ZeroKnowledge's Freedom Server Code Available

hey writes: "The Register reports that Zero Knowledge's Freedom Network source code is now available." This seems to be part of CodeCon, which is now underway in San Francisco. You can't use the code for commercial gain, but I could see a non-profit network springing up...

Passing the buck

[Chiasmus_]

Proof once again that there can be freedom in a terrorism-obsessed world, so long as nobody has to take the blame for it.

from the happy-valentine's-day dept. ???

[cperciva]

Is someone a couple days late?

Or is the idea that people would use ZKS to send anonymous and untraceable Valentines?

Re:from the happy-valentine's-day dept. ???

[Chiasmus_]

Or is the idea that people would use ZKS to send anonymous and untraceable Valentines?

And what a tragedy that would be.

Re:from the happy-valentine's-day dept. ???

[BrianGa]

Hey! Since when do us geeks have to be concerned with such trivial matters as this "Valentines Day" that you speak of? We have far more important things to occupy our minds.

More hysteria kills software

[coupland]

Sorry, but despite the article it appears terrorism is once again eliminating freedoms internally. I used this service for a long time to dodge predatory advertisers and to avoid unsolicited contact. While Sep. 11th needs to be remembered vividly, people also need to remember that the basis of the American Constitution is that no external threat can strip one of their freedoms. This has been sadly missing of late but please don't forget that the precepts of democracy are Freedom, Tolerance, and and Equality. None can be abandoned due to an attack, in fact they are more sacred than ever...

Re:More hysteria kills software

[Chiasmus_]

Dude... the point here is that they've open-sourced the software.

Though the *company* may be unable to continue its anonymizing service in the wake of Sep. 11th, the people involved understood that their ideal could be fully realized simply by dumping the code on whoever wants to maintain it.

They may not make a pile of money this way, but, hey, did anyone really expect that this idea would rake in the cash in the first place? Anyone trying something like this must have some ulterior motive (see Neal Stevenson's Avi for a fictional counterpart).

Re:More hysteria kills software

[jazman_777]

While Sep. 11th needs to be remembered vividly, people also need to remember that the basis of the American Constitution is that no external threat can strip one of their freedoms.

Right. No external force is ready to occupy the USA. It's the Bloated Zombie of D.C. that's the main threat to our liberty.

Re:More hysteria kills software

[srichman]

Sorry, but despite the article it appears terrorism is once again eliminating freedoms internally.

What is this "despite the article" business? "Despite what the facts are, I'm going to pretend something of my own design and write a post about it..."

Their Chief Scientist said: "...support for the Freedom network offering was removed from the client code base well before the recent tragedies of September 11..."

Re:More hysteria kills software

[base3]

What would you have said if you had cypherpunk cred and were shutting down due to government pressure? "Due to the polite request of the RCMP, and their generous offer not to raid our offices, confiscate our equipment, and put us out of business, in addition to the fact that the independent Freedom server operators are all scared, the Freedom network will shut down on October 1?" Please.

Open Services?

[ocip]

While I'm glad to see the source is out for download now, it would have been nice to see it a long time ago. It would be really neat if online services shared their code with a "you can look, and play for yourself, but don't try to make money" sort of license. Not only would it improve the service (because of feedback) but also help others to implement a similar service as a custom solution.

I wish I had some examples.

Re:Open Services?

[Chiasmus_]

I think one of the reasons that open source works so well is that people *can* make money under most licenses.

Really, how many venture capitalists would even *glance* at Linux if the GPL included a provision saying "Don't even think about redistributing this code in some hardware you're trying to sell. This is educational stuff only."

Remember: something can't exactly be considered free (as in speech) if it tells you exactly how you're required to use it. From a law-abiding corporation's perspective, what's the difference between something you can't use and something you're not allowed to use?

Re:Open Services?

[hex1848]

While I'm glad to see the source is out for download now, it would have been nice to see it a long time ago. It would be really neat if online services shared their code with a "you can look, and play for yourself, but don't try to make money" sort of license. Not only would it improve the service (because of feedback

Could you imagine playing around with google's source code? now that would be badass.

Re:Open Services?

[spt]

#include "google.h"

void google(char *searchstring)
{
int i;

for(i=0;i<NumPages;i++)
{
if(strstr(Page[i].data,searchstring))
{
printf("%s\n",Page[i].URL);
}
}
}

Proposal

[Guido69]

Perfect. Now if I can just get this up and running, I can anonymously ask Kathleen to marry me. 'Taco won't have a clue who's stealing his girl! Bwaahahahah.

The article saith...

[polymath69]

The article saith,

The main tarballs is a 12.5MB download, PGP encrypted with the "traditional magic words" (one of which is a big bird).

OK, it is cool that Zero Knowledge is making this available. But what are the "traditional magic words"? And how would that work, anyway, with PGP? A passphrase usually unlocks only a private key, which, erm, we don't have, as far as I know.

River Phoenix? Open Sesame Street?

Re:The article saith...

[Nimey]

A passphrase usually unlocks only a private key, which, erm, we don't have, as far as I know.

Not unless it's been encrypted with "conventional" crypto, which doesn't touch public/private keypairs. But yeah, who has a clue about the password?

Re:The article saith...

[ekrout]

Gee, um, just a wild guess, but how about:

opensesame

Re:The article saith...

[Toodles]

Im not sure ( I haven't tried yet, still downloading ) but I have a hunch the magic words are the same ones I tell my 3 year old:

Please and Thank You.

I can only guess the 'big bird' reference is someone mixing up 'Ewe' and 'You'. Shame a ewe isn't a bird thou.

Toodles

Re:The article saith...

[glitch!]

ut what are the "traditional magic words"?

Doesn't anyone remember "THE WORDS ARE SQUEAMISH OSSIFRAGE"?

Maybe not... Well, it was worth a try :-)

Re:The article saith...

[Ivan+the+Terrible]

Yes, of course I remember. They're famous, as are "Many hands make light work."

Re:The article saith...

[karlm]

And how would that work, anyway, with PGP? A passphrase usually unlocks only a private key, which, erm, we don't have, as far as I know.

Symetrically encrypted messages. An md5 sum of the passphrase is ussed to encrypt the session key and this is symetrically encrypted session key is sent just like an asymetricically encrypted session key at the beginning of the message.(Hopefully the session key encryption uses the same cipher as the message. Failing that 3DES. but it's been a little while since I've read the OpenPGP spec.)

Re:The article saith...

[lcracker]

"squeamish ossifrage", sans quotes

Re:The article saith...

[Ivan+the+Terrible]

Accidentally, in my reply, I let the original poster know that I knew what he was talking about, but without actually giving the answer. It was a zero-knowledge proof.

Zero-knowledge proofs are quite interesting because they're so counter-intuitive. See here for an explanation of what a zero-knowledge proof is. Google around for more.

Re:The article saith...

[Jose]

why it is Klaatu Varata Niktu obviously...

Re:The article saith...

[glitch!]

They're famous, as are "Many hands make light work."

Hey, that's pretty good! That project had large numbers involved, and the final product was really big news :-) (I'll stop now.)

Re:The article saith...

[naasking]

No, no. It's Nickel... or Necktie... it was definitely an 'N' word! (sly peek to the left... sly peek to the right...) ...

Re:The article saith...

[iceburn]

opensesame like in Sesame Street, with Big Bird.
Sesame sure is a weird word.

Re:The article saith...

[Ivan+the+Terrible]

Another zero-knowledge proof!

Re:The article saith...

[KlomDark]

Try DogPenis

Re:The article saith...

[Captain+Nitpick]

why it is Klaatu Varata Niktu obviously...

That's "Klaatu barada nikto". It comes from the sci-fi classic, The Day the Earth Stood Still.

Something else like this

[oasamostexianu]

http://www.jmarshall.com/tools/cgiproxy/ A free, fast, anonymous web proxy. Pretty neat.

FYI

[BlueFall]

CodeCon's being held at Jamie Zawinski's (JWZ's) club, the DNA Lounge, in case you were curious.

Re:Waitaminute...

[base3]

It was available when ZKS shutdown freedom in the aftermath of 9/11, uh, excuse me, because there was "no market" for it.

AFAIK, the source was never removed, though I grabbed it immediately in case it had been.

Uh, yeah, right.

[base3]

but I could see a non-profit network springing up...

Because I'm certain there are lots of volunteers out there that want to donate their bandwidth to the cause of having their door kicked down and family forced face down on the floor at gunpoint because someone used their Freedom server to threaten the POTUS, exchange kiddie porn with an FBI agent, or (horror of horrors) download a non-rights-managed piece of music and that person was the lucky person to be the exit server for the traffic.

These servers simply cannot be run successfully by individuals with the potential legal problems of relatively honest use, much less malicious use. And after 9/11, I doubt very many ISPs would be able to weather the storm, either.

Re:Uh, yeah, right.

[wurp]

Uh, yeah, right. I mean, really, right. There are people out there who want to donate their bandwidth to the cause of free anonymous speech, and if that means someone might see some ugliness that could result in us testing some of the more oppressive aspects of recent turns of law in court, so be it.

If you're not willing to stand up for your beliefs, at least don't mock those who are.

Re:Uh, yeah, right.

[base3]

I'll be expecting you to post the IP address of your Freedom server, then. I'm not mocking anybody, just pointing out what should be obvious risks of providing such a service.

Re:Uh, yeah, right.

[acceleriter]

I think that the demise of the Freedom network probably had quite a bit to do with ISP's becoming skittish at providing "terrorist grade" anonymity, and the network fell apart for lack of providers outside of ZKS right after 9/11.

The fact that the ZKS servers were the only ones running almost immediately after the announcement of the closer because of "market forces" (heh) seems to point to this.

Any individual in the U.S. who would put themselves in a position of carrying this traffic and not being able to immediately give up a given sender (which, by design, can't happen in the Freedom network) is one of:

a) a hero
b) has gonads the size of watermelons
b) totally and complete f*cking insane.

The only hope for such a network is offshore--one running in the U.S. would either keep logs for production on demand to Federal LEO's or be shut down, probably by force.

Even Freedom takes this stand with their new anonymizer-like product, Websecure. From the privacy statement:

Please note that, in some exceptional instances, we may need to log certain traffic data, for example, in order to detect and diagnose technical problems, prevent network abuse, or if compelled to do so by law.

Note that "compelled to do so by law" is open to interpretation--that could be anything from an intimidating guy in sunglasses asking nicely for what d00d123 did for the last six months, or a valid subpoena from a Federal court. It also gives them the ability to log anything they want, under the "detect and diagnose technical problems," without promising that this would not be individually identifiable.

And they still say with a straight face that ZKS Freedom wasn't a casualty of 9/11.

Re:Uh, yeah, right.

[jbrw]

didn't zk base themselves in canada because of more favourable laws?

what's the situation like up there?

Re:Uh, yeah, right.

[acceleriter]

IIRC, Canada is less restrictive of crypto in general, but since, after 9/11, everyone is "with the U.S. or a terrorist," I imagine Canada isn't offshore enough, unfortunately.

When the Freedom network was running, various ISP's throughout the world offered servers, and you could choose your route, e.g. you could make your packets go through Japan, England, and exit in the Netherlands. That would make a subpoena attack on all three very difficult.

Re:Uh, yeah, right.

[Graymalkin]

While I believe that anonymity is the backbone of democracy, anonymity provides security for the minority from the majority when the minority disagrees with the majority. Saying someone ought to put their necks on the chopping block so somebody else can preserve their anonymity sort of invalidates your point. You're asking someone to take one for the team which in itself mocks the concept of pursuing life, liberty, and happiness. I would even say that getting your ass thown in jail because you let people download pictures of naked kids would be the antithesis of pursuing happiness and liberty. Prisons are notorious for their drab colours and lack of personal liberty, unless that is the libery to get anally raped by bigger inmates. Don't mock people's unwillingness to risk the structure integrity of their assholes because you don't want anyone knowing you voted for the other guy.

Re:Uh, yeah, right.

[Python]

You mean like how there are no anonymous remailers or proxy servers now run by volunteers?

Re:Uh, yeah, right.

[base3]

There's a higher bar to anonymous remailers that keeps the morons out. And "they" can still find out who someone is by subpoenaing each remailer operator on the route.

And I doubt many of those "anonymous" proxy servers don't keep logs.

<ultra-paranoid>And how are you so sure those volunteers aren't really the people who want to spy on you the most? At least if anyone had been bagged using ZKS Freedom, that would have put them out of business (pre 9/11).</ultra-paranoid>

Magic Words

[The+Pi-Guy]

Time to set up a distributed code tarball cracker? :)

--joshua

Mirror?

[Emugamer]

Anyone have another mirror which we could slashdot? this one is chirping on at a great 1k/s :)

Re:How about the slashdot drinking game?

[JPawloski]

what about a SIP per misspelling or grammatical error? I wouldn't be able to stand up after one viewing of the front page.

-1 Evil Genius Rules Violation on the MQR standard

[MarkusQ]

Guido69: Perfect. Now if I can just get this up and running, I can anonymously ask Kathleen to marry me. 'Taco won't have a clue who's stealing his girl! Bwaahahahah.

Perfect? Hardly. In the unlikely event that she decides to accept she won't know who to accept.

Unless of course she saw your post...unless of course he also saw your post...

Anonymity is tricky, yes?

-- MarkusQ

Usability...

[Bonker]

Downloading the code now... at a whopping .8 k/s.

'sokay. I'll just let the download run all night and maybe I'll have a whole tarball in the morning. If not, I'll try again and grab it off one of the mirrors that will inevitably spring up.

What I'd really like to see come out of this, however, are 'userland' Win32 and MacOS implimentations ala 'Triangle Boy'.

I'm simply not much of a coder, or I would spend time on this, since I think it's such an important project.

Make this usuable for both experienced and inexperienced admins, and you have done a great deal for privacy and freedom.

Re:Usability...

[Ivan+the+Terrible]

Codecon has turned off access to the files. Is there a mirror somewhere?

not free

[kz45]

You can't use the code for commercial gain, but I could see a non-profit network springing up...

Why is this even on slashdot?! The producer of this code is releasing it under a "non free" license.

What Happened?

[LuYu]

what happened to the code posting? i accessed the posting a couple of hours ago and started a download... i had been downloading for around 2.5 hours, and the transfer stalled... i decided to check the website, and -- ITS GONE!

does anyone know what happened? i keep getting a 404... its still stalling frequently, as well... perhaps getting slashdotted was more than they bargained for... in any case, id like to know the story behind it...

now its back...

[LuYu]

weird... now its back... did anyone else have this problem?

Re:now its back...

[Achituv]

Um, i dont seem to find it...

Still getting 404's !

If anyone has this - please send me a msg.

Thanks!

Files deleted

[rdl]

Either Bram or Len abused the hosting which was provided to codecon on the basis of "information about CodeCon, text-only" to host large files of non-open-source software. I have removed the files, please get them from a mirror.

Anyone who gets free service and then abuses the terms of service under which that service is provided really has little right to complain when their access is permanently deleted.

Paying customers are certainly welcome to use their full available bandwidth. CodeCon is hosted for free, as it was originally an idea a few of us on OPN were discussing and originally organizing.

Network needed

[SiliconEntity]

This is the software for the Freedom server. To make it into a useful system, people need to coordinate to run the servers as part of an interconnected network. There needs to be some centralized place where the client software can locate lists of servers in order to choose its routes.

And speaking of the client, has its code ever been released? I know at one point they did release code for a Linux client, but what about Windows?

Freedom also used a "Nym" concept where customers paid for Nyms. When you browsed on the net or sent email through a chain of Freedom servers, the last server in the chain learned your Nym (but not your true identity). Then if you had misused the service, your Nym could be cancelled. This provided some protection against servers in the network, because users would not want to lose Nyms, as they cost real money.

In an open source Freedom network, what would replace the Nym concept? Would server operators no longer have this protection, so that spam or hacking could go through their systems and there is no way to stop the people involved, who are hidden at the other end of a chain of Freedom servers? Or would they coordinate to set up a centralized Nym server and perhaps even require a monetary donation to purchase a Nym, in order to discourage abuse?

Many questions remain to be resolved before even this generous release of source code can replace the service formerly offered by ZKS.

Re:Waitaminute...

[Mark+Trade]

No. ZKS announced that the service is to be shut down way before September 11.

Non-profit my ass

[KlomDark]

Those things are generally the scummiest things out there. Some fuck gets a government grant to "help people" with some thing, say $500,000 for a three year project, the main scurve pays himself $100,000 a year out of that money leaving $200,000 left. Enough for office rent, pseudo-advertising (aka CYA money), a couple computers, and probably a bunch of coke in the meantime.

If I ever license anything like that, it's going to exclude both corporate and little scum-sucking "legally" not for profit "organizations" as well. Only truly for "no gain usage"

Maybe if they share the coke... :)

Re:The article saith...it's an adventure!

[farrellj]

The obvious magic word to me is:

XYZZY

(The world spins around, and you find ourself in front of small house, there are pgp keys and a lantern on the ground by your feet)

ttyl
Farrell

mirror anywhere?

[msew]

did anyone get the file and have it mirrored?

oh where oh where will the mirrors be!

Re:Waitaminute...

[base3]

They did not announce the shutdown before 9/11. It was almost immediately afterward. If you can produce a citation to the contrary, I'll retract that statement, but you can't.

On the other hand, ZKS claimed to have planned the shutdown before 9/11. But that's not the same as announcing.

Re:Uh, yeah, right why not before?

[H310iSe]

This is great - we don't need any demi-paranoid analysis to acknowledge that there are countries where the internet is censored in some way and where triangle + freedom create a relitavely safe way to exchange music. I mean ideas. either.

So A) howabout someone link to an explanation of how to set up a server and point triangle clients to you and
B) let's hear a little enthusiasm for freedom on the web - I recently searched, for example on "constitution united states" and found 2 sites willing to sell me 'chapters' of the constitution before I found the .gov site where it's published.
What's whrong with us, it seems like in some ways the internet has lost content since 1995 (when the gutenberg project was in full swing, muds and bulliten boards were all around and the microsoft EULA was, well, something no one read and it didn't matter.

*sight*

Re:Uh, yeah, right why not before?

[base3]

Like I said to the other guy who was swinging his free speech bravado here, I'll be expecting to see the IP of your Freedom server posted.

Fact is, the exit server is the one where the rubber hits the road--the one where from which the threating emails are being sent, the one trying the stack smashing on web pages, the one trying to telnet to dockmaster.nsa.mil.

Fact is, I'd admire anyone taking the risks associated with that--but only someone either wealthy enough to afford a bevy of lawyers to assert his rights or with a serious wish to see the prison system from the inside would run one of these and make it available to all comers.

Freedom Source Mirror and New CodeCon URL!

[lowy]

CodeCon is being broadcast live from the DNA Lounge over streaming video.

They just announced Ryan at HavenCo has changed the password to the codecon.org server and conference organizers can no longer log in. They have setup a New Server for CodeCon which has updated info on the conference.

The source to the Freedom Network servers linked from this new server is now at Linux Fund. Yeah!

Tweakdom is a SourceForge project for this code

[willdye]

Back when the old Freedom network was up and running, I started a SourceForge project for making client-side tweaks to their software. Now that the server code is out, I'll start another project to try to create an all-volunteer network that attempts to replicate at least some of the old functionality.

Those interested should sign on to the announcement mailing list, at:

http://tweakdom.sourceforge.net

--Will

Re:great use of cut and paste

[kzinti]

ha ha, nice going losing karma, FAG!

I've got SHITLOADS. Bring on the modders!