Slashdot Mirror
Zero-Knowledge Open-Sources Linux Client
jailbreakist writes "Zero-Knowledge Systems, a Montreal based privacy software company, has released the source code to their Linux client. The software in question provides anonymous web browsing, pseudonymous email, form filling, cookie management and more. You can get the source at opensource.zeroknowledge.com. The source is available under the MPL, and our clientshim and Yarrow (random number generation) implementations are under GPL." A while ago, we had covered Mike Shaver's move to ZK.
If your traffic is routed through at least 2 freedom proxies, then no single entity on the route knows both the source and destination. That's what makes it really interesting IMO.
After having used the freedom network for a number of months, I have to say I like the idea of being anonymous on the net but don't like the price I have to pay in speed. I have a DSL line and I might as well be on a 56k line when I'm running the Freedom client, the response time is so reduced it's painful. This of course make me pick and choose when to run the client, which means I might as well not run it at all cause I frequently forget to start it when I should. Has anyone else had these difficulties?
Several things stick out...
1. PGP, at least the newer versions is susceptable to an attack. Use GnuPG instead. It's
developed outside the US in crypto-friendly Germany, and is pure raw open source implementation of public domain crypto.
2. Don't use Netscape. The Konqueror is a lot less noisy than Navigator; check out http://privacy.net/anonymizer and you'll see what your browser spews out.
3. Java is not your friend. Java downloads take a lot of time and resources, and it may require a second connection to a server, either the one feeding it to you or another site.
4. Turn graphics off. Remember the doubleclick 1x1 graphiccookie?
Hell, I use Lynx for a lot of browsing.
I used to be someone else. Now I'm someone better.
Real life is underrated.
The idea here is not that you trust us. The idea is that you don't have to. The name isn't just self-deprecation: the Freedom system is designed to protect us from knowing things about you, as well as protecting you from having us -- and others -- know things about you. The whitepapers cover this approach[*], and the limitations of it, so I won't bore you with the details here.
[*] though they focus on the 1.0 technology, the issues remain largely the same. The biggest change is in the mail system, where the removal of ``reply blocks'' removes the chain-of-warrants attack from that part of the system.
- Both authors and readers of information stored on this system
may remain anonymous if they wish.
- Freenet does not have any form of centralized control or
administration.
- It will be virtually impossible to forcibly remove a piece of
information from Freenet.
- Information will be distributed throughout the Freenet network
in such a way that it is difficult to determine where information
is being stored.
- Anyone can publish information. They don't need to buy a domain
name or even a permanent Internet connection.
- Availability of information will increase in proportion to the
demand for that information.
- Information will move from parts of the Internet where it is in
low demand to areas where demand is greater.
For more info: http://freenet.sourceforge.net/The freenet FAQ
RFC1925
Good work, guys! You actually did it! Now it will be possible to make Mojo Nation run over Freedom.
:-)
Regards,
Zooko
Right. What if this software becomes standard among kiddy-porn traders? Would the guys at ZK find that funny?
I am so sick of 'what-ifs'.
So what if sickos use the software? The same sickos use the US Postal Service. Would you ban that?
I suppose digital cameras make it easier for the sickos to make kiddie porn - after all, you don't have to get film developed. Would you ban digital cameras? Hell, ban Polaroid for that matter.
Cryptography makes it easier for criminals to communicate with each other. Would you ban cryptography?
Most new technology has a up side and a down side.
I think in most cases the good far outweighs the bad.
--K
And really, do you honestly think the ZKS people never imagined that their software could be used for illegal/immoral purposes?
---
(I'm a Zero-Knowledge employee, but am not speaking for the company except where noted otherwise.)
I don't think the ``their own network'' part of the argument indicates a deep understanding of what's going on here: you can configure Freedom to use AIPs that are not owned or operated by ZKS, quite happily.
As far as the server source goes, I'm behind you 100%: the server source must be released, and it will be. We've said this in public, and I'll say it again here: <speaking officially>all of Freedom -- client and server software alike -- is destined for source release</speaking officially>. It's not going to happen all at once -- there's a fair amount of code involved, and trying to bite it all off at once is a recipe for unbridled pain -- but it's definitely going to happen.
When? Soon. Before you've forgotten that you read me write ``Soon''. =)
One of the primary features of the Freedom system is that it provides IP obscurity: people see your traffic originating at one of the Freedom network ``wormholes'', not from your real IP address. Is that not clear from the whitepapers?
(1) Costs money which experience shows very few will pay for
(2) Very slow due to fundamental network design of bouncing packets multiple times across smaller ISPs - nothing can be done about this
(3) Easy to block at firewall because it always runs at fixed high numbered ports (51101,02,07,09) so forget about relying upon access at work, libraries, schools, etc
(4) Currently only works/supported on Win95/98 - other version promised but none delivered and it will be a long, slow, expensive process to port and support - do you really think that Mac or Linux users will get the same support levels as Win95/98 users?
(5) Doesn't work with AOL (23M users in US), CompuServe 2000 (?M users) and free ISPs like DirecPC - over a quarter of US Internet users denied access.
(6) doesn't work with very popular software including McAfee Personal Firewall, Microsoft FrontPage personal webserver, Netware Client32, MS 98SE' Internet Connection Sharing, etc. Nyms will not work with common software such as MS Outlook, Napster, PCAnywhere, cookies filter utilities, etc. I don't know many web surfers who are not using at least one of these applications, which mean ZeroKnowledge will not work for them.
(7) Does not work with common web sites because it does not support client side cookies with nyms. How many users will tolerate being locked out of NYTimes.com or Yahoo.com?
(8) Is a large software download that is easily blocked from installation, detected running, and removed automatically from managed corporate networks - upto 50M US corporate workers lost.
The best way to avoid all these problems is to avoid download software packages altogether. A web-based privacy solution should work with your existing browser, computer, network, and ISP but provide the same levels of encryption as ZeroKnowledge.
Anonymizer has been the best of the web-based privacy solutions but it (1) costs money $60/yr, (2) doesn't encrypt you personal web traffic so all data is visible except the URL, and (3) doesn't work with most popular rich web sites like sony.com, hotmail, webvan, etrade, etc because they cannot handle DHTML like JavaScript, VBScript, CSS. Instead, it either blocks all DHTML breaking a site's functionality *OR* passes it unprotected which reveals your identity online.
SafeWeb.com is a web-based privacy solution that just launched last Wednesday (See CNET news.com). SafeWeb is the solves all the problems that both ZeroKnowledge and Anonymizer have listed above and enables users to surf the entire web privately (cookie management anonymity) and securely (128bit SSL) from anywhere at anytime for free - no downloads. SafeWeb finally delivers a practical solution to the growing problems of online privacy by solving all these technical problems with an easy to use service for your existing browser. Let us know your feedback at webmaster@safeweb.com and in this forum.
Jon Chun
President
SafeWeb
- Mail
- Web
- SSL
- News
- IRC
- Telnet
I am a ZKS employee. I am not representing them in any offical capacity.Let us take this opportunity to ban all sticks, except for those in the possession of licensed stick-users.
We are also aware of the fact that some people may be using ink to write offensive and/or illegal messages on various surfaces. Rest assured that the FBI is looking into the matter, and will deal with the miscreants accordingly.
I have no
the client builds but the shim doesn't.
any chance that it will soon support 2.4.0-testX?
- brett
If you used a commercial news server, you would have to have purchased an account. If you purchased an account, you (probably) used a credit card. What could using Freedom to access that commercial news server do for you, besides slow down your binaries and make it so your dialup/cable/DSL provider didn't know what exactly that is that's saturating your connection. Enquiring minds want to know!
My thought on this: the first time the press reports that a {pornographer|fraudster|slashdot troll} went to jail becuase police managed to obtain the real identity behind a Freedom nym, with or without ZKS's cooperation, ZKS is out of business. Unless that happens, I figure "they" haven't nailed anyone.
It's not mathematical proof, but it's good enough for me.
Ta. That's exactly the sort of overview I was after. So the key for the cipher changes over time. Doesn't this approach give you known plaintext, tho (you can guestimate what the counter is). Why not encrypt the previous value, or the low order digits of the time?
Johan
I'm really getting tired of Free Software advocates who don't take advantage of it.
The message on the other side of this sig is false.
OK, there's a certain point of humor in that, but since I guess you might mean it seriously:
Zero-Knowledge comes from something called Zero-Knowledge Proofs (or something like that, it was a while since I read that crypto book). What it means is that you can prove your identity to someone else, in a manner such that the other part will not be able to impersonate you when talking to a third party.
I don't remember the details, but it works with probabilities - for each communication with you, you have 50% chance of getting away with a wrong answer. So, if he asks you 30 questions, and you don't know the answers, your chances are one in 2 to the power of 30 (slightly more than one billion) of fooling him that you are someone else. The "zero-knowledge" comes from the fact that the questions are chosen by the other part, so he can't "recycle" your answers - unless he's very lucky (the third party asks exactly the same questions as he did, in the same order). I don't remember my combinatorics classes either, but I believe his chances would be better by guessing what to answer, since the order does not matter then.
"Freedom uses an untraceable transaction system that prevents the association of user identity information revealed during the purchase of a Serial Number
(for both cash and credit card transactions) to be connected in any way with any Nyms that are created."
read their privacy statement
The basic sleazeware produced in a drunken fury by a bunch of UCBerkeley grad students was still the core of BIND. --PV
If you had read the material on Freedom, you'd know that the serial number is used to purchase 'nyms', which cannot be traced back to you (read the white papers on the ZKS site for a description of the nym system.) All that anyone would know is that you'd purchased a Freedom serial number, nothing else. If you don't want even that on your record, I suspect that ZKS would even do a money-order transaction. Keep in mind that if "they" are watching you, then a sniffer on your internet access is going to show that you're running an encryption program, so "they" will already be suspicious.
"If I have seen further than other men, it is by stepping on their glasses." - Michael Swaine
I see a lot of people underestimating what Freedom is. It's not just a remailer. it's not a standalone application (just think, *how* in the world could a standalone application protect your privacy?) Go read: The architecture paper. A version that doens't go into protocol details. Please don't compare this to anonymizer.
As I understand it from the CEO a few months ago, the serial number does not even allow ZK to trace it back to you. They supposedly don't keep track of any of the serial numbers, it's all done on the client side.
Also regarding how it works, it's a kind of "onion" system. Let's say A wants to send a bunch of packets to B. The first thing that A has done upon setting up ZK is to choose up to 3 gateway servers for ZK, call them G1, G2, G3, in that order.
For each packet sent out by A, it will do the following:
- Put header with destination address to B
- Encrypt packet with G3's public key
- Add header with destination address to G3
- Encrypt the whole thing with G2's public key
- Add header with destination address to G2
- Encrypt the whole thing with G1's public key
- Add header with destination address to G1
Then it will send it using the first destination address. At each gateway, one layer will be peeled off using the private key, the destination address read, and the packet will be sent forward.
The cool thing about this is that at any point in the path, if someone intercepts and somehow knows the private key of a gateway, it can only figure out the previous and next hops, not the whole path.
Of course, if B has PGP or anything like that, nothing stops you from also encrypting the packet with B's public key.
The ZK system is an addition to this, providing anonymous transfer, not encryption of data.
It does take a performance hit to do all that, but it's not that bad. I just wish they made it free.
Right. What if this software becomes standard among kiddy-porn traders? Would the guys at ZK find that funny?
Same old story.
These guys are in business, and they do need to make money. If you think there aught to be a zero-cost system to provide these services to the public, go right ahead and set it up.
The importance of a good random number generator is often overlooked. Since symmetric (== fast)session keys are mostly randomly generated (and then encrypted by the asymmetric (==dog slow) user keys) if the the random number generator is weak, this can undermine the whole system's security.
You all recall that netscape's already paltry 40 bit encraption actually only had something like 14 bits of entropy, because so many bits came from the easily guessable clock (or something like that).
Anyway, Yarrow is from the always popular counterpane people. I haven't had a look at it myself yet, so if anyone has given it a gander, a summary would be well appreciated.
ZKS Freedom goes far beyond blocking cookies and encrypting e-mail.
They provide an encrypted, anonymous link from the website you're accessing, through your ISP to your machine.
All your ISP sees is you accessing a Freedom server, and all the website you're accessing sees is a Freedom server.
The whole point of Freedom is that, in theory, it should be impossible to trace back a name to an IP address.
You can't do this by using 'paranoid settings' in your browser.
--K
---
Do you think they realize their name is Zero-Knowledge?
http://siokaos.org/
You can find out more here: .hu t.fi/Opinnot/Tik-110.501/1995/zeroknowledge.html
http://www.tml
I have no idea if any part of Zero Knowledge Inc.'s sytems use zero knowledge proofs or whether they just chose it for its cool name and vague relevancy.
It's just too bad that they're subpeona-able, rather than being based in a country that's not extremely cooperative with the US.
I don't think it matters. They've designed the system so that they *can't* trace anything.
The most they can do is deactivate a nym, but the nym can't be traced back to the person using it.
--K
---
In first issue of Help Net Security newsletter (named Default for some strange reason that bugged us for along time), published on Friday 13 August 1999, one of our editors was Jordan Socran from Zero Knowledge Systems. His first piece was about ZKS and its history, so it is very interesting to read it...
URL:
http://www.net-security.org/ tex t/articles/zks.shtml
I'll also try to find out an old interview I did with them, when Freedom wasn't even created, where he talks about future plans etc. I'll add the URL to this thread...
Cheers
And, if so, what do you think?
Opensourcing an app the relies on their own network/servers- big risk, big deal; its just a publicity stunt.
Anyway, Sneakemail.com has better anti-spam/remailer features anyway, and their optional client has been in the the public domain. I'm sure the other features of zeroknowledge can be found elsewhere too.
Sneakemail is to spam filters what an ounce of prevention is to a pound of cure.
The only reason I kept a windows 98 box around was to run freedom. Looks like I can format that thing now.
Freedom is great. No one can trace your identity. If someone complains, they can trace it back to your nym and shut down the nym, but they can't trace the nym to you. When you buy a serial number, you get 5 nyms, or as I call them, 5 mistakes before you have to buy another serial number. You can do email, using your nym@freedom.net which is totally untraceable to anyone, unless you are stupid and put a signature in it. You can use IRC, ssh, telnet, www, and pretty much anything else that is a simple port to port connection. It's all anonymous, remote machines see a connection from an IP owned by zero knowledge, not from you.
I gladly fork out money for this service. If more people pay for it, ZK can afford to put in more servers and better servers to increase the performance of their network. It can be slow at times, but I only turn it on when I need it.
Need Free Juniper/NetScreen Support? JuniperForum
---
> All your ISP sees is you accessing a
> Freedom server, and all the website
> you're accessing sees is a Freedom
> server.
---
I'm hoping the Zero-Knowledge white papers address these questions: won't ZK be classified as a service provider, thus making them a target for Carnivore to be installed (under court order, of course) on their network? How does installing a Carnivore system on the ZK network affect the privacy ensuring capabilities of the system?
How does ZKS/freedom stack up when traffic analysis rules are applied to it? Does the system become more secure, with a larger user base. Or do you need to have more 'internal' hops before your traffic finally appears at it's destination?
This app is really the cypherpunks dream come true. All the other pay products out there for anonymity are TOYS compared to Freedom in how well they protect your anonymity. The only thing that has a comparable level of anonymity is the mixmaster / cypherpunk remailers with the nym servers. I have used those too. They are much harder to use. They really only do email. You could use mail to web gateways to get web from the remailers but i never have. Wait a minimum of say 30 minutes (a chain of a few remailers) for one web page ? Yeah right.
3 .html
They took a while to release the source code. Some of the cypherpunks were wondering if they had been pressured by their VC backers not to. (one of the founders is one of the original cypherpunks). Im thrilled that they released the client code and expect that they will fulfill thier promise to release the server code - but dont take too long guys. They are also working on a semi-anonymous payment system. I say semi-anonymous because their comments indicate that UNLIKE the Freedom web product, they feel like they need to restrict the financial anonymity somewhat to comply with laws / banks wishes. I cant wait for it anyway.
Alot of you on slashdot have libertarian attitudes. Attitudes that include being against censorship and illegal snooping (like many think includes Carnivore / Echelon). If there is any company that will protect you against people who want to take away your right to anonymous speech that (US) Supreme Court cases have held exists from cases of anonymous political phamplets, it is Zero Knowledge systems.
Having said all this you all should know that it is quite likely that laws will be created to make strong anonymity like Freedom offers illegal. No kidding. The opponents of anonymity have not had much luck in congress yet. But right now there is the "Cyber Crime" treaty nearing signature that would require internet service providers to keep records that would make Freedom illegal. It would force DMCA like provisions on its signers. Who wants this and why will it happen ? Media companies, FBI, NSA and non us equivalents. From cnet.com [Edgar Bronfman Jr., chief executive of Universal Music Group parent Seagram, said last week. "As citizens, we have a right to privacy. We have no such right to anonymity."] http://www.canada.cnet.com/news/0-1005-200-198335
They are afraid it becoming far more difficult to go after Napster users if they need to. The FBI and NSA and thier non US equivalents like thier Carnivore and Echelon. Many believe that dispite thier assertions they do things that should require a warrant, without one. Here are some quotes from wired.com about this treaty proposal:
{..Require websites and Internet providers to collect information about their users, a rule that would potentially restrict anonymous emailers.}
{ "It's a direct assault on legal protections and constitutional protections that have been established by national governments to protect their citizens," says Marc Rotenberg of the Electronic Privacy Information Center. "It's both an end run by police agencies and a bit of policy laundering by the U.S. Department of Justice to get more (surveillance) authority." }
Strong anonymity is the only sure protection to the current level of corporate invasion of privacy. Do you know that for $50 you can get anyones SS# ? For a few hundred you can get all kinds of things like bank statements securities holdings, real estate holdings. I want pervasive strong anonymity so that i control my information and only a series of court orderd warrants can get it.
We won the battle on encryption. But we are likely going to loose this at least with the lawmakers. Why ? BECAUSE in the ENCRYPTION debate BUSINESS was ON OUR SIDE. Now they are almost entirely against us. ZKS is for us. Who else ? You know the power of money. Help fight for anonymity and against the DMCA and DMCA like provisions. Write your representatives and support an organization that is part of The Global Internet Liberty Campaign : http://www.gilc.org/ (includes organizations like the ACLU, EFF, EPIC, CDT)
Support the organizations that make up the Global Internet Liberty Campaign http://www.gilc.org/
I am worried about my freedoms. That's why I throw rocks at cops face, and burn down buildings in Serbia.
I've been looking at Freedom for a long time. In fact, I was a beta tester for all of three minutes, until the beta software somehow managed to complately hose my ability to connect to the Net--I have no idea how it managed to do it, but it was probably because I had some funky firewalls installed at the time. Anyway, what I want to know is this: How can it possibly be anonymous, in a country like the U.S.? Don't you guys get calls from law enforcement agencies all the time, and it it's really anonymous aren't those law enforcement types very, very angry? Why isn't the Web or USENET flooded with copyright violations, harrassments, and child pornography coming from Freedom, if it's really that anonymous? Or has there been a problem with that, and I just haven't heard?
/. Interview topic some time...
I'm very curious. Please let us know. Maybe an interview with ZKS would be a good
"The more corrupt the state, the more numerous the laws."--Tacitus, *The Annals*
IIRC, they're a Canadian company, which, I should hope, puts them outside of Big Brother's jurisdiction...
--K
---
Why would you be surfing anonymously from work? Try this one -- it's hit me.
You're trying to fix a software issue. You find a link to a page that should solve all your problems -- but it's hosted on Geocities [ugh!]. Your company's proxy blocks Geocities. Arrgh!
It's lunch time. You're not going to convince anyone to get you around the proxy. Sure would be nice to be able to circumvent it yourself, no?
(Btw, this occured while assisting a friend at his place of work -- I'd never work for such a non-clued company).
Does this enhance anything that could be done seperately and with more control (pgp/gpg, anonymous remailers, using lynx, etc)?
Respond to s
It's used to give "zero knowledge" to other parties who might be in the transaction who are not authorized.
Respond to s
So you will need a serial number to use the "privacy services". Where's my privacy if you can track me down to a serial number? It's worst than the Pentium 3 serial number, because you only used it at one computer. If I want to use this software at different places then I should move with my serial number. Or purchase another.
Food for thought.
So basically extending the remailer type of thing with a proxy like anonymizer that is better able to handle traffic and which is based on a standalone application? How trustworthy are they? Has there been any actual evidence that they will protect your information from being captured?
Respond to s
Perhaps I am just paranoid, but why do I need to make a device (in /dev) for this to work? Maybe it is just me....usually is :-)
What are your takes on this?
I see a lot of people are a little confused about the implications of this. First, realise that Zero-Knowledge is a *privacy* company. By implication, they do some security stuff as well, but mainly they do privacy. A lot of people make fun of the name, but it comes from the fact their privacy network is designed so that even they can't link the real identity of their users to the pseudonymous identities the software allows them to create. And that sort of explains why they released the linux source. They want to be able prove that there are no NSA backdoors, and that the product actually works the way they say it does.
:)
Don't confuse Freedom with PGP. PGP will keep the contents of your messages a secret, but Freedom will also keep the origin of your communications a secret. In that respect, it's a little like a mixmaster remailer. Except it anonymises the http and telnet protocols as well. And it's much easier to use than the mixmaster remailer.
It's not a perfect system. One of the white papers on their site talks about the security vulnerabilities in the product. Another issue is performance. Performance is always traded for security, and that's the case here as well. I think that over time, things will get faster though.
Some people are complaining because it actually costs money to use. Well, the software itself is free. Anyone can download it. They are actually charging for people to access the network. Last time I checked, that's what every single service provider in the world does. (Except those free ISP companies, but they keep ending up in fuckedcompany.com.)
The tokens are all identical. No traces can be done on the token, and the token can't be linked to the serial number or the nym it is exchanged for.
All of this is explained in the Zero-Knowledge white papers. Zero-Knowledge is commited to providing privacy.