ZeroKnowledge to Discontinue Anonymity Service
VulgarBoatman writes: "ZeroKnowledge, providers of Freedom.net and Freedom privacy software, have abruptly decided to stop providing anonymous web browsing and private, encrypted, untraceable email for its customers. They give users 7 days before the system is shut down and all untraceable email addresses are disabled. They also say that your "secret" identity may not remain a secret for long." Well, note that that last link is a warning about using the service during the shutdown period, not a warning that they plan to compromise nyms in general. At least they're offering a refund. Update: 10/04 19:00 GMT by M : ZKS has a statement in the comments below.
.. but doesn't it seem a little strange that this comes in the wake of september 11th? Who's pressuring them to discontinue annonymity?
I'm curious as to whether the motivation is financial or some other reason... Maybe in the wake of all this terrorist bru-ha-ha about encryption and anonymity, someone (or more likely, some government entity) approached them and they, ahem, decided to stop.
I truly hope that's not the reason...
My money says it's all because of the September 11 attacks. From being a "cool" thing, companies offering anonymity services seem to be less cool in the eyes of the unwashed masses.
Trolling is a art,
Yesterday, I received the following message in response to questions about upcoming changes in services and offshore servers (emphasis mine):
:(
Date: Wed, 3 Oct 2001 09:56:46 -0400 (EDT)
From: InfoReplies@zeroknowledge.com
To: @freedom.net
Subject: Ref: "New anonymous browsing service"
Hello,
Thank you for your interest in Freedom. Currently, we are unable to release specific details about our upcoming privacy services; I wish I could provide you with more information.
As for the servers, the upgrades should be completed shortly, and more servers should appear on the network. We apologize for the inconvenience.
Regards,
Freedom Support Team
Have a question? Looking for answers? Visit our Knowledge Center for up-to-date solutions to common problems.
http://www.freedom.net/support/knowledge.html
Another proud carrier of the $rtbl flag
It seems to me the government should offer a free anonymizer service, with the proviso that detection of verifiable illegal activities transacted through same would lead to the immediate disclosure of the sender's identity (or at least location) to the appropriate legal agency. Private anonymizer services should not be allowed (at least within US borders).
This would then be a way for whistle blowers and others not engaged in illegal activities to easily, and with better legal shielding, submit their disclosures or air their personal political views. Mailing death threats, circulating child pornography, arranging for killings, or setting up drug drops shouldn't have any kind of guarantee of hiding the sender's identity.
I can already hear the big sucking sound from civil libertarians -- "HOW CAN YOU POSSIBLY TRUST THE GOVERNMENT WITH THIS?"
It would seem trusting private individuals with this isn't much better (and the government gets what they want eventually anyway). Perhaps using a private anonymizing service shouldn't imply that someone has something to hide, but in the minds of many, it does.
Being intractable on this issue will hurt the IT community more in the long run, because it closely associates it with the ability to conduct illicit and untraceable activities. I am more worried about being being prevented from using cryptography, or being forced to register the keys with a government agencies. Here is where the battle should be fought, because it will lead to the real government oversight of the flow of sensitive information.
Yes this probably comes as result of 9-11-2001. Stop burying your heads in the sand and telling yourselves the world isn't any different now.
Letter To Iran
The open sourced client and routers are here.
Another proud carrier of the $rtbl flag
Freedom nym mailboxes will not accept any incoming mail as of October 11th, 2001.
I would say that this makes their reason pretty clear. I don't know whether there was outside pressure or not, but judging by the date, I'd guess not. That's exactly one month.
I think we've pushed this "anyone can grow up to be president" thing too far.
The technical problem is that their service uses Javascript, and doesn't work if you're not running Javascript. That means that any time you're using the system, you're vulnerable to any other JS problems on any other web page your browser encounters, until you turn JS back off. IIRC, Safeweb does attempt to clean up JS and other dangerous stuff from pages it displays to you, but it's still a risk. Also, I'm not that impressed with their Javascript, though I'm not an expert on the stuff - my problem was that under Mozilla ~0.91, they pop up windows to do the secure browsing in, and they're not really quite the shape of my screen, though that could have been Mozilla's fault. I sent email to the Safeweb folks about the fundamental "You're using Javascript" problem, and got a really prompt reply from their technical management, which was good, but they fundamentally didn't get it, which bothered me.
The other problem is trust - in general, you always need to be concerned about whether a service like this is trustable, both because of the intent of the people running it (are they ratting you out to somebody) and the security of their systems (if their server is 0wned by CrackerZ, you're not secure.) As I mentioned, Triangle Boy is really cool - it's a sort of distributed set of volunteer-run anonymizing servers, which keep moving around to prevent blocking services from blocking them, and Safeweb announced that they were going to be using this to provide censorship-free web access for people in China, the Middle East, and other places with censorship problems. The catch - they've got funding from In-Q-Tel, the CIA venture fund. It's probably entirely legit, and certainly good enough for most purposes - but how paranoid you need to be depends on who's really out to get you. ZeroKnowledge was very upfront about what their trustability levels were (plus I knew the folks there, and they were well-connected to the cypherpunks community.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I think I left ZKS several months back (on good terms, etc., etc.).
I think that Hamnett's message says it all (they couldn't afford to keep operating the network, because of that traditional operating-cost-vs.-revenue balance).
I think that gov't pressure -- should any have actually existed; I don't recall much such pressure from when I was there -- had nothing to do the decision.
I think they picked a very hard market nut to crack, and chose a very high bar for the level of security and privacy they were going to provide.
I think the market didn't share their (our) enthusiasm for that level of service, perhaps unfortunately.
I think a lot of people have talked here and elsewhere about how the Freedom network could have been done better, from technology or marketing or whatever perspectives...
...but I think nobody has done a better job so far of that type of network service.
I think they've learned a _lot_ about protecting privacy and helping other people and organizations protect privacy.
I think there's a market for that knowledge, and good applications of it.
I think they're going to be OK.
I think you shouldn't really care what I think.
(I think Craig's still a dork.)
according to a Washington Post article
"In Hollywood, Fla., the FBI last weekend quizzed Paul Dragomir, manager at the Longshore Motel, about a visit in late August from two men he believes were hijackers Atta and Ziad Samir Jarrah, who demanded 24-hour Internet access.
Loaded down with baggage and laptops, the men signed in at the small pink beachfront motel using apparent aliases. They claimed to be computer engineers from Iran, Dragomir said, and said they were down from Canada to find jobs.
They booted up a laptop, showing Dragomir that they had NetZero Internet accounts. For the next few hours, Dragomir unsuccessfully tried to accommodate the men."
Makes one wonder just what or who 'motivated' NetZero to pull the plug on this product.
As a victim of identity theft I can assure you the threat of other people reading your email is no illusion. So far they've managed to charge over $10,000 to our credit cards in three months, and I suspect the sum is that low only because they maxed them out. We know our email is compromised because we got an email confirmation for one of the bogus orders.
Those of you who guard your email address to ward off spam are doing the right thing for the wrong reason, and I pray you never learn what can happen when you truely lose your privacy. If my wife knew I posted here she'd kill me, she's become so paranoid over this.
If all this should have a reason, we would be the last to know.
Since ZKS will no longer be in the business, several existing Freedom users have asked ZKS if they would make their old server code available to the open-source community. If that happens, I'll be happy to start up the Tweakdom project again. Here's hopin'...
If you're interested, check the web page for updates, or join the mailing list. Here's the URL's:
The Tweakdom web page: http://tweakdom.sourceforge.net
The Tweakdom mailing list: http://sourceforge.net/mail/?group_id=23929
--willdye