Slashdot Mirror
ZeroKnowledge to Discontinue Anonymity Service
VulgarBoatman writes: "ZeroKnowledge, providers of Freedom.net and Freedom privacy software, have abruptly decided to stop providing anonymous web browsing and private, encrypted, untraceable email for its customers. They give users 7 days before the system is shut down and all untraceable email addresses are disabled. They also say that your "secret" identity may not remain a secret for long." Well, note that that last link is a warning about using the service during the shutdown period, not a warning that they plan to compromise nyms in general. At least they're offering a refund. Update: 10/04 19:00 GMT by M : ZKS has a statement in the comments below.
.. but doesn't it seem a little strange that this comes in the wake of september 11th? Who's pressuring them to discontinue annonymity?
It's a shame sure, but like the article says- it's all down to people finding other ways to do it themselves rather than rely on somebody else. It would be nice if they gave advice to their existing nyms on how they might be able to maintain their privact though
J-aims
--
Yo, whatever happened to peas? Join T( H)GS
Nope. $59.95 for 5 identities - each good for a maximum of 1 year.
"Because I love Pat Benatar." -- Britney Spears, when asked why she covered Joan Jett's "I Love Rock 'n' Roll"
My question is, how did billing for the service work in the first place?
Umm, account #12344234 owes us $300... but we don't know who it is, or where he lives...
I think their business model didn't work... the collections department had nothing to do...
---
Programming is like sex... Make one mistake and support it the rest of your life.
I'm curious as to whether the motivation is financial or some other reason... Maybe in the wake of all this terrorist bru-ha-ha about encryption and anonymity, someone (or more likely, some government entity) approached them and they, ahem, decided to stop.
I truly hope that's not the reason...
My money says it's all because of the September 11 attacks. From being a "cool" thing, companies offering anonymity services seem to be less cool in the eyes of the unwashed masses.
Trolling is a art,
http://www.safeweb.com/ is still there.
Remember anon.penet.fi?
This is even more depressing, because this time the company running the service has pre-empted the government pressure to shut down, and gone ahead and done it before the lawyers arrive.
Eek. DOes anyone else get the feeling that the terrorists might actually be winning?
These sigs are more interesting tha
First off, when ZeroKnowledge closes, all of its customers will be forced to find another provider. That will make the other providers 1) more profitable (assuming they aren't taking a loss but making it up in volume, like Amazon); and 2) more effective. As mentioned in the warning to their customers, low volume makes it easier to correlate traffic entering their system with traffic leaving their system. When such a system gets sufficiently large, it will be very difficult to correlate input streams and output streams, because of the sheer number of possible matches.
Secondly, the closing of another anonymity service will make it harder for terrorists to operate on the internet. They will have one less place to hide. And that has a positive effect on law-abiding netizens - because when communications are more traceable and less anonymous, the government will have fewer excuses to pass legislation that gives law enforcement more snooping powers. And that benefits us all.
-sting3r
"Zero-Knowledge is introducing Freedom Privacy & Security Tools 3.0, the next generation of its online security software for consumers. This new software includes a personal firewall, form filler/password manager, ad manager, cookie manager and keyword alert. As a result, we have decided to focus our main development efforts on this product as well as other software solutions providing online security.
As such, I regret to inform you that Freedom Premium Services - Anonymous Web Browsing and Private Encrypted Email - will be discontinued as of October 22nd, 2001. Please refer to the detailed Freedom Network shutdown timetable below"
So basically they are winding down their subscription based business model, leasing nyms (4 minimum as far as I recall) on an annual basis and going with a shrink wrap product.
I'm holding my breath to see what the reviewers have to say about this Tool kit v3.0 - it may provide what most users are looking for.
Yes, according to the article all services shut down by Oct. 22nd.
Incoming e-mail servies shut down Oct. 11th as a result of most of their servers being taken offline. So you have 7 days to notify people you're changing your e-mail address.
I like fire ants. They are very spicy!
holy smokes, when i read that a zero knowledge system was discontinuing anonymity, I thought
that it meant that slashdot was going to stop
posting by AC's!
No collections department, you paid in advance for a year's service. If you wanted to ensure anonymity, you could sign up online, get an account number, and write that on an money order. You could also pay by credit card - they claimed to have an internal system to remove the linkage between the payment and the account.
I suspect that various governments are bringing pressure to bear. Hotmail et al are probably next. See this article at
Best Slashdot Co
as ppl have pointed out .. one is safeweb.com another alternative is idzap.com
Mike left Zero Knowledge quite some time ago.....
Yesterday, I received the following message in response to questions about upcoming changes in services and offshore servers (emphasis mine):
:(
Date: Wed, 3 Oct 2001 09:56:46 -0400 (EDT)
From: InfoReplies@zeroknowledge.com
To: @freedom.net
Subject: Ref: "New anonymous browsing service"
Hello,
Thank you for your interest in Freedom. Currently, we are unable to release specific details about our upcoming privacy services; I wish I could provide you with more information.
As for the servers, the upgrades should be completed shortly, and more servers should appear on the network. We apologize for the inconvenience.
Regards,
Freedom Support Team
Have a question? Looking for answers? Visit our Knowledge Center for up-to-date solutions to common problems.
http://www.freedom.net/support/knowledge.html
Another proud carrier of the $rtbl flag
That should stop those pesky terrorists! They'll never think of getting a hotmail account from some public library system!
For those of you left out in the cold by this, Hushmail provides secure e-mail at a reasonable fee (I forget what I paid) or free accounts. Although if today's message is anything, supporting privacy services with money should be considered if you're going to use the service often!
Nick Lange nick.lange@SPAMTASTIC.hushmail.com
It seems to me the government should offer a free anonymizer service, with the proviso that detection of verifiable illegal activities transacted through same would lead to the immediate disclosure of the sender's identity (or at least location) to the appropriate legal agency. Private anonymizer services should not be allowed (at least within US borders).
This would then be a way for whistle blowers and others not engaged in illegal activities to easily, and with better legal shielding, submit their disclosures or air their personal political views. Mailing death threats, circulating child pornography, arranging for killings, or setting up drug drops shouldn't have any kind of guarantee of hiding the sender's identity.
I can already hear the big sucking sound from civil libertarians -- "HOW CAN YOU POSSIBLY TRUST THE GOVERNMENT WITH THIS?"
It would seem trusting private individuals with this isn't much better (and the government gets what they want eventually anyway). Perhaps using a private anonymizing service shouldn't imply that someone has something to hide, but in the minds of many, it does.
Being intractable on this issue will hurt the IT community more in the long run, because it closely associates it with the ability to conduct illicit and untraceable activities. I am more worried about being being prevented from using cryptography, or being forced to register the keys with a government agencies. Here is where the battle should be fought, because it will lead to the real government oversight of the flow of sensitive information.
Yes this probably comes as result of 9-11-2001. Stop burying your heads in the sand and telling yourselves the world isn't any different now.
Letter To Iran
The open sourced client and routers are here.
Another proud carrier of the $rtbl flag
and don't forget that thing that looks like an eye on the front of your TiVO... =)
cat
Yup and that is what spammers do. How many people really tell the truth when they open up hotmail, yahoo, or any other free email account? Not all I can tell you that.
There is also ways of knowing what someone is doing on a web site and doing lots of tracking. When I worked for a web portol, we knew where a user came to our site from, weather it was a search engine, or a link on another site. We knew what pages they viewed. We knew how they navigated through the site, and often how they left the site. I can totally see why the need for anomymous browsing. You are being watched on the net.
In light of sept 11, I think they think that they may have been providing this service to bin laden or some of his people, and this could be true, but it is no reason to stop.
I also wonder if they will get suid by someone if they make the 'secret names' public. I wonder what their user agreement said. Sounds like this could launch a civil action suit against a company that says 'we'll protect your privacy', and then doesn't.
Personally I have nothing to hide. So I just use mozilla and reject the cookies. If you know that I am on a porn site we'll duh, I'm over 18 and it's legal (for now) in this country.
buy the shirt rm -rf /bin/laden
from http://linuxlookup.com/
Only 'flamers' flame!
I am an ex-ZKS employee, and you - are a troll.
.GIF's and JPEG's on the web?
Do you really think you can stop people from developping or using encryption or anonymity? There a rumours Ben Laden uses steganography - should we ban all
Most employeess at ZKS believe in protecting our rights, and in preserving privacy versus what is perceived by many as intrusions of a police state future into what was otherwise a "free" internet. As Phil Zimmerman said:, "if you ban strong crypto only the terrorists and criminals will have access to it."
That certainly sucks ass, but I can't say I didn't see this coming.
They've been showing signs of titsup.com-ness for months now...discontinuning free services, raising prices, etc.
Wonder if FuckedCompany has gotten word of this yet...
C-X C-S
Freedom nym mailboxes will not accept any incoming mail as of October 11th, 2001.
I would say that this makes their reason pretty clear. I don't know whether there was outside pressure or not, but judging by the date, I'd guess not. That's exactly one month.
I think we've pushed this "anyone can grow up to be president" thing too far.
The liberals in Congress think they're sounding like civil
libertarians with their new, modified stand on Internet
surveillance. They say that the authorities should be allowed
warrantless taps to find out where you surfed, but not what you did
once you got there. The FBI has a right to know that you went to
Amazon, for example, but without a warrant they don't have a right
to know what books you bought. The legal distinction here is from
the old days: a "pen register" would record the number you dialed,
but not the conversation itself, and therefore qualified for a
looser legal standard.
But pundits don't realize that 99 percent of your Web activity can
be reconstructed from the Web's equivalent of "pen register"
information. The search terms you enter into search engines are
attached to the address itself. Do you believe that the FBI will
want this portion of the URL excluded simply because they don't
have probable cause? If and when the NSA is authorized to monitor
the backbone, do you expect that they will chop off the URL at the
question mark, so that this information is kept out of their
keyword-analysis supercomputers? Not likely.
My reading of the provisions of the new Anti-Terrorism Act of 2001
suggests that a single, one-time certification by a federal
law-enforcement official that such information is needed in a
criminal investigation, without any showing of probable cause, is
enough to require a court to issue an order allowing a pen-register
tap on any Internet service provider presented with the order,
throughout the entire U.S. The definition of this "pen-register or
trap and trace device" information has been expanded for the
Internet. It now includes "other dialing, routing, addressing, and
signaling information reasonably likely to identify the source of a
wire or electronic communication (but not including the contents of
such communication)."
For example, some federal official could conceivably serve Google,
or any other search engine, with a court order demanding log
information for all those who searched for particular persons or
particular combinations of search terms. The "query strings"
consisting of the users' search terms are, in all standard HTTP
server logs, included along with the user's domain or IP number.
One hopes that search engines would be inclined to challenge such
an order. But we may never know, because if they decide to
cooperate with the new law, their public relations office won't be
announcing this. The bottom line is that the phrase, "but not
including the contents of such communication," might be useful for
excluding the body of e-mail messages, but is mostly irrelevant for
Web surfing. This poor wording in the new law may mean that search
engines can no longer claim privacy at any level.
If someone wanted to redesign the entire Web for the express
purpose of surveillance, they couldn't do a better job than what we
already have. The profile that could be compiled if one had a list
of all the Web sites you visited, or all the search terms you've
used on Google, would be very revealing. The latter scenario is
more worrisome, because the former scenario, short of a
comprehensive backbone tap, would imply an order served locally at
your own ISP. You'd almost have to be pre-targeted by the
authorities. But a tap on a general search engine would amount to a
global sweep for information. Google currently gets about 110
million searches every day, most of which are from outside the U.S.
It would be tempting for the feds to monitor this traffic.
The technical problem is that their service uses Javascript, and doesn't work if you're not running Javascript. That means that any time you're using the system, you're vulnerable to any other JS problems on any other web page your browser encounters, until you turn JS back off. IIRC, Safeweb does attempt to clean up JS and other dangerous stuff from pages it displays to you, but it's still a risk. Also, I'm not that impressed with their Javascript, though I'm not an expert on the stuff - my problem was that under Mozilla ~0.91, they pop up windows to do the secure browsing in, and they're not really quite the shape of my screen, though that could have been Mozilla's fault. I sent email to the Safeweb folks about the fundamental "You're using Javascript" problem, and got a really prompt reply from their technical management, which was good, but they fundamentally didn't get it, which bothered me.
The other problem is trust - in general, you always need to be concerned about whether a service like this is trustable, both because of the intent of the people running it (are they ratting you out to somebody) and the security of their systems (if their server is 0wned by CrackerZ, you're not secure.) As I mentioned, Triangle Boy is really cool - it's a sort of distributed set of volunteer-run anonymizing servers, which keep moving around to prevent blocking services from blocking them, and Safeweb announced that they were going to be using this to provide censorship-free web access for people in China, the Middle East, and other places with censorship problems. The catch - they've got funding from In-Q-Tel, the CIA venture fund. It's probably entirely legit, and certainly good enough for most purposes - but how paranoid you need to be depends on who's really out to get you. ZeroKnowledge was very upfront about what their trustability levels were (plus I knew the folks there, and they were well-connected to the cypherpunks community.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
http://slashdot.org/comments.pl?sid=22261&cid=2388 370 is another thread of this same discussion - see comments there.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Because if you want a refund, you gotta give them a return address - even if you paid anonymously up front (with a money order).
Of course, anyone who REALLY wants to remain anonymous will just give up on any refund for unused time... This may be a good way to spot possible illicit activity, after which the FBI may request their records. Seems like a good ploy to me. But then IANAFBISpy.
--Brandon / Split Infinity Music
I think I left ZKS several months back (on good terms, etc., etc.).
I think that Hamnett's message says it all (they couldn't afford to keep operating the network, because of that traditional operating-cost-vs.-revenue balance).
I think that gov't pressure -- should any have actually existed; I don't recall much such pressure from when I was there -- had nothing to do the decision.
I think they picked a very hard market nut to crack, and chose a very high bar for the level of security and privacy they were going to provide.
I think the market didn't share their (our) enthusiasm for that level of service, perhaps unfortunately.
I think a lot of people have talked here and elsewhere about how the Freedom network could have been done better, from technology or marketing or whatever perspectives...
...but I think nobody has done a better job so far of that type of network service.
I think they've learned a _lot_ about protecting privacy and helping other people and organizations protect privacy.
I think there's a market for that knowledge, and good applications of it.
I think they're going to be OK.
I think you shouldn't really care what I think.
(I think Craig's still a dork.)
So I started beta-testing Freedom a while back... probably August or Sept. of 1999. I purchased the product in Dec. of 99 as soon as it was available. Hell, I was one of the first 100 to buy it since I got my free stinking t-shirt. The way they described licensing back then was "you can either use five nyms for one year, one nym for five years, or any combination in between." At this point, I have not yet used all of my nyms, meaning I have not fully used the product, meaning I should get a refund. Especially because I helped beta test and submitted bug reports left and right. But no! I don't fall within the "on or before Jan. 1, 2001" time frame, so I'm SOL. Perfect example of a good company gone bad. I wonder if Ian Goldberg is going to jump ship now that their product does Zer0 Cryptography.
Oh well. Another fantastic product down the drain. Nice job, upper management! That's what happens when you let guys from the stone age manage a cool new company with something real to offer.
Closing an anon remailer or anon web proxy is not going to stop terrorism. Neither is putting backdoors into encryption schemes, or making National ID cards that people will be required to carry. They are great deterrents tho.
Before the internet there was terrorism... and unfortunately terrorism will continue.
A step in the right direction would be tighter immigration laws. Better security on flights, and letting the millitary do their job (no more bullshit police actions).
But closing down a remailer or web proxy won't stop anything. It's paranoia. Why can't the terrorists set up their OWN anon remailers or proxies. Hell they could revert to using RFC1149 technology with a Honeycomb Cereal invisible ink pen....
Paranoia does not solve problems...
[Connection closed by foreign host]
There was once a time when anonymous remailers served a purpose on the net, and where the people using them were as or more likely to contribute something to the online community as any others.
Sadly, I think that time has now passed.
On most of the Usenet groups I frequent (which, of course, is merely the tiniest fraction of those available), the people using anonymous remailers seem to be overwhelmingly: A.) Spammers, B.) Jerks who contribute nothing to the group and who cower behind anonymity for the sole purpose of flaming others free of consequences, and C.) People who not not only pirate intellectual property, but who spam newsgroups with it to show everyone how big their virtual Warezzz penis is. For example, a couple of months ago, someone spammed rec.arts.sf.written with hundreds of badly OCRed SF novels and stories, including some by people who are by no means rich.
Frankly, the people with the most urgent need for legitimate use of anonymous remailers (i.e., those in communist or otherwise oppressive countries where there is no freedom of the press) are the ones who either can't get to them anyway, or whose governments have so much of the system tapped that it would be easy to track them down.
While there are still some legitimate uses for anonymous remailers (Scientology whistle-blowers, for example), the jerks and spammers seem to outweigh legitimate uses about 100 to 1. Thus I see no real cause to mourn their passing. I wish that it were otherwise, but we must deal with the world as it is, not as we wish it were.
Lawrence Person (lawrencepersonh@gmailh.com (remove all "h"s to mail)
http://www.lawrenceperson.com/
Straight from Three Dead Trolls In A Baggie.
...when you've got wireless?
Just find your local wide-open corporate or university wireless network, and hack away! Maybe even buy yourself a nice directional antenna... w00t!
ZKS's business model was always a gamble, but it was the critical thing they had to offer. There are a number of people in the cypherpunks community who've developed remailers, but the critical problem was how to keep enough of them running to provide security, diversity, and reliability. (The typical problem remailers have is keeping their ISPs from getting upset by complaints from recipients of unwanted anonymous mail, and running a faster-response-time system like ZKS requires comsuming more upstream bandwidth as well.) What their business model had to offer, besides a good enough friendly user interface to make it easy for the general public to use, was a financial incentive for ISPs to want to run remailers, because they're paying customers rather than problem users. We were never sure whether they'd succeed, but it would be a great thing if they did. Oh, well....
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
And no, it's not a co-incidence that practically all anonymity-enhancing services have been located outside US of A for years now.
I like paying taxes. With them I buy civilization -- Oliver Wendell Holmes
according to a Washington Post article
"In Hollywood, Fla., the FBI last weekend quizzed Paul Dragomir, manager at the Longshore Motel, about a visit in late August from two men he believes were hijackers Atta and Ziad Samir Jarrah, who demanded 24-hour Internet access.
Loaded down with baggage and laptops, the men signed in at the small pink beachfront motel using apparent aliases. They claimed to be computer engineers from Iran, Dragomir said, and said they were down from Canada to find jobs.
They booted up a laptop, showing Dragomir that they had NetZero Internet accounts. For the next few hours, Dragomir unsuccessfully tried to accommodate the men."
Makes one wonder just what or who 'motivated' NetZero to pull the plug on this product.
I've quit a two or three *pot* a day habit cold turkey. Of course, the fact that I didn't know just *how far* past two a day I was was part of the reason.
Then again, caffeeine doesn't faze me. It doesn't keep me awake or alert, or make me jittery (OK, a grand total of twice I got jittery, but that's from the multiple pots in a sitting thing
When I dumped the multi-pot a day habit in grad school, I wnet over to decaff without a problem. OK, a little problem; I had to change to flavored beans to mask the funny taste from the lack of caffination.
Add a few more years, and there's some difficulty. I make decaff in my office, but my wife makes the regular stuff at home. So with decaff all week and then real stuff on the weekends, I did start getting mild headaches on monday or tuesday (this didn't used to happen), so now I have a cup of my wife's at home before I leave.
hawk
As a business, we are focusing on the product that customers and partners want. Here's an official Zero-Knowledge Systems statement on the matter:
Your Servant, B. Baggins
I don't know how much pressure there is from the gov't on businesses in Canada regarding crypto. I doubt they are responsible for this service being shut down, though.
I hope you're not pretending to be evil while secretly being good. That would be dishonest.
Most of the so-called 'hard' drugs are the ones that cause high rates of addiction; they may not even produce that strong of a dependence, but the craving and build-up of tolerance are always there. This is part of the reason for the confusion between different definitions of 'addictive' substances.
Also definitions get corrupted by politics. Leading to nicotine products being called "soft drugs" when calling them "legal hard drugs" actually makes more sense.
I'll agree that THC products shouldn't be classified in the way as narcotics, but some drugs really are dangerous.
Except that banning drugs has nothing to do with danger. One of the most dangerous drugs is paracetamol, but you can buy this easily.
Most of the danger from illegal drugs actually comes from their being outside of the kind of standards which would otherwise apply to them. i.e. known dosage free from contamination.
Logons from libraries, cafe's, etc.
Best Slashdot Co
The whole cryptographic anonymity area was likely to take a massive hit in the wake of the WTC attack.
Even if ZeroKnowledge had kept going the increased scrutiny and surveillance would render the scheme pointless. Having a FreedomNet account or connecting to the server would get you put on a watch list the minute the NSA found out - and find out they would.
I suspect that the number of hosting facilities willing to run the service servers declined substantially after the WTC attack.
I would not give the Sealand folk much chance of lasting very much longer. For all the riddiculous libberprattle the platform is now inside UK territorial waters and the UK government does not recognise sealand as a state. Since the sealand employees are mainly from the US that would make them illegal workers subject to arrest when they set foot on the mainland.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
IIRC, Safeweb does attempt to clean up JS and other dangerous stuff from pages it displays to you, but it's still a risk.
They do a pretty good job of sanitizing JS, but not perfect. In about an hour, I found a couple ways for a malicious server to compromise anonymity through SafeWeb, using JS. I'll grant that it's a tough job to sanitize all JS, but SafeWeb should provide a way for users to browse without JS. In my opinion, this is the single biggest problem with using SafeWeb.
I sent email to the Safeweb folks about the fundamental "You're using Javascript" problem, and got a really prompt reply from their technical management, which was good, but they fundamentally didn't get it, which bothered me.
Their FAQ indicates they don't get it-- they dismiss the notion that JS is a privacy concern, and discredit those who say it is. However, I think they realize it internally. I know someone who used to work there. He says they get emails complaining about JS every day, but they don't want to do away with their current UI.
As I mentioned, Triangle Boy is really cool - it's a sort of distributed set of volunteer-run anonymizing servers, which keep moving around to prevent blocking services from blocking them...
The concept is old... some people (*cough*) have been doing this since at least 1996. All it takes is an anonymizing proxy script that is released for distribution. I wrote one called CGIProxy, and there are others out there. Triangle Boy has pros and cons compared to these-- it puts the bandwidth load on SafeWeb's machines rather than the volunteer Triangle Boy servers, but then it won't work at all if the SafeWeb server ever has a problem (the other scripts run independently).
Feel free to ask more questions; this particular topic is a specialty of mine.
It is not unusual for well financed startup companies to crash and burn despite top people. There have been several that have crashed and burned because they had too many. Its the same in crypto, DigiCash and Cybercash both went under, PGP burned through cash so fast it had to be rescued even before the dotcom bubble burst. Baltimore and Entrust are both looking wobbly.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
I think it's safe to say that we are all saddened by the recently announced shutdown of the Freedom Network.
I signed up for Zero Knowledge Systems' premium services not too long ago, that is, when I was moving into a university where I am connected on a non-switched network that is extremely easy to sniff traffic off of. I found freedom to be very useful.
I was about to set up another node on the Freedom Network as well. At this very moment I have a server setting in a data center, idling. Now I am hit with this news.
I will be brief. I am interested in setting up a secure SOCKS proxy server, and want to know how many people would pay for this kind of a service. It would be different than the Freedom Network, in that its main focus would be on privacy instead of anonymity. Of course your connection would be pseudo-anonymous, but not subpoena resistant like freedom was. However it would support any program which supports SOCKS proxies, for example AOL Instant Messenger, ICQ, file sharing programs, etc, in addition to regular web browsing. It would use either IPSec or some other strong cryptography to secure all traffic between the client and the proxy.
There would have to be some kind of bandwidth based billing system, however, for example either a bandwidth cap or a cost based on the amount of bandwidth used. I am not in this to make tons of money, but then again I couldn't afford the bandwidth if users paying $10/month are downloading numerous movies and MP3s through the proxy.
Please email me at feedback@senseofsecurity.com to express any interest or provide any ideas or suggestions.
Thank you,Adam Smith
Alternatives to Zero Knowledge include
Anonymizer,
Rewebber,
Siegesoft, and
Orangatango.
Just my $0.04 (adjusted for inflation)
This is really sad to hear. We have seen to many good, anonymous services go down. It all started with DigiCash and Chaum, a payment system utilizing blind signatures. True(!) anonymous payments. And ZKS also had the right tools at hand to create anonymity. Maybe you will move ahead and do something in the private credential arena. Brands' patents should work fine for that ... Readers interested in some level of anonymity for the masses should check out Hushmail and Zendit for anonymous, encrypted email services. And the other usual suspects like Anonymizer.com (BAH!). Good luck to Zeroknowledge!
Ian speaks the truth. As much as we would like there to be a market for services like FN, there isn't one. People won't go out of their way to protect their privacy in the face of vague threats or unease. They need a specific threat before they will spend real money on protecting their privacy.
Which is, of course, what the people who invade privacy want.
I'm not surprised FN died, I'm surprised it lasted this long. ZKS got funded for Freedom Network in the heady days of the dotcom boom, when you could find a few VCs who had read Crytonomicon and get them to fork over money on faith. Their new plan, HIPPA compliance software, is a much sounder business proposition.
To get privacy into the network, you have to get it in with literally zero effort. It needs to be built in to the other tools, and considered a checklist feature. Unfortunately, for now, privacy protection is a feature, not a product
Has it been over a year since you last donated to the Electronic Frontier Foundation
As a victim of identity theft I can assure you the threat of other people reading your email is no illusion. So far they've managed to charge over $10,000 to our credit cards in three months, and I suspect the sum is that low only because they maxed them out. We know our email is compromised because we got an email confirmation for one of the bogus orders.
Those of you who guard your email address to ward off spam are doing the right thing for the wrong reason, and I pray you never learn what can happen when you truely lose your privacy. If my wife knew I posted here she'd kill me, she's become so paranoid over this.
If all this should have a reason, we would be the last to know.
"That's just "When guns will have been outlawed, only outlaws will own guns" paraphrased yet again."
You're right--it is, and I HATE that argument. And yet, still I made it...
There is one fundamental difference between using the argument for guns vs. encryption: Guns are designed for the sole purpose of killing. They are a destructive weapon. Encryption is a means of enforcing privacy, and privacy can be used as an aid to a weapon.
Encryption isn't fundamentally a weapon and shouldn't be treated like one. What your post suggests is that if I don't want to play nice and give all of my correspondence to the government, I'm going to be treated like a criminal. Yes this happens in totalitarian states. That doesn't mean that it's a good thing, or that we should be trying to emulate it. In fact, we should be holding on tightly to the fact that we _can_ safely dissent and maintain our privacy.
There's another problem that no one in this thread has mentioned yet: Corruption. If the government has the ability to break your email encryption, rest assurred that someone will, sometime. If you're having an affair, expect to see blackmail letters sooner or later. Or possibly you're a schoolteacher who likes to dress in drag on the weekends, in a different town. No harm, no laws broken, but the school boards probably don't want you teaching, and you might pay to have them not find out.
The two problems with a government escrow are that it won't work for it's intended purpose, and it will be abused by corrupt individuals. You can count on that.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
Since ZKS will no longer be in the business, several existing Freedom users have asked ZKS if they would make their old server code available to the open-source community. If that happens, I'll be happy to start up the Tweakdom project again. Here's hopin'...
If you're interested, check the web page for updates, or join the mailing list. Here's the URL's:
The Tweakdom web page: http://tweakdom.sourceforge.net
The Tweakdom mailing list: http://sourceforge.net/mail/?group_id=23929
--willdye
Don't editorialize out our paranoia, it has served well so far.
What makes people question whether the Freedom Network's shutdown is collateral damage from Sept. 11 is not just the uncanny timing, but the exceedingly short notice and the fact that just recently ZKS was promising the rollout of more servers.
The exceedingly short notice is perhaps the most troubling. I'm sorry, but no matter how much you protest that it's unrelated to Sept. 11, most people are not going to believe you. You couldn't reasonably admit folding the network due to Sept. 11, because that would garner a huge backlash from the sort of customers you want to buy your future "privacy" products. That creates a very real motive for denying that the network's shutdown has something to do with Sept. 11.
As it is, you cannibalized your own market by offering the cheap Freedom product without nyms and access to the Freedom Network, anyway. You started trying to target a more mainstream audience--an audience which doesn't know the difference between Freedom the run-of-the-mill "privacy" utility and Freedom with access to the anonymizing network. You should not have given them a choice in the matter, and doing so naturally cannibalized the market for the Premium product--which was the only unique thing your company offered in the first place. There are so many other packages that do the same thing, some by big-name vendors like Norton and McAfee, that you can't reasonably survive very long selling a virtually identical product with the same features but without the name recognition and without the added distribution these products get through inclusion in general-purpose utility syuites such as those offered by both Symantec and McAfee.
I know I'll likely get flamed and modded down for second-guessing this and playing armchair CEO, but the fact is you never should have offered people a cheaper product which the mainstream audience couldn't be expected to reasonably distinguish from your network anonymity enabled product. Your webpages didn't even give a good explanation that "normal" people would understand about why they should buy your more expensive product. Your less expensive option was more appealing to people merely because of the cost difference and the lack of knowledge of the "average" guy.
When it became apparent that you couldn't keep doing things the way you were doing them, what you should have done is drop the cheap option and support only those people also willing to support the Freedom Network-enabled version of the software. To do otherwise is removing the only thing which made you unique, the only thing which distinguished you from Symantec and McAffee and countless smaller companies and freeware offerings. You cannot and will not survive in such an environment with so many competitors, not to mention the people who are pissed at you for dropping the Freedom network to concentrate on Just Another Cookie Management/Firewall/Etc. Suite and who consequently would never buy your "Freedom 3.0" product even though they used to be supporters. I know I don't need Just Another Firewall/Cookie Suite--too many to choose from already, and if Freedom 3.0 is anything like your current "lite" suite lacking the Freedom Network, it's just too "heavy" and resource-intensive an app. I could tolerate that when I got to access the snonymity of the Freedom Network, but without it I'd rather just run ZoneAlarm's free firewall and get my cookie management free with Mozilla.
Good luck. You're going to need it. And I still don't believe this timing has nothing to do with Sept. 11--and if it doesn't, you had a responsibility to give your users more notice, and shame shame shame on you for not doing so.
Chasing Amy
(We all chase Amy...)
"The more corrupt the state, the more numerous the laws"-Tacitus
There are no side-effects of the electronic age except one: that the government finds it easier and easier to invade our rights as new technologies are developed, since people keep "interpreting" how our Constitutional rights should apply in a new medium instead of just doing what the Framers intended--reading our rights as literally as possible and applying them everywhere, without regard to medium, without regard to the changing temper of the times.
... If ye love wealth better than liberty, the tranquillity of servitude than the animating contest of freedom--go from us in peace. Crouch down and lick the hands which feed you. May your chains sit lightly upon you."
"The mushrooming of surveillance has been explained by the sense of panic
and crisis felt throughout the government during this period of extremely
vocal dissent, large demonstrations, political and campus violence, and
what at the time seemed the inauguration of a period of wide- spread
anarchy. While officials... suggested that these crises justified the
surveillance, they failed to recognize that the rights guaranteed by the
constitution are constant and unbending to the temper of the times..."
--Senate Subcommittee on Constitutional Rights, 1973
Terrorist attacks do not justify concurrent attacks by government on our freedoms--not even if the "tyranny of the majority," the large part of the populace that's most easily mislead by Ashcroft's smooth-talk and the like instead of thinking for themselves and reflecting on the future impact decisions we make now will have on us and our children and our childrens' children, is willing to go along out of Fear, Uncertainty, Doubt, and Ignorance.
If we have no freedoms, there's nothing to fight the terrorists for.
"Implicit in the term 'national defense' is the notion of defending those
values and ideals which set this Nation apart... It would indeed be
ironic if, in the name of national defense, we would sanction the
subversion of one of those liberties... which makes the defense of the
Nation worthwhile."
--Chief Justice Earl Warren, U.S. Supreme Court, US v Robel
"Man did not enter into society to become worse than he was before, nor
to have fewer rights than he had before, but to have those rights better
secured."
--Thomas Paine, 1791
"Experience should teach us to be most on our guard to protect liberty
when the government's purposes are beneficient... the greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding."
--Justice Louis Brandeis, U.S. Supreme Court
"An elective despotism was not the government we fought for."
-- Thomas Jefferson
"Contemplate the mangled bodies of your countrymen, and then say, What should be the reward of such sacrifices?
--Samuel Adams
"Necessity is the plea for every infringement of human freedom. It is the
argument of tyrants; it is the creed of slaves."
--William Pitt to the House of Commons, November 18, 1783
Anyone who has an historical awareness realizes that we have lost, rather than gained, rights over the last two centuries. We give rights to more people, such as women and blacks, and that's great. But we give fewer rights than our ancestors had. When Ben Franklin was postmaster-general, he wasn't going to let anyone touch your mail without a warrant. Many decades later the Court ruled that you don't have to have a warrant to get the data on the outside of the envelope--reasonable. E-mail and Web traffic is substantially the same thing and should be protected as much as regular mail--yet it isn't. There is no legislation to give your e-mail and packets the same legal protection your snail mail has. Even worse, Sept. 11 is being used as an excuse to pass legislation that would consider ALL fields in packets except for the actual data being shuffled, as ftree for the government to examine without warrant. Disastrous because where e-mail and Web traffic diverges from snail mail is that the FBI can't scan all envelopes and record who's sending what to whom, but they CAN do so with e-mail and Web traffic if only thay can get backbones or local ISPs to install a little equipment. Is that what the Founders would have wanted to happen to mail? For all the information on the envelope to recorded for posterity so that they can know exactly whom you're corresponding with, and monitor you if they don't like who you write to? No? Then we shouldn't allow it.
It's as simple as that.
I can go down a whole list of such rights that our forefathers instituted that we have lost. Most of them are rights people don't even realize used to exist, because they weren't codified into the Bill of Rights so clearly. In fact, the principal objection that many of the Founders, including Jefferson, had to creating the Bill of Rights is that it may create the misconception that those are the only absolute rights--which is what it's done. That's why a clause was inserted to reinforce the fact that the listing of rights does not disparage or deny all other rights held by the people, and that it is not a complete list of our inalienable rights. In fact, at the time, our rights were more defined by the Common Law than by the Constitution. Yet today's legal system treats the Common Law and all the rights it gives us as a doormat. The most famous example is probably the elimination, without any legislation to support the move, of the right of juries to nullify the application of a law in given circumstances, so that all common sense and fairness are lost at trial today.
Wake up yourself. Our rights are a tiny shadow of what Jefferson and Washington and Madison and Franklin and the Adams' and all the citizens of their age had. I'm beginning to think that Jefferson was right, and that each generation should have a revolution against the last, to ensure its rights. One thing's for sure: none of the principal Founders would like the government we live under today. Thay'd recognize it as oppressing us and denying our natural rights and our rights under Common Law.
Chasing Amy
(We all chase Amy...)
"The more corrupt the state, the more numerous the laws"-Tacitus
(plus I knew the folks there, and they were well-connected to the cypherpunks community.)
Not to argue with the other points in your (well-written) post... but surely a certain percentage of the 'cypherpunk' community is going to be undercover stooges for the FBI/CIA/NSA? Sort of like COINTELPRO in the Nixon years -- strong encryption is perceived as a strong enough threat to warrant this sort of spying on your citizens, according to that mindset.
I'm not saying this is fact, but merely that it's probably a factor that should be considered... the easiest way to break this sort of encryption is to already have someone on the inside, or to get someone to talk.
deus does not exist but if he does
Untrue. At the time of the incident the platform was outside UK waters. Now it is inside.
The point you attempt to make about 'international law' is utterly bogus. No country recognises Sealand. Under UK law any ship that is not registered with what UK law determines to be a national government may be considered a pirate vessel.
The failure to close down Sealand does not mean that the UK government recognises it. That will not stop the Libbertarian Taleban from arguing the theology of the case at inordinate length.
If as alleged Sealand was a sovereign teritory then the UK government could under accepted international law serve it a notice insisting that it cease aiding and abetting criminals. If Sealand declined it could under international law issue an ultimatum and commence hostilities.
Given the measures likely to be agreed by the UN security council in the comming weeks the chances are that the UK would even be able to state it was operating under a UN mandate.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/