Slashdot Mirror
ZeroKnowledge to Discontinue Anonymity Service
VulgarBoatman writes: "ZeroKnowledge, providers of Freedom.net and Freedom privacy software, have abruptly decided to stop providing anonymous web browsing and private, encrypted, untraceable email for its customers. They give users 7 days before the system is shut down and all untraceable email addresses are disabled. They also say that your "secret" identity may not remain a secret for long." Well, note that that last link is a warning about using the service during the shutdown period, not a warning that they plan to compromise nyms in general. At least they're offering a refund. Update: 10/04 19:00 GMT by M : ZKS has a statement in the comments below.
It's a shame sure, but like the article says- it's all down to people finding other ways to do it themselves rather than rely on somebody else. It would be nice if they gave advice to their existing nyms on how they might be able to maintain their privact though
J-aims
--
Yo, whatever happened to peas? Join T( H)GS
First off, when ZeroKnowledge closes, all of its customers will be forced to find another provider. That will make the other providers 1) more profitable (assuming they aren't taking a loss but making it up in volume, like Amazon); and 2) more effective. As mentioned in the warning to their customers, low volume makes it easier to correlate traffic entering their system with traffic leaving their system. When such a system gets sufficiently large, it will be very difficult to correlate input streams and output streams, because of the sheer number of possible matches.
Secondly, the closing of another anonymity service will make it harder for terrorists to operate on the internet. They will have one less place to hide. And that has a positive effect on law-abiding netizens - because when communications are more traceable and less anonymous, the government will have fewer excuses to pass legislation that gives law enforcement more snooping powers. And that benefits us all.
-sting3r
I am an ex-ZKS employee, and you - are a troll.
.GIF's and JPEG's on the web?
Do you really think you can stop people from developping or using encryption or anonymity? There a rumours Ben Laden uses steganography - should we ban all
Most employeess at ZKS believe in protecting our rights, and in preserving privacy versus what is perceived by many as intrusions of a police state future into what was otherwise a "free" internet. As Phil Zimmerman said:, "if you ban strong crypto only the terrorists and criminals will have access to it."
The liberals in Congress think they're sounding like civil
libertarians with their new, modified stand on Internet
surveillance. They say that the authorities should be allowed
warrantless taps to find out where you surfed, but not what you did
once you got there. The FBI has a right to know that you went to
Amazon, for example, but without a warrant they don't have a right
to know what books you bought. The legal distinction here is from
the old days: a "pen register" would record the number you dialed,
but not the conversation itself, and therefore qualified for a
looser legal standard.
But pundits don't realize that 99 percent of your Web activity can
be reconstructed from the Web's equivalent of "pen register"
information. The search terms you enter into search engines are
attached to the address itself. Do you believe that the FBI will
want this portion of the URL excluded simply because they don't
have probable cause? If and when the NSA is authorized to monitor
the backbone, do you expect that they will chop off the URL at the
question mark, so that this information is kept out of their
keyword-analysis supercomputers? Not likely.
My reading of the provisions of the new Anti-Terrorism Act of 2001
suggests that a single, one-time certification by a federal
law-enforcement official that such information is needed in a
criminal investigation, without any showing of probable cause, is
enough to require a court to issue an order allowing a pen-register
tap on any Internet service provider presented with the order,
throughout the entire U.S. The definition of this "pen-register or
trap and trace device" information has been expanded for the
Internet. It now includes "other dialing, routing, addressing, and
signaling information reasonably likely to identify the source of a
wire or electronic communication (but not including the contents of
such communication)."
For example, some federal official could conceivably serve Google,
or any other search engine, with a court order demanding log
information for all those who searched for particular persons or
particular combinations of search terms. The "query strings"
consisting of the users' search terms are, in all standard HTTP
server logs, included along with the user's domain or IP number.
One hopes that search engines would be inclined to challenge such
an order. But we may never know, because if they decide to
cooperate with the new law, their public relations office won't be
announcing this. The bottom line is that the phrase, "but not
including the contents of such communication," might be useful for
excluding the body of e-mail messages, but is mostly irrelevant for
Web surfing. This poor wording in the new law may mean that search
engines can no longer claim privacy at any level.
If someone wanted to redesign the entire Web for the express
purpose of surveillance, they couldn't do a better job than what we
already have. The profile that could be compiled if one had a list
of all the Web sites you visited, or all the search terms you've
used on Google, would be very revealing. The latter scenario is
more worrisome, because the former scenario, short of a
comprehensive backbone tap, would imply an order served locally at
your own ISP. You'd almost have to be pre-targeted by the
authorities. But a tap on a general search engine would amount to a
global sweep for information. Google currently gets about 110
million searches every day, most of which are from outside the U.S.
It would be tempting for the feds to monitor this traffic.
Because if you want a refund, you gotta give them a return address - even if you paid anonymously up front (with a money order).
Of course, anyone who REALLY wants to remain anonymous will just give up on any refund for unused time... This may be a good way to spot possible illicit activity, after which the FBI may request their records. Seems like a good ploy to me. But then IANAFBISpy.
--Brandon / Split Infinity Music
Closing an anon remailer or anon web proxy is not going to stop terrorism. Neither is putting backdoors into encryption schemes, or making National ID cards that people will be required to carry. They are great deterrents tho.
Before the internet there was terrorism... and unfortunately terrorism will continue.
A step in the right direction would be tighter immigration laws. Better security on flights, and letting the millitary do their job (no more bullshit police actions).
But closing down a remailer or web proxy won't stop anything. It's paranoia. Why can't the terrorists set up their OWN anon remailers or proxies. Hell they could revert to using RFC1149 technology with a Honeycomb Cereal invisible ink pen....
Paranoia does not solve problems...
[Connection closed by foreign host]
There was once a time when anonymous remailers served a purpose on the net, and where the people using them were as or more likely to contribute something to the online community as any others.
Sadly, I think that time has now passed.
On most of the Usenet groups I frequent (which, of course, is merely the tiniest fraction of those available), the people using anonymous remailers seem to be overwhelmingly: A.) Spammers, B.) Jerks who contribute nothing to the group and who cower behind anonymity for the sole purpose of flaming others free of consequences, and C.) People who not not only pirate intellectual property, but who spam newsgroups with it to show everyone how big their virtual Warezzz penis is. For example, a couple of months ago, someone spammed rec.arts.sf.written with hundreds of badly OCRed SF novels and stories, including some by people who are by no means rich.
Frankly, the people with the most urgent need for legitimate use of anonymous remailers (i.e., those in communist or otherwise oppressive countries where there is no freedom of the press) are the ones who either can't get to them anyway, or whose governments have so much of the system tapped that it would be easy to track them down.
While there are still some legitimate uses for anonymous remailers (Scientology whistle-blowers, for example), the jerks and spammers seem to outweigh legitimate uses about 100 to 1. Thus I see no real cause to mourn their passing. I wish that it were otherwise, but we must deal with the world as it is, not as we wish it were.
Lawrence Person (lawrencepersonh@gmailh.com (remove all "h"s to mail)
http://www.lawrenceperson.com/
The general consensus seems to be
GOVERNMENT == BAD
Personal rights to do anything electronically and have it hidden and undecipherable == GOOD
Wake up.
You people are not helping. If you want to hold onto reasonable rights, you have to offer reasonable, effective alternatives that still allow us stop and catch the bad guys.
I choose not to believe the US government is essentially evil. I choose to believe the US government has improved its stance on human rights in general, effectively and steadily over the last 200 years. I choose to believe there are truly evil men out there that would do America harm. I believe the majority of you online rights complainers are spoiled pampered brats that have never had to sacrifice the least little thing in your lives, and don't understand that we have to help find solutions to the problems caused by unintended side-effect our electronic age has brought us.
Letter To Iran
And no, it's not a co-incidence that practically all anonymity-enhancing services have been located outside US of A for years now.
I like paying taxes. With them I buy civilization -- Oliver Wendell Holmes
I think Franklin, Jefferson, et al. would be aghast to think that the government agents could secretly and undetectably evesdrop on the public en mass, without a court order. This simply wasn't possible in their day -- the only way of communicating over distance was via a letter.
Even if all the mail of the day had been carried by the USPS (of which Franklin was the first Postmaster General), it would have been impossible for the gvt. to open and read every letter. Considering that sealing wax was used (in combination with distinctive seals) to close the letters, it was very difficult to open a letter without the intrusion being detected.
One of the biggest grievances the Colonists had with England was the fact that the Redcoats used general searches -- anyone & anyplace could be searched at any time for any reason. Our founding fathers considered this to be unacceptable conduct for a fair and just government. In response to this abuse of power, they established the principles set out in the 4th amendment: that a warrant is required for a search to take place, and that the warrant must explicitly list who and what is to be searched, and what the object of the search is. There's a world of diffence between being monitored because the Gvt. has probable cause (or, to use your own words, justifiable suspicion) and being monitored because you "fit the profile" or just because you happen to use the same ISP as somebody else who's under suspicion for somthing.
The wholesale monitoring of electronic communications is the moral equivilent of opening and reading every postal letter. It is unacceptable, immoral, and unconstituitonal. The government has no Constitutional authority to do so, and is explicitly BARRED from doing so without a warrant by the 4th amendment.
As a practical matter, the gvt. can and will monitor electronic communications, the Constitution be damned. It is a limitation of the technology that it is easy to monitor. However, we have the absolute right to use any and all technological measures available to us in order to guard the privacy of our communications against prying eyes and ears. Furthermore, while the Government may be able to COLLECT information via illicit/illegal means, there MUST be SEVERE restrictions on how that information can be used. Comunications intercepted without a warrant should NEVER be admissible in court, under any circumstances whatsoever. This is fine for anti-terrorism purposes.
A Terrorist (or any other covert operative) requires total secrecy in order to do his job. If his "cover" is blown, his operational effectiveness drops almost to nil. You don't even necessarily need to arrest a suspected terrorist in order to stop him - you just need to let him know that you know who & what he is and that he's being watched. If he's well-trained (as bin Laden's people are), his response will to cut all contact with his handlers in order to minimize the damage to the organization. You don't get the viceral satisfaction of sending his butt to jail, but that is really unimportant next to the fact that you've prevented a tragedy.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
The whole cryptographic anonymity area was likely to take a massive hit in the wake of the WTC attack.
Even if ZeroKnowledge had kept going the increased scrutiny and surveillance would render the scheme pointless. Having a FreedomNet account or connecting to the server would get you put on a watch list the minute the NSA found out - and find out they would.
I suspect that the number of hosting facilities willing to run the service servers declined substantially after the WTC attack.
I would not give the Sealand folk much chance of lasting very much longer. For all the riddiculous libberprattle the platform is now inside UK territorial waters and the UK government does not recognise sealand as a state. Since the sealand employees are mainly from the US that would make them illegal workers subject to arrest when they set foot on the mainland.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/