Slashdot Mirror
ZeroKnowledge to Discontinue Anonymity Service
VulgarBoatman writes: "ZeroKnowledge, providers of Freedom.net and Freedom privacy software, have abruptly decided to stop providing anonymous web browsing and private, encrypted, untraceable email for its customers. They give users 7 days before the system is shut down and all untraceable email addresses are disabled. They also say that your "secret" identity may not remain a secret for long." Well, note that that last link is a warning about using the service during the shutdown period, not a warning that they plan to compromise nyms in general. At least they're offering a refund. Update: 10/04 19:00 GMT by M : ZKS has a statement in the comments below.
.. but doesn't it seem a little strange that this comes in the wake of september 11th? Who's pressuring them to discontinue annonymity?
I'm curious as to whether the motivation is financial or some other reason... Maybe in the wake of all this terrorist bru-ha-ha about encryption and anonymity, someone (or more likely, some government entity) approached them and they, ahem, decided to stop.
I truly hope that's not the reason...
My money says it's all because of the September 11 attacks. From being a "cool" thing, companies offering anonymity services seem to be less cool in the eyes of the unwashed masses.
Trolling is a art,
Yesterday, I received the following message in response to questions about upcoming changes in services and offshore servers (emphasis mine):
:(
Date: Wed, 3 Oct 2001 09:56:46 -0400 (EDT)
From: InfoReplies@zeroknowledge.com
To: @freedom.net
Subject: Ref: "New anonymous browsing service"
Hello,
Thank you for your interest in Freedom. Currently, we are unable to release specific details about our upcoming privacy services; I wish I could provide you with more information.
As for the servers, the upgrades should be completed shortly, and more servers should appear on the network. We apologize for the inconvenience.
Regards,
Freedom Support Team
Have a question? Looking for answers? Visit our Knowledge Center for up-to-date solutions to common problems.
http://www.freedom.net/support/knowledge.html
Another proud carrier of the $rtbl flag
It seems to me the government should offer a free anonymizer service, with the proviso that detection of verifiable illegal activities transacted through same would lead to the immediate disclosure of the sender's identity (or at least location) to the appropriate legal agency. Private anonymizer services should not be allowed (at least within US borders).
This would then be a way for whistle blowers and others not engaged in illegal activities to easily, and with better legal shielding, submit their disclosures or air their personal political views. Mailing death threats, circulating child pornography, arranging for killings, or setting up drug drops shouldn't have any kind of guarantee of hiding the sender's identity.
I can already hear the big sucking sound from civil libertarians -- "HOW CAN YOU POSSIBLY TRUST THE GOVERNMENT WITH THIS?"
It would seem trusting private individuals with this isn't much better (and the government gets what they want eventually anyway). Perhaps using a private anonymizing service shouldn't imply that someone has something to hide, but in the minds of many, it does.
Being intractable on this issue will hurt the IT community more in the long run, because it closely associates it with the ability to conduct illicit and untraceable activities. I am more worried about being being prevented from using cryptography, or being forced to register the keys with a government agencies. Here is where the battle should be fought, because it will lead to the real government oversight of the flow of sensitive information.
Yes this probably comes as result of 9-11-2001. Stop burying your heads in the sand and telling yourselves the world isn't any different now.
Letter To Iran
The open sourced client and routers are here.
Another proud carrier of the $rtbl flag
Freedom nym mailboxes will not accept any incoming mail as of October 11th, 2001.
I would say that this makes their reason pretty clear. I don't know whether there was outside pressure or not, but judging by the date, I'd guess not. That's exactly one month.
I think we've pushed this "anyone can grow up to be president" thing too far.
If by "operation" you mean "runs slow as molasses and only on Internet Exploder" then yeah, I guess it's in operation.
Hush 2.0 is total crap. It no longer runs under any browser I've tried under Linux (even with the SUN JDK plugin), and it -barely- runs with IE under windows--and very slowly, at that. The new login procedure is heavily laden with Javascript (why?!) that only seems to work properly on IE.
I no longer recommend Hushmail to anyone. It's pretty much unusable, even under Windows.
The technical problem is that their service uses Javascript, and doesn't work if you're not running Javascript. That means that any time you're using the system, you're vulnerable to any other JS problems on any other web page your browser encounters, until you turn JS back off. IIRC, Safeweb does attempt to clean up JS and other dangerous stuff from pages it displays to you, but it's still a risk. Also, I'm not that impressed with their Javascript, though I'm not an expert on the stuff - my problem was that under Mozilla ~0.91, they pop up windows to do the secure browsing in, and they're not really quite the shape of my screen, though that could have been Mozilla's fault. I sent email to the Safeweb folks about the fundamental "You're using Javascript" problem, and got a really prompt reply from their technical management, which was good, but they fundamentally didn't get it, which bothered me.
The other problem is trust - in general, you always need to be concerned about whether a service like this is trustable, both because of the intent of the people running it (are they ratting you out to somebody) and the security of their systems (if their server is 0wned by CrackerZ, you're not secure.) As I mentioned, Triangle Boy is really cool - it's a sort of distributed set of volunteer-run anonymizing servers, which keep moving around to prevent blocking services from blocking them, and Safeweb announced that they were going to be using this to provide censorship-free web access for people in China, the Middle East, and other places with censorship problems. The catch - they've got funding from In-Q-Tel, the CIA venture fund. It's probably entirely legit, and certainly good enough for most purposes - but how paranoid you need to be depends on who's really out to get you. ZeroKnowledge was very upfront about what their trustability levels were (plus I knew the folks there, and they were well-connected to the cypherpunks community.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I think I left ZKS several months back (on good terms, etc., etc.).
I think that Hamnett's message says it all (they couldn't afford to keep operating the network, because of that traditional operating-cost-vs.-revenue balance).
I think that gov't pressure -- should any have actually existed; I don't recall much such pressure from when I was there -- had nothing to do the decision.
I think they picked a very hard market nut to crack, and chose a very high bar for the level of security and privacy they were going to provide.
I think the market didn't share their (our) enthusiasm for that level of service, perhaps unfortunately.
I think a lot of people have talked here and elsewhere about how the Freedom network could have been done better, from technology or marketing or whatever perspectives...
...but I think nobody has done a better job so far of that type of network service.
I think they've learned a _lot_ about protecting privacy and helping other people and organizations protect privacy.
I think there's a market for that knowledge, and good applications of it.
I think they're going to be OK.
I think you shouldn't really care what I think.
(I think Craig's still a dork.)
according to a Washington Post article
"In Hollywood, Fla., the FBI last weekend quizzed Paul Dragomir, manager at the Longshore Motel, about a visit in late August from two men he believes were hijackers Atta and Ziad Samir Jarrah, who demanded 24-hour Internet access.
Loaded down with baggage and laptops, the men signed in at the small pink beachfront motel using apparent aliases. They claimed to be computer engineers from Iran, Dragomir said, and said they were down from Canada to find jobs.
They booted up a laptop, showing Dragomir that they had NetZero Internet accounts. For the next few hours, Dragomir unsuccessfully tried to accommodate the men."
Makes one wonder just what or who 'motivated' NetZero to pull the plug on this product.
As a victim of identity theft I can assure you the threat of other people reading your email is no illusion. So far they've managed to charge over $10,000 to our credit cards in three months, and I suspect the sum is that low only because they maxed them out. We know our email is compromised because we got an email confirmation for one of the bogus orders.
Those of you who guard your email address to ward off spam are doing the right thing for the wrong reason, and I pray you never learn what can happen when you truely lose your privacy. If my wife knew I posted here she'd kill me, she's become so paranoid over this.
If all this should have a reason, we would be the last to know.
My last visit to http://www.havenco.com (today) reveals nothing new -- except that they're now hosting a remailer.
The assertion that the UK doesn't recognize Sealand as a state is unfounded. The UK has, de facto, done so by refusing to intervene during the period when Sealand held a German national prisoner after an attempted takeover of the platform. The German government was obliged to negotiate directly with Sealand when the UK informed them that Sealand was (then) in international waters and hence beyond their jurisdiction.
That the UK does not currently recognize Sealand is irrelevant under international law. That Sealand is now inside UK territorial waters is likewise irrelevant under international law. Failure of one state to recognize another (such as the US refusing to recognize mainland China before Nixon) is an obvious example of the former principle.
Once a state exercises sovereign power (such as by taking a prisoner and negotiating for release with another sovereign power as above) a claim for recognition under international law has been made. That the UK subseqently extended territorial waters to include Sealand is not a claim on Sealand as a territory, just as a US claim to extend territorial waters to include Cuba does not make Cuba a US territory.
These are well-established legal precepts. I find it curious that the UK says it exercises jurisdicion over Sealand, but makes no effort to shut them down or even attempt to confiscate the small cache of firearms held (in violation of UK law)on the platform.
I submit that the UK legal system realizes they have a very weak claim on Sealand and does not wish to engage in a legal battle they can easily lose (with attendant international embarassment.) For now and the foreseeable future, they will continue to tolerate Sealand and the operations of Havenco. If Havenco or Sealand ever posed a credible threat to the UK, the issue would be settled in an instant with whatever force might be necessary. The operation of a data haven, remailers or even a FN-like system on Havenco does not meet this criterion.
As to the NSA watching those who obtain Freedom accounts -- who cares? Given an agency with those kinds of resources, does anyone seriously suppose that Freedom or any other service could be truly anonymous? If "they" want you badly enough, "they" will find you. If you don't generate that sort of attention, no one will care. Using Freedom for illegal purposes is beyond stupid, since traffic analysis will likely give you away and subject you to "real" surveillance, like "black bag" entry, password grabbers or even just a simple review of your bank accounts and purchases.
Freedom died because the "privacy nuts" like me didn't spend enough to keep it alive, pure and simple. That being said, Freedom (or something like it) will rise again. My guess is that it will be located on Sealand with the security afforded by that facility. Even if Sealand is assailed successfully, the data on the servers will be gone before a single bit is recovered. While I'm as upset as anyone about the death of Freedom (from which I'm posting this message) it may pave the way for an even better system with both cryptographic and physical data security.
I maintain that the events of September 11 are not going to cripple the use of cryptography or anonymity. Terrorists are smart enough to realize that the veil can be pierced with enough resources, and hence avoid using them for critical communications. (bin-Laden's congratulatory cell phone conversations nonwithstanding.) Over 70% of the American public feels that crypto restrictions would have been helpful, but I doubt that they would withstand a 1st or 4th Amendment challenge, and Sealand is not subject to US law.
The demand is there, the technology is there and the location is for rent. What remains is for an affordable system to be built.
BTW, I have no financial interest in Freedom or Sealand.
Since ZKS will no longer be in the business, several existing Freedom users have asked ZKS if they would make their old server code available to the open-source community. If that happens, I'll be happy to start up the Tweakdom project again. Here's hopin'...
If you're interested, check the web page for updates, or join the mailing list. Here's the URL's:
The Tweakdom web page: http://tweakdom.sourceforge.net
The Tweakdom mailing list: http://sourceforge.net/mail/?group_id=23929
--willdye