Insert witty quote here."
Is it really necessary for us to be your information slaves? A quick search of Slashdot (not to mention, reading the post and/or the article it links to) turns up more information than necessary to answer your question. See the following URL:
http://slashdot.org/search.pl?quer y=Mike+Shavers
An Internet privacy product creates a public stir
BY VINCE BEISER
Austin Hill wants to make Web surfers invisible. With the Internet increasingly becoming a place where people's movements and personal information are tracked, logged, bought and sold, Hill's Montreal-based company, Zero-Knowledge Systems Inc., is set to launch a product that will conceal all cyber-wanderings. "Right now, the Net is like a street with a camera on every corner. Everything you do leaves a trace," says Hill, Zero-Knowledge's 26-year-old president. Law enforcement agencies, employers and hackers can easily monitor e-mail and online chat; corporate Web sites gather information on visitors, then resell it to marketing companies. Zero-Knowledge's Freedom software will prevent that by encrypting every communication a user sends.
Scheduled for commercial release late this year, Freedom is already generating a buzz among Silicon Valley venture capitalist and privacy advocates. But it is also unsettling law enforcement officials, who warn that the privacy software will make life easier for virus makers, pedophiles and other online miscreants. FBI chief Louis Freeh recently told the U.S. Senate that the widespread availability of strong encryption products will "devastate our capabilities for fighting crime, preventing acts of terrorism and protecting the national security." Brent Pack, a so-called hacker hunter with the U.S. army's computer crime investigation unit, agrees. "Our job is hard enough," he says, "without adding any additional hurdles."
There already are anonymous Web-surfing services and e-mail encryption programs on the market. Freedom, however, is the first to bundle these functions in a single user-friendly application. Though it is still being tested, "the idea," says Bruce Schneier, one of the industry's leading cryptography experts, "is fundamentally sound."
It works by stripping all data leaving a user's computer of identifying information -- be it e-mail, chat-room gossip or requests for Web pages -- then wrapping it in several layers of 128-bit encryption, currently considered unbreakable. The data is then routed through a series of randomly chosen servers, each of which unwraps one of the encryption envelopes to find where to send the packet next. That means no single server knows both the origin and destination of the packet. (Even Zero-Knowledge won't know which data packets connect to which users, hence, the company name.)
Freedom allows users to create up to five pseudonymous identities, none of which can be traced. This sits nicely with privacy advocates. "The police would have a much easier time if they could enter your house or read your mail any time they wanted," says David Jones, president of Electronic Frontier Canada, a cyber-rights group. "Why should e-mail be any less deserving of protection than a letter sent by Canada Post?"
Hill, too, is a longtime believer in individual freedom -- especially his own. He quit high school at 15 to start a career as a computer security consultant. At 21, with the help of his older brother Hamnett, he co-founded what is now TotalNet Inc., one of Canada's largest Internet service providers. After selling that venture for a hefty profit, the brothers founded Zero-Knowledge in 1997, along with their father, Hammie, a corporate accountant.
Overseeing Freedom's development is star hacker and Toronto native Ian Goldberg, 26. In recent years, he has made headlines by cracking the digital security system used by Netscape's Navigator and another used by many wireless phones, including Canada's Fido Network.
While the demand for Web privacy is widespread and while the technology may be solid, the question remains: will people pay $75 to buy Freedom? Austin Hill is confident they will. The number of employees at Zero-Knowledge's loft-like headquarters on Montreal's now-hip Boulevard St. Laurent is projected to zoom from 50 to 110 in the next few months, and at least 50,000 volunteers have signed up to test Freedom's new release. "We don't expect overnight success," says Hill, "but we expect it quick."
The press release has more details, but it appears that Zero Knowledge is privacy company which promises the ability to post, browse and all those good things anonyomously.
APPARENTLY? There have been tons of stories about these guys ever since they began offering the beta and it should be no suprize at all to anybody that follows security just a little bit.
Check their own site for stories that go back for months, including ZDNET, the Wall Street Journal, CNNin, C|Net, Newsweek, InternetNews, The Village Voice, Wired, Time.com and the list goes on for 2 very long pages.
Yea, the new suit part might be news, but the what it "apparently" does part is old now.
Eve Fairbanks says I drive a hybrid!LOL
Things like ZKS make me wonder about what we are striving for in terms of privacy. There is the "real" world and the digital world -- is one meant to be an analogue of the other? Obviously, we want privacy because we don't want the digital world to be worse than the real world in certain ways. For instance, if we didn't encrypt credit card data during transactions, the digital world would be broken compared to the real when it comes to purchasing. Similarly, I want to be able to secure documents that I send to someone so that they are at least as good as taking certain "security" measures in the real world (registered mail, envelopes that aren't transparent, etc).
There seems to be a distinction between the desire for online security (which seeks to emulate the security we can find in the real world) and the desire for online privacy (which seeks to surpass the real). There is no real-world equivalent to what ZKS proposes. If I walk down the street, people may not recognize me (unless they know me), but I clearly have an identity -- I can be distinguished from someone else on the street by a third-party observer, even though the observer may not be able to identify either of us. ZKS would allow me to walk down the street and appear identical to everyone else -- not just nameless, but faceless.
Obviously, a lack of privacy dehumanizes; but couldn't an overabundance dehumanize as well? I'm interested in where exactly we're going with all this.
Funny that, to get your internet "freedom" using Freedom.net, you have to be using the products and OSes of the software company in the world most opposed to freedom :-)
Gerv
Worst. Name. Ever.
Seriously, what kind of marketing wizard decided to name the company "Zero Knowledge". It sounds like a synonym for "Know Nothing." "Yeah, I know there are a lot of smart companies out there that we could work with, but that's so cliché -- we should team up with them Zero Knowledge guys!"
Cheers,
ZicoKnows@hotmail.com
So, it's a double entendre: crypto in-joke, and also how much info you spread, accidentally, while using Freedom.
I actually came across ZKS several years ago when they first started publicizing the product. IIRC, this was how they addressed these concerns.
Each user has a pseudonym. If that pseudonym causes problems, it can be revoked, forcing the spammer to sign up again to spam again. Not really that much different than what any other ISP does, except that it is harder to prevent them from signing back up again.
Law enforcement issues: A packet can be traced by going to the first server in the chain and getting a subpeona for its logs, which will point to the next server in the chain, eventually pointing back to the sender. This would be problematic since the servers can be in different countries, but still theoretically possible. ZKS did not start up to make life easy for law enforcement, but to protect people from anyone, including law enforcement, who encroach on the their privacy.
There certainly will be abuses of ZKS, but that holds true of any system. The issue is whether or not a person should be allowed to interact with society on an anoymous level. I say yes. Police caught and convicted criminals long before there were DNA tests. They will still be able to do so without a trail of bloody footprints leading to the spammers door. If we give people tools such as ZKS, they can defend themselves from being attacked by spammers in the first place, rather than retaliating after the fact.
Pretty cool, but it *is* annoying that you're limited to a pop client. But, if you don't want to use pop, you can still use public email services, as they won't be able to see your actual ip address, because you're hidden behind the freedom servers.
I am posting this from a public terminal at the RSA2000 Conference, where Ian Goldberg (Zero Knowledge's chief scientist) is scheduled to talk tomorrow.
I've got his session scheduled... I plan to grab some of the "best" questions from this thread on Slashdot and corner Ian afterwards and see what he's got to say. I'll post the results of my quest here tomorrow after the session, if anyone is interested.
---------
Question: How do I leverage the power of the internet?
---------
There is no try at jedinite.com
There's an mp3 from a previous talk at the 1999 Ottawa Linux Symposium here. Very good information!
Remember, we're still a fairly small part of the software industry at large. It's not always easy for Linux geeks and Linux companies to find each other.
Good luck! Maybe I'll see your anonymous face at the next LWE in San Jose. :)
Vovida, OS VoIP
Beer recipe: free! #Source
Cold pints: $2 #Product