Slashdot Mirror


ZeroKnowledge to Discontinue Anonymity Service

VulgarBoatman writes: "ZeroKnowledge, providers of Freedom.net and Freedom privacy software, have abruptly decided to stop providing anonymous web browsing and private, encrypted, untraceable email for its customers. They give users 7 days before the system is shut down and all untraceable email addresses are disabled. They also say that your "secret" identity may not remain a secret for long." Well, note that that last link is a warning about using the service during the shutdown period, not a warning that they plan to compromise nyms in general. At least they're offering a refund. Update: 10/04 19:00 GMT by M : ZKS has a statement in the comments below.

5 of 347 comments (clear)

  1. Surprise to the staff as well? by Pituritus+Ani · · Score: 5, Interesting

    Yesterday, I received the following message in response to questions about upcoming changes in services and offshore servers (emphasis mine):

    Date: Wed, 3 Oct 2001 09:56:46 -0400 (EDT)
    From: InfoReplies@zeroknowledge.com
    To: @freedom.net
    Subject: Ref: "New anonymous browsing service"

    Hello,

    Thank you for your interest in Freedom. Currently, we are unable to release specific details about our upcoming privacy services; I wish I could provide you with more information. :(

    As for the servers, the upgrades should be completed shortly, and more servers should appear on the network. We apologize for the inconvenience.

    Regards,

    Freedom Support Team

    Have a question? Looking for answers? Visit our Knowledge Center for up-to-date solutions to common problems.
    http://www.freedom.net/support/knowledge.html

    --

    Another proud carrier of the $rtbl flag

  2. Lets have a US government anonymizing service by DumbSwede · · Score: 4, Interesting
    I will probably get flamed for this one, and I must admit my views on privacy and security are in flux right now.

    It seems to me the government should offer a free anonymizer service, with the proviso that detection of verifiable illegal activities transacted through same would lead to the immediate disclosure of the sender's identity (or at least location) to the appropriate legal agency. Private anonymizer services should not be allowed (at least within US borders).

    This would then be a way for whistle blowers and others not engaged in illegal activities to easily, and with better legal shielding, submit their disclosures or air their personal political views. Mailing death threats, circulating child pornography, arranging for killings, or setting up drug drops shouldn't have any kind of guarantee of hiding the sender's identity.

    I can already hear the big sucking sound from civil libertarians -- "HOW CAN YOU POSSIBLY TRUST THE GOVERNMENT WITH THIS?"

    It would seem trusting private individuals with this isn't much better (and the government gets what they want eventually anyway). Perhaps using a private anonymizing service shouldn't imply that someone has something to hide, but in the minds of many, it does.

    Being intractable on this issue will hurt the IT community more in the long run, because it closely associates it with the ability to conduct illicit and untraceable activities. I am more worried about being being prevented from using cryptography, or being forced to register the keys with a government agencies. Here is where the battle should be fought, because it will lead to the real government oversight of the flow of sensitive information.

    Yes this probably comes as result of 9-11-2001. Stop burying your heads in the sand and telling yourselves the world isn't any different now.

    1. Re:Lets have a US government anonymizing service by swordgeek · · Score: 5, Interesting

      "Stop burying your heads in the sand and telling yourselves the world isn't any different now."

      I take offense to this remark. The world isn't really any different now than it was a month ago, and my saying that isn't an indication of me "burying my head in the sand." The only real difference is that some of you (mostly in the US) have pulled your heads _out_ of the sand and started to realise what's going on in the world.

      As for your idea of a government run anonymizer service, there's just one problem: It won't work! It's exactly like banning secure encryption in the US now--the genie is already out of the bottle, and you can't put it back in. Criminals will always find ways around security, surveillance, and general watchfulness. By forcing bcakdoors on systems, you're only affecting (persecuting, in fact) the law-abiding citizens who will use them.

      --

      "People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
  3. SAFEWEB has Javascript, CIA problems. Cool though by billstewart · · Score: 4, Interesting
    Safeweb is one of several anonymizing services, of which the first well-known one was www.anonymizer.com. There are a couple of serious problems with it, one technical, one trust-related. On the other hand, Triangle Boy is really cool.


    The technical problem is that their service uses Javascript, and doesn't work if you're not running Javascript. That means that any time you're using the system, you're vulnerable to any other JS problems on any other web page your browser encounters, until you turn JS back off. IIRC, Safeweb does attempt to clean up JS and other dangerous stuff from pages it displays to you, but it's still a risk. Also, I'm not that impressed with their Javascript, though I'm not an expert on the stuff - my problem was that under Mozilla ~0.91, they pop up windows to do the secure browsing in, and they're not really quite the shape of my screen, though that could have been Mozilla's fault. I sent email to the Safeweb folks about the fundamental "You're using Javascript" problem, and got a really prompt reply from their technical management, which was good, but they fundamentally didn't get it, which bothered me.

    The other problem is trust - in general, you always need to be concerned about whether a service like this is trustable, both because of the intent of the people running it (are they ratting you out to somebody) and the security of their systems (if their server is 0wned by CrackerZ, you're not secure.) As I mentioned, Triangle Boy is really cool - it's a sort of distributed set of volunteer-run anonymizing servers, which keep moving around to prevent blocking services from blocking them, and Safeweb announced that they were going to be using this to provide censorship-free web access for people in China, the Middle East, and other places with censorship problems. The catch - they've got funding from In-Q-Tel, the CIA venture fund. It's probably entirely legit, and certainly good enough for most purposes - but how paranoid you need to be depends on who's really out to get you. ZeroKnowledge was very upfront about what their trustability levels were (plus I knew the folks there, and they were well-connected to the cypherpunks community.)

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  4. Re:Shaver by Mike+Shaver · · Score: 5, Interesting

    I think I left ZKS several months back (on good terms, etc., etc.).

    I think that Hamnett's message says it all (they couldn't afford to keep operating the network, because of that traditional operating-cost-vs.-revenue balance).

    I think that gov't pressure -- should any have actually existed; I don't recall much such pressure from when I was there -- had nothing to do the decision.

    I think they picked a very hard market nut to crack, and chose a very high bar for the level of security and privacy they were going to provide.

    I think the market didn't share their (our) enthusiasm for that level of service, perhaps unfortunately.

    I think a lot of people have talked here and elsewhere about how the Freedom network could have been done better, from technology or marketing or whatever perspectives...

    ...but I think nobody has done a better job so far of that type of network service.

    I think they've learned a _lot_ about protecting privacy and helping other people and organizations protect privacy.

    I think there's a market for that knowledge, and good applications of it.

    I think they're going to be OK.

    I think you shouldn't really care what I think.

    (I think Craig's still a dork.)