ZeroKnowledge to Discontinue Anonymity Service

VulgarBoatman writes: "ZeroKnowledge, providers of Freedom.net and Freedom privacy software, have abruptly decided to stop providing anonymous web browsing and private, encrypted, untraceable email for its customers. They give users 7 days before the system is shut down and all untraceable email addresses are disabled. They also say that your "secret" identity may not remain a secret for long." Well, note that that last link is a warning about using the service during the shutdown period, not a warning that they plan to compromise nyms in general. At least they're offering a refund. Update: 10/04 19:00 GMT by M : ZKS has a statement in the comments below.

Glad i didn't sign up..

[milkme123]

.. but doesn't it seem a little strange that this comes in the wake of september 11th? Who's pressuring them to discontinue annonymity?

Not so bad though is it?

[rm-r]

It's a shame sure, but like the article says- it's all down to people finding other ways to do it themselves rather than rely on somebody else. It would be nice if they gave advice to their existing nyms on how they might be able to maintain their privact though

Re:In true .com fashion

[VulgarBoatman]

Nope. $59.95 for 5 identities - each good for a maximum of 1 year.

Bad business model

[Quasar1999]

My question is, how did billing for the service work in the first place?

Umm, account #12344234 owes us $300... but we don't know who it is, or where he lives...

I think their business model didn't work... the collections department had nothing to do...

Sept. 11

[grub]

My money says it's all because of the September 11 attacks. From being a "cool" thing, companies offering anonymity services seem to be less cool in the eyes of the unwashed masses.

History repeats itself

[CaptainAlbert]

Remember anon.penet.fi?

This is even more depressing, because this time the company running the service has pre-empted the government pressure to shut down, and gone ahead and done it before the lawyers arrive.

Eek. DOes anyone else get the feeling that the terrorists might actually be winning?

Re:History repeats itself

[ktakki]

What happened to them anyway? One minute addresses from that domain seemed to be everywhere (whether you wanted to see them or not) and the next minute poof.

Collateral damage from the $cientologists' war against the Internet (circa '95 or '96).

The Co$ got Finnish authorities to subpoena anon.penet.fi's records. The operator, Julf Helsingius [sic?] closed up shop, saying he couldn't guarantee the anonymity of his users anymore.

There's probably something about it in WiReD's archives.

k.

This is an opportunity

[sting3r]

Certainly, the loss of one more tool in the fight for online privacy is a Bad Thing(tm). But we also need to examine the upside to this event.

First off, when ZeroKnowledge closes, all of its customers will be forced to find another provider. That will make the other providers 1) more profitable (assuming they aren't taking a loss but making it up in volume, like Amazon); and 2) more effective. As mentioned in the warning to their customers, low volume makes it easier to correlate traffic entering their system with traffic leaving their system. When such a system gets sufficiently large, it will be very difficult to correlate input streams and output streams, because of the sheer number of possible matches.

Secondly, the closing of another anonymity service will make it harder for terrorists to operate on the internet. They will have one less place to hide. And that has a positive effect on law-abiding netizens - because when communications are more traceable and less anonymous, the government will have fewer excuses to pass legislation that gives law enforcement more snooping powers. And that benefits us all.

-sting3r

Re:This is an opportunity

[malkavian]

Secondly, the closing of another anonymity service will make it harder for terrorists to operate on the internet.

But, as just about all the security agencies with a clue keep admitting, terrorists don't use the internet because it's just too insecure.
So closing down all the privacy sites does nothing to hinder the Bad Guys(TM), it just bugs the ordinary guy.

Malk

Looks like more of a business model switch

[Lawmeister]

"Zero-Knowledge is introducing Freedom Privacy & Security Tools 3.0, the next generation of its online security software for consumers. This new software includes a personal firewall, form filler/password manager, ad manager, cookie manager and keyword alert. As a result, we have decided to focus our main development efforts on this product as well as other software solutions providing online security.

As such, I regret to inform you that Freedom Premium Services - Anonymous Web Browsing and Private Encrypted Email - will be discontinued as of October 22nd, 2001. Please refer to the detailed Freedom Network shutdown timetable below"

So basically they are winding down their subscription based business model, leasing nyms (4 minimum as far as I recall) on an annual basis and going with a shrink wrap product.

I'm holding my breath to see what the reviewers have to say about this Tool kit v3.0 - it may provide what most users are looking for.

whew! when I read that, I thought...

holy smokes, when i read that a zero knowledge system was discontinuing anonymity, I thought
that it meant that slashdot was going to stop
posting by AC's!

Easy, no billing

No collections department, you paid in advance for a year's service. If you wanted to ensure anonymity, you could sign up online, get an account number, and write that on an money order. You could also pay by credit card - they claimed to have an internal system to remove the linkage between the payment and the account.

Fallout from Sept 11

[wiredog]

I suspect that various governments are bringing pressure to bear. Hotmail et al are probably next. See this article at

Re:Alternatives?

[matrix0040]

as ppl have pointed out .. one is safeweb.com another alternative is idzap.com

Surprise to the staff as well?

[Pituritus+Ani]

Yesterday, I received the following message in response to questions about upcoming changes in services and offshore servers (emphasis mine):

Date: Wed, 3 Oct 2001 09:56:46 -0400 (EDT)
From: InfoReplies@zeroknowledge.com
To: @freedom.net
Subject: Ref: "New anonymous browsing service"

Hello,

Thank you for your interest in Freedom. Currently, we are unable to release specific details about our upcoming privacy services; I wish I could provide you with more information. :(

As for the servers, the upgrades should be completed shortly, and more servers should appear on the network. We apologize for the inconvenience.

Regards,

Freedom Support Team

Have a question? Looking for answers? Visit our Knowledge Center for up-to-date solutions to common problems.
http://www.freedom.net/support/knowledge.html

Lets have a US government anonymizing service

[DumbSwede]

I will probably get flamed for this one, and I must admit my views on privacy and security are in flux right now.

It seems to me the government should offer a free anonymizer service, with the proviso that detection of verifiable illegal activities transacted through same would lead to the immediate disclosure of the sender's identity (or at least location) to the appropriate legal agency. Private anonymizer services should not be allowed (at least within US borders).

This would then be a way for whistle blowers and others not engaged in illegal activities to easily, and with better legal shielding, submit their disclosures or air their personal political views. Mailing death threats, circulating child pornography, arranging for killings, or setting up drug drops shouldn't have any kind of guarantee of hiding the sender's identity.

I can already hear the big sucking sound from civil libertarians -- "HOW CAN YOU POSSIBLY TRUST THE GOVERNMENT WITH THIS?"

It would seem trusting private individuals with this isn't much better (and the government gets what they want eventually anyway). Perhaps using a private anonymizing service shouldn't imply that someone has something to hide, but in the minds of many, it does.

Being intractable on this issue will hurt the IT community more in the long run, because it closely associates it with the ability to conduct illicit and untraceable activities. I am more worried about being being prevented from using cryptography, or being forced to register the keys with a government agencies. Here is where the battle should be fought, because it will lead to the real government oversight of the flow of sensitive information.

Yes this probably comes as result of 9-11-2001. Stop burying your heads in the sand and telling yourselves the world isn't any different now.

Re:Lets have a US government anonymizing service

[swordgeek]

"Stop burying your heads in the sand and telling yourselves the world isn't any different now."

I take offense to this remark. The world isn't really any different now than it was a month ago, and my saying that isn't an indication of me "burying my head in the sand." The only real difference is that some of you (mostly in the US) have pulled your heads _out_ of the sand and started to realise what's going on in the world.

As for your idea of a government run anonymizer service, there's just one problem: It won't work! It's exactly like banning secure encryption in the US now--the genie is already out of the bottle, and you can't put it back in. Criminals will always find ways around security, surveillance, and general watchfulness. By forcing bcakdoors on systems, you're only affecting (persecuting, in fact) the law-abiding citizens who will use them.

Re:Lets have a US government anonymizing service

[metis]

The only real difference is that some of you (mostly in the US) have pulled your heads _out_ of the sand and started to realise what's going on in the world.

Oh so TRUE!!!!

I wish I had mod points for you.

If the FBI announces that terrorists had a hotmail account, there will be a clamour to ban anonymous hotmail accounts. But we know the terrorists used boxcutters and jets and nobody says we should stop using boxcutters or jets.

THe problem with privacy is that it is a issue of principle that has little mainstream appeal. Most people are too damn boring to care about anybody reading their correspondence. It is the odd one out, the "perverse", the non-conformist, the politically marginal, etc. that will be hurt most.

The change of mood after September 11 just enhances a fundamental problem: marginal concerns are marginal. To those who cared about privacy, the attack should make no difference. If privacy is really important, it cannot be surrendered any more than air-travel can be surrendered.

Re:Lets have a US government anonymizing service

[DumbSwede]

Well the flow of responses is as predicted, I expected this would be flamebait.

The general consensus seems to be
GOVERNMENT == BAD
Personal rights to do anything electronically and have it hidden and undecipherable == GOOD

Wake up.
You people are not helping. If you want to hold onto reasonable rights, you have to offer reasonable, effective alternatives that still allow us stop and catch the bad guys.

I choose not to believe the US government is essentially evil. I choose to believe the US government has improved its stance on human rights in general, effectively and steadily over the last 200 years. I choose to believe there are truly evil men out there that would do America harm. I believe the majority of you online rights complainers are spoiled pampered brats that have never had to sacrifice the least little thing in your lives, and don't understand that we have to help find solutions to the problems caused by unintended side-effect our electronic age has brought us.

Re:Lets have a US government anonymizing service

[Tassach]

I doubt Franklin would have considered being able to use an electronic anonymizing service an "essential liberty"

I think Franklin, Jefferson, et al. would be aghast to think that the government agents could secretly and undetectably evesdrop on the public en mass, without a court order. This simply wasn't possible in their day -- the only way of communicating over distance was via a letter.

Even if all the mail of the day had been carried by the USPS (of which Franklin was the first Postmaster General), it would have been impossible for the gvt. to open and read every letter. Considering that sealing wax was used (in combination with distinctive seals) to close the letters, it was very difficult to open a letter without the intrusion being detected.

One of the biggest grievances the Colonists had with England was the fact that the Redcoats used general searches -- anyone & anyplace could be searched at any time for any reason. Our founding fathers considered this to be unacceptable conduct for a fair and just government. In response to this abuse of power, they established the principles set out in the 4th amendment: that a warrant is required for a search to take place, and that the warrant must explicitly list who and what is to be searched, and what the object of the search is. There's a world of diffence between being monitored because the Gvt. has probable cause (or, to use your own words, justifiable suspicion) and being monitored because you "fit the profile" or just because you happen to use the same ISP as somebody else who's under suspicion for somthing.

The wholesale monitoring of electronic communications is the moral equivilent of opening and reading every postal letter. It is unacceptable, immoral, and unconstituitonal. The government has no Constitutional authority to do so, and is explicitly BARRED from doing so without a warrant by the 4th amendment.

As a practical matter, the gvt. can and will monitor electronic communications, the Constitution be damned. It is a limitation of the technology that it is easy to monitor. However, we have the absolute right to use any and all technological measures available to us in order to guard the privacy of our communications against prying eyes and ears. Furthermore, while the Government may be able to COLLECT information via illicit/illegal means, there MUST be SEVERE restrictions on how that information can be used. Comunications intercepted without a warrant should NEVER be admissible in court, under any circumstances whatsoever. This is fine for anti-terrorism purposes.

A Terrorist (or any other covert operative) requires total secrecy in order to do his job. If his "cover" is blown, his operational effectiveness drops almost to nil. You don't even necessarily need to arrest a suspected terrorist in order to stop him - you just need to let him know that you know who & what he is and that he's being watched. If he's well-trained (as bin Laden's people are), his response will to cut all contact with his handlers in order to minimize the damage to the organization. You don't get the viceral satisfaction of sending his butt to jail, but that is really unimportant next to the fact that you've prevented a tragedy.

Re:Good.

[mathieukhor]

I am an ex-ZKS employee, and you - are a troll.

Do you really think you can stop people from developping or using encryption or anonymity? There a rumours Ben Laden uses steganography - should we ban all .GIF's and JPEG's on the web?

Most employeess at ZKS believe in protecting our rights, and in preserving privacy versus what is perceived by many as intrusions of a police state future into what was otherwise a "free" internet. As Phil Zimmerman said:, "if you ban strong crypto only the terrorists and criminals will have access to it."

Web surveillance and the new anti-terror law

[Everyman]

The liberals in Congress think they're sounding like civil
libertarians with their new, modified stand on Internet
surveillance. They say that the authorities should be allowed
warrantless taps to find out where you surfed, but not what you did
once you got there. The FBI has a right to know that you went to
Amazon, for example, but without a warrant they don't have a right
to know what books you bought. The legal distinction here is from
the old days: a "pen register" would record the number you dialed,
but not the conversation itself, and therefore qualified for a
looser legal standard.

But pundits don't realize that 99 percent of your Web activity can
be reconstructed from the Web's equivalent of "pen register"
information. The search terms you enter into search engines are
attached to the address itself. Do you believe that the FBI will
want this portion of the URL excluded simply because they don't
have probable cause? If and when the NSA is authorized to monitor
the backbone, do you expect that they will chop off the URL at the
question mark, so that this information is kept out of their
keyword-analysis supercomputers? Not likely.

My reading of the provisions of the new Anti-Terrorism Act of 2001
suggests that a single, one-time certification by a federal
law-enforcement official that such information is needed in a
criminal investigation, without any showing of probable cause, is
enough to require a court to issue an order allowing a pen-register
tap on any Internet service provider presented with the order,
throughout the entire U.S. The definition of this "pen-register or
trap and trace device" information has been expanded for the
Internet. It now includes "other dialing, routing, addressing, and
signaling information reasonably likely to identify the source of a
wire or electronic communication (but not including the contents of
such communication)."

For example, some federal official could conceivably serve Google,
or any other search engine, with a court order demanding log
information for all those who searched for particular persons or
particular combinations of search terms. The "query strings"
consisting of the users' search terms are, in all standard HTTP
server logs, included along with the user's domain or IP number.

One hopes that search engines would be inclined to challenge such
an order. But we may never know, because if they decide to
cooperate with the new law, their public relations office won't be
announcing this. The bottom line is that the phrase, "but not
including the contents of such communication," might be useful for
excluding the body of e-mail messages, but is mostly irrelevant for
Web surfing. This poor wording in the new law may mean that search
engines can no longer claim privacy at any level.

If someone wanted to redesign the entire Web for the express
purpose of surveillance, they couldn't do a better job than what we
already have. The profile that could be compiled if one had a list
of all the Web sites you visited, or all the search terms you've
used on Google, would be very revealing. The latter scenario is
more worrisome, because the former scenario, short of a
comprehensive backbone tap, would imply an order served locally at
your own ISP. You'd almost have to be pre-targeted by the
authorities. But a tap on a general search engine would amount to a
global sweep for information. Google currently gets about 110
million searches every day, most of which are from outside the U.S.
It would be tempting for the feds to monitor this traffic.

SAFEWEB has Javascript, CIA problems. Cool though

[billstewart]

Safeweb is one of several anonymizing services, of which the first well-known one was www.anonymizer.com. There are a couple of serious problems with it, one technical, one trust-related. On the other hand, Triangle Boy is really cool.

The technical problem is that their service uses Javascript, and doesn't work if you're not running Javascript. That means that any time you're using the system, you're vulnerable to any other JS problems on any other web page your browser encounters, until you turn JS back off. IIRC, Safeweb does attempt to clean up JS and other dangerous stuff from pages it displays to you, but it's still a risk. Also, I'm not that impressed with their Javascript, though I'm not an expert on the stuff - my problem was that under Mozilla ~0.91, they pop up windows to do the secure browsing in, and they're not really quite the shape of my screen, though that could have been Mozilla's fault. I sent email to the Safeweb folks about the fundamental "You're using Javascript" problem, and got a really prompt reply from their technical management, which was good, but they fundamentally didn't get it, which bothered me.

The other problem is trust - in general, you always need to be concerned about whether a service like this is trustable, both because of the intent of the people running it (are they ratting you out to somebody) and the security of their systems (if their server is 0wned by CrackerZ, you're not secure.) As I mentioned, Triangle Boy is really cool - it's a sort of distributed set of volunteer-run anonymizing servers, which keep moving around to prevent blocking services from blocking them, and Safeweb announced that they were going to be using this to provide censorship-free web access for people in China, the Middle East, and other places with censorship problems. The catch - they've got funding from In-Q-Tel, the CIA venture fund. It's probably entirely legit, and certainly good enough for most purposes - but how paranoid you need to be depends on who's really out to get you. ZeroKnowledge was very upfront about what their trustability levels were (plus I knew the folks there, and they were well-connected to the cypherpunks community.)

Re:Shaver

[Mike+Shaver]

I think I left ZKS several months back (on good terms, etc., etc.).

I think that Hamnett's message says it all (they couldn't afford to keep operating the network, because of that traditional operating-cost-vs.-revenue balance).

I think that gov't pressure -- should any have actually existed; I don't recall much such pressure from when I was there -- had nothing to do the decision.

I think they picked a very hard market nut to crack, and chose a very high bar for the level of security and privacy they were going to provide.

I think the market didn't share their (our) enthusiasm for that level of service, perhaps unfortunately.

I think a lot of people have talked here and elsewhere about how the Freedom network could have been done better, from technology or marketing or whatever perspectives...

...but I think nobody has done a better job so far of that type of network service.

I think they've learned a _lot_ about protecting privacy and helping other people and organizations protect privacy.

I think there's a market for that knowledge, and good applications of it.

I think they're going to be OK.

I think you shouldn't really care what I think.

(I think Craig's still a dork.)

Instant paranoia doesn't solve problems...

[Sonicboom]

Closing an anon remailer or anon web proxy is not going to stop terrorism. Neither is putting backdoors into encryption schemes, or making National ID cards that people will be required to carry. They are great deterrents tho.

Before the internet there was terrorism... and unfortunately terrorism will continue.

A step in the right direction would be tighter immigration laws. Better security on flights, and letting the millitary do their job (no more bullshit police actions).

But closing down a remailer or web proxy won't stop anything. It's paranoia. Why can't the terrorists set up their OWN anon remailers or proxies. Hell they could revert to using RFC1149 technology with a Honeycomb Cereal invisible ink pen....

Paranoia does not solve problems...

No Great Loss (Spam, Piracy, Harassment, etc.)

[Nova+Express]

There was once a time when anonymous remailers served a purpose on the net, and where the people using them were as or more likely to contribute something to the online community as any others.

Sadly, I think that time has now passed.

On most of the Usenet groups I frequent (which, of course, is merely the tiniest fraction of those available), the people using anonymous remailers seem to be overwhelmingly: A.) Spammers, B.) Jerks who contribute nothing to the group and who cower behind anonymity for the sole purpose of flaming others free of consequences, and C.) People who not not only pirate intellectual property, but who spam newsgroups with it to show everyone how big their virtual Warezzz penis is. For example, a couple of months ago, someone spammed rec.arts.sf.written with hundreds of badly OCRed SF novels and stories, including some by people who are by no means rich.

Frankly, the people with the most urgent need for legitimate use of anonymous remailers (i.e., those in communist or otherwise oppressive countries where there is no freedom of the press) are the ones who either can't get to them anyway, or whose governments have so much of the system tapped that it would be easy to track them down.

While there are still some legitimate uses for anonymous remailers (Scientology whistle-blowers, for example), the jerks and spammers seem to outweigh legitimate uses about 100 to 1. Thus I see no real cause to mourn their passing. I wish that it were otherwise, but we must deal with the world as it is, not as we wish it were.

Who needs anonymous services...

[Corgha]

...when you've got wireless?

Just find your local wide-open corporate or university wireless network, and hack away! Maybe even buy yourself a nice directional antenna... w00t!

Re:Time for these to disapear

[Doomdark]

Just a small comment; even though US administration certainly has lots of indirect influence on other countries' jurisdictions, it's not all that straight-forward to shut down foreign companies/websites. If I'm not mistaken, ZK is a canadian company, and like IP-name says, anon.penet.fi was a finnish site (a hobby of a finnish Internet pioneer who got lots of unfair shit because of a few uninforment news articles back then).

And no, it's not a co-incidence that practically all anonymity-enhancing services have been located outside US of A for years now.

Re:Ian Goldberg, Bruce Schneier & Whitfield Di

[Ian+Goldberg]

Believe me, no one is more disappointed about this than I am, but right now there simply isn't enough market buy-in on the premium services to justify the network's operating costs. :-(

As a business, we are focusing on the product that customers and partners want. Here's an official Zero-Knowledge Systems statement on the matter:

With the release of Freedom 3.0 and the discontinuation of the Freedom Network (our anonymous browsing and encrypted pseudonym service) there have been a number of questions for more details about the decision to stop offering the Freedom Network services. Hopefully this will help clarify things.

When we released Freedom 1.0 close to 2 years ago we saw a significant percentage of our users subscribe to the premium Freedom Network services. This was anticipated as our early adopters were very privacy and technology aware and had expressed strong interest in the Freedom Network offering.

As we began to increase the distribution of Freedom into the mass market with the release of Freedom 2.0 & 2.2, we saw a disproportionately high percentage of users who subscribed to the standard features (and not Freedom Network services). The initial interest in the premium (FN) services amongst our early adopters simply didn't carry over to the mainstream and as our user numbers grew, we began to realize that the market was looking for the kind of features we are now offering in Freedom 3.0.

As we began our feature triage for Freedom 3.0 (almost 9 months ago) we heard from customers and focus groups of users, as well as channel partners, and reflected on the statistics from our existing user base, and decided that there was not enough mass market demand for the premium services to justify continuing the service.

This was entirely a market related decision. The market demand for consumer Internet security and safety tools has grown considerably in the 4 years our company has been in business. Freedom 3.0 is a strong competitor to security offerings from companies such as Symantec and McAfee and we have gotten very positive market support and a warm reception from channel partners to this new version of our suite of privacy and security tools.

There has been speculation that this decision was somehow related to government pressure or was made in the wake of the tragedies of September 11. This is simply untrue. For the past 3 months we have been beta-testing this version with partners, getting certification from Microsoft for our drivers and completing our Alpha and Beta cycles with our beta users. Support for the Freedom network offering was removed from the client code base well before the recent tragedies of September 11.

Our research team is continuing work in the area of privacy enhanced network protocols, and we are open to any suggestions the research community offers on how we can leverage the work that went into the Freedom Network design and operation to advance this area of computer science. If you have suggestions or interest in this, please contact us at corporate@zeroknowledge.com.

Zero-Knowledge continues to offer our consumer protection utility Freedom 3.0 and we are very excited by the prospects for this product. We also have a division that is addressing the market need of enterprise privacy technologies that stem from managing consumer data that require strong security and policy frameworks to adhere to privacy regulations and customer preference management (Healthcare; Financial and other consumer data that is subject to new security, privacy restrictions relating to legislation like HIPAA, GLB, PIPEDA, EU privacy directive).

Our company continues to evolve and focus our efforts on market needs and customer demands and we remain very confident of our prospects in these markets.

Sealand will be next

[Zeinfeld]

I posted a story to slashdot predicting this would happen a couple of weeks ago.

The whole cryptographic anonymity area was likely to take a massive hit in the wake of the WTC attack.

Even if ZeroKnowledge had kept going the increased scrutiny and surveillance would render the scheme pointless. Having a FreedomNet account or connecting to the server would get you put on a watch list the minute the NSA found out - and find out they would.

I suspect that the number of hosting facilities willing to run the service servers declined substantially after the WTC attack.

I would not give the Sealand folk much chance of lasting very much longer. For all the riddiculous libberprattle the platform is now inside UK territorial waters and the UK government does not recognise sealand as a state. Since the sealand employees are mainly from the US that would make them illegal workers subject to arrest when they set foot on the mainland.

Re:Sealand will be next

[rdl]

ZKS ended Freedom because it doesn't make money for them; they rightly have shifted their focus to a somewhat better business model. I think ZKS was from the beginning a bit overly cypherpunk and not enough pragmatic business; it's widely known end-users DO NOT pay for privacy or anonymity and usually not for security. They are rightly focusing on what their major clients want. If the markets were doing better, ZKS could have continued subsidizing the Freedom network, and maybe more applications could have been built on top of it, but this is commercial reality -- they need to turn a profit ASAP.

HavenCo (the datacenter on Sealand) has *always* been focused on business clients, and selling services to people who receive bottom line benefits from HavenCo hosting -- a lot of our clients are chosing us at USD 1500/month where the only alternative is traditional central american offshore at USD 15k/month. That's why we have been profitable since 4 months after we started general sales. We're on-track with expansion plans, both in terms of physical sites, and related business offerings.We don't even offer a consumer web hosting or mail option because it just doesn't make money. You can feel free to criticize us for being mercenary, but that's why we'll be in business in 10 years, and companies which in effect subsidize consumer security offerings will probably not. In a recessionary market, products which can provide 1 for 1 substitution at a dramatic and immediate cost savings do well; we've had if anything an uptick since the summer.

(interestingly, at least one member of the press also claimed HavenCo would be out of business; this was in December 2000 if I recall correctly.)

Regardless of people of questionable impartiality or competence from cyberia-l, the fact is Sealand's legal claims have withstood more than 30 years of challenge by other governments; every lawyer who has written an opinion, including numerous professors of law, has recognized this, and there is substantial documentation from various government agencies, in the UK and other nations, to support.
It has always been clear that the true threat to security and privacy companies is market demand; followed perhaps by internal execution. Any threat of government action is so remote that if a company gets to the point where the government DOES shut them down, they've already won. The majority of the p2p systems in the US were forced to shut for commercial reasons (scour, aimster, etc.). Only a few of the most successful were challenged in court, and their failings were after the initial challenge primarily due to execution and lack of a real way to extract revenue, not action by the MPAA or RIAA.

That being said, I'm more than happy to run a Freedom server; I already run a mixmaster remailer (which is fairly similar technology), and there have been absolutely no serious complaints or difficulties. I know several of the executives at ZKS, and I'm sure they'll do the right thing. ZKS has always had a lot of support within the security and privacy community; they were started by and hired some of the best people, and developed technology which made no compromises on security. I'm sure their business and consulting offerings, as well as their remaining optimized client software, will do well.

Re:SAFEWEB has Javascript, CIA problems. Cool thou

[jsm]

IIRC, Safeweb does attempt to clean up JS and other dangerous stuff from pages it displays to you, but it's still a risk.

They do a pretty good job of sanitizing JS, but not perfect. In about an hour, I found a couple ways for a malicious server to compromise anonymity through SafeWeb, using JS. I'll grant that it's a tough job to sanitize all JS, but SafeWeb should provide a way for users to browse without JS. In my opinion, this is the single biggest problem with using SafeWeb.

I sent email to the Safeweb folks about the fundamental "You're using Javascript" problem, and got a really prompt reply from their technical management, which was good, but they fundamentally didn't get it, which bothered me.

Their FAQ indicates they don't get it-- they dismiss the notion that JS is a privacy concern, and discredit those who say it is. However, I think they realize it internally. I know someone who used to work there. He says they get emails complaining about JS every day, but they don't want to do away with their current UI.

As I mentioned, Triangle Boy is really cool - it's a sort of distributed set of volunteer-run anonymizing servers, which keep moving around to prevent blocking services from blocking them...

The concept is old... some people (*cough*) have been doing this since at least 1996. All it takes is an anonymizing proxy script that is released for distribution. I wrote one called CGIProxy, and there are others out there. Triangle Boy has pros and cons compared to these-- it puts the bandwidth load on SafeWeb's machines rather than the volunteer Triangle Boy servers, but then it won't work at all if the SafeWeb server ever has a problem (the other scripts run independently).

Feel free to ask more questions; this particular topic is a specialty of mine.

Re:You said it ...

[Rick+the+Red]

Privacy is only a concern for those who are under the illusion that anyone else would care to know what they write in their emails.

As a victim of identity theft I can assure you the threat of other people reading your email is no illusion. So far they've managed to charge over $10,000 to our credit cards in three months, and I suspect the sum is that low only because they maxed them out. We know our email is compromised because we got an email confirmation for one of the bogus orders.

Those of you who guard your email address to ward off spam are doing the right thing for the wrong reason, and I pray you never learn what can happen when you truely lose your privacy. If my wife knew I posted here she'd kill me, she's become so paranoid over this.