ZixMail used to be called CustomTracks.
One of its founders was a big wig at the CIA.
No kidding.
They got FULL EXPORT PERMISSION long before
the crypto rules were weakened. Why ? Because
their products do key escrow.
Its bad enough that Yahoo is basicaly using a
crap protocol with them. Its just really
disturbing that Yahoo would work with these guys.
It means that for most people it dosent matter
that the crypto walls have come down. Because
the non-technical people will be given
toy, escrowed cryptography.
This app is really the cypherpunks dream come true. All the other pay products out there for anonymity are TOYS compared to Freedom in how well they protect your anonymity. The only thing that has a comparable level of anonymity is the mixmaster / cypherpunk remailers with the nym servers. I have used those too. They are much harder to use. They really only do email. You could use mail to web gateways to get web from the remailers but i never have. Wait a minimum of say 30 minutes (a chain of a few remailers) for one web page ? Yeah right.
They took a while to release the source code. Some of the cypherpunks were wondering if they had been pressured by their VC backers not to. (one of the founders is one of the original cypherpunks). Im thrilled that they released the client code and expect that they will fulfill thier promise to release the server code - but dont take too long guys. They are also working on a semi-anonymous payment system. I say semi-anonymous because their comments indicate that UNLIKE the Freedom web product, they feel like they need to restrict the financial anonymity somewhat to comply with laws / banks wishes. I cant wait for it anyway.
Alot of you on slashdot have libertarian attitudes. Attitudes that include being against censorship and illegal snooping (like many think includes Carnivore / Echelon). If there is any company that will protect you against people who want to take away your right to anonymous speech that (US) Supreme Court cases have held exists from cases of anonymous political phamplets, it is Zero Knowledge systems.
Having said all this you all should know that it is quite likely that laws will be created to make strong anonymity like Freedom offers illegal. No kidding. The opponents of anonymity have not had much luck in congress yet. But right now there is the "Cyber Crime" treaty nearing signature that would require internet service providers to keep records that would make Freedom illegal. It would force DMCA like provisions on its signers. Who wants this and why will it happen ? Media companies, FBI, NSA and non us equivalents. From cnet.com [Edgar Bronfman Jr., chief executive of Universal Music Group parent Seagram, said last week. "As citizens, we have a right to privacy. We have no such right to anonymity."] http://www.canada.cnet.com/news/0-1005-200-1983353 .html
They are afraid it becoming far more difficult to go after Napster users if they need to. The FBI and NSA and thier non US equivalents like thier Carnivore and Echelon. Many believe that dispite thier assertions they do things that should require a warrant, without one.
Here are some quotes from wired.com about this treaty proposal: {..Require websites and Internet providers to collect information about their users, a rule that would potentially restrict anonymous emailers.} { "It's a direct assault on legal protections and constitutional protections that have been established by national governments to protect their citizens," says Marc Rotenberg of the Electronic Privacy Information Center. "It's both an end run by police agencies and a bit of policy laundering by the U.S. Department of Justice to get more (surveillance) authority." }
Strong anonymity is the only sure protection to the current level of corporate invasion of privacy. Do you know that for $50 you can get anyones SS# ? For a few hundred you can get all kinds of things like bank statements securities holdings, real estate holdings. I want pervasive strong anonymity so that i control my information and only a series of court orderd warrants can get it.
We won the battle on encryption. But we are likely going to loose this at least with the lawmakers. Why ? BECAUSE in the ENCRYPTION debate BUSINESS was ON OUR SIDE. Now they are almost entirely against us. ZKS is for us. Who else ? You know the power of money. Help fight for anonymity and against the DMCA and DMCA like provisions. Write your representatives and support an organization that is part of The Global Internet Liberty Campaign : http://www.gilc.org/ (includes organizations like the ACLU, EFF, EPIC, CDT)
They might be able to find the first time that for example a jpg was posted to any web site or any newsgroup or anything else public. But simple private communication with encryption will not be seen nor will anyone using stuff like freedom.net or better - the cypherpunk / mixmaster remailers. If they monitored every entry/exit point into those networks like some believe the NSA does, then they might be able to track things to the source only because those networks have some weaknesses at this point to such a powerful observer.
Alot of comments ive read indicate that people dont quite understand what crypto can do for a smart card. It can make cards practically unforgeable without the cooperation of one or more "official" card makers like the people who work at the DMV windows.
If the card stores biometric data (like retna scan / dna) and this is signed to a name (yours) by the state's public key (thier master key or some set of master keys) this cant be forged without the states cooperation. If you only assume you can mess with the cards (in your possession) and not the card readers (police hands) or the card issueres then the card is unforgeable. The signature checking mechanism in the (retna / dna) readers will detect a bad signature and presumably retna / dna scans cant be forged. If the states keys are shared between many people - like you have to have 3 DMV type people aggree before you get a smart card signed - then you have to bribe 3 people or sabotage 3 machines. RSA and 3DES are very likely not breakable EVER unless quantum computers meet their potential. Perhaps we can make public crypto which will survive quantum computers. Symmetric crypto like AES 256 bit cyphers will onlly be dropped to 128 bits in strength with quantum computers so they will survive an ideal quantum computer.
In short : for the above function - biometric identity smart cards - the cards are UNFORGEABLE without bribes of card makers. Even the bribing can be made very hard if many people MUST be bribed to make it work.
Digital cash on smart cards can also be UNFORGEABLE as long as every transaction includes a check with the bank. (Ive read its possible without going to the bank each time but i dont understand it so i wont assert it)
In a way I like what Shawn has to say,but recently ive been wondering if ill like the results if Napster wins in court. He says he wants to be able to support the artists : " am an avid music fan myself and it is important to me that Napster benefit artists". Its not clear that any idea to pay for music when its free will work PRACTICALLY. Yet somehow im not worried about loosing all that big money top40 music. But what happens when this happens to MOVIES in a BIG WAY say 10 years from now when many have (two way) T1s and more ? So recently ive been wondering will they still make movies like the MATRIX ? Ill miss that. Wont you ?
Im not joking at all. Look at the specs on ibm's website for thier newest ide drives - even at 5400 rpm. And yes i know that the inner tracks can be much faster that the outer tracks on a disk.
I have used loopback before and did not find the performance "poor" at all compared other encrypting filesystems in software. However you should know that I have seen a huge performance hit is huge for a supposedly good encrypting file system. I do have rough numbers for scramdisk in windows with blowfish (the fastest it has). 2MByte / sec for a 350mhz PII. All I remember is that the loopback device for linux being at least as fast. If you dont know disks these days - even IDE - can be 10-20 MBytes / sec. It dosent make much sense to me why the scramdisk implementation is the speed it is. It is supposed to be a good implementation. Theoretically i think you can get 26 clocks / byte on a PII for blowfish which is over 10 MB/sec on a PII 350.
Each ALU runs at 100Mhz. Why so slow ? It makes the chip much less impressive than it seems. I think that an Athalon can theoretically perform 6 integer multiply-accumulates per clock cycle. A 1Ghz Athalon then can theoreticaly perform 6 giga multiply-accumulates per second. The XPU128 theoretically perform 12Giga multiply-accumulates per second. Twice as fast. Big deal. So why is the XPU128 clock rate so slow ?????????
Athalon info:
http://www.azillionmonkeys.com/qed/cpujihad.shtml
Slashdot Mirror
ZixMail used to be called CustomTracks. One of its founders was a big wig at the CIA. No kidding. They got FULL EXPORT PERMISSION long before the crypto rules were weakened. Why ? Because their products do key escrow. Its bad enough that Yahoo is basicaly using a crap protocol with them. Its just really disturbing that Yahoo would work with these guys. It means that for most people it dosent matter that the crypto walls have come down. Because the non-technical people will be given toy, escrowed cryptography.
This app is really the cypherpunks dream come true. All the other pay products out there for anonymity are TOYS compared to Freedom in how well they protect your anonymity. The only thing that has a comparable level of anonymity is the mixmaster / cypherpunk remailers with the nym servers. I have used those too. They are much harder to use. They really only do email. You could use mail to web gateways to get web from the remailers but i never have. Wait a minimum of say 30 minutes (a chain of a few remailers) for one web page ? Yeah right.
3 .html
They took a while to release the source code. Some of the cypherpunks were wondering if they had been pressured by their VC backers not to. (one of the founders is one of the original cypherpunks). Im thrilled that they released the client code and expect that they will fulfill thier promise to release the server code - but dont take too long guys. They are also working on a semi-anonymous payment system. I say semi-anonymous because their comments indicate that UNLIKE the Freedom web product, they feel like they need to restrict the financial anonymity somewhat to comply with laws / banks wishes. I cant wait for it anyway.
Alot of you on slashdot have libertarian attitudes. Attitudes that include being against censorship and illegal snooping (like many think includes Carnivore / Echelon). If there is any company that will protect you against people who want to take away your right to anonymous speech that (US) Supreme Court cases have held exists from cases of anonymous political phamplets, it is Zero Knowledge systems.
Having said all this you all should know that it is quite likely that laws will be created to make strong anonymity like Freedom offers illegal. No kidding. The opponents of anonymity have not had much luck in congress yet. But right now there is the "Cyber Crime" treaty nearing signature that would require internet service providers to keep records that would make Freedom illegal. It would force DMCA like provisions on its signers. Who wants this and why will it happen ? Media companies, FBI, NSA and non us equivalents. From cnet.com [Edgar Bronfman Jr., chief executive of Universal Music Group parent Seagram, said last week. "As citizens, we have a right to privacy. We have no such right to anonymity."] http://www.canada.cnet.com/news/0-1005-200-198335
They are afraid it becoming far more difficult to go after Napster users if they need to. The FBI and NSA and thier non US equivalents like thier Carnivore and Echelon. Many believe that dispite thier assertions they do things that should require a warrant, without one. Here are some quotes from wired.com about this treaty proposal:
{..Require websites and Internet providers to collect information about their users, a rule that would potentially restrict anonymous emailers.}
{ "It's a direct assault on legal protections and constitutional protections that have been established by national governments to protect their citizens," says Marc Rotenberg of the Electronic Privacy Information Center. "It's both an end run by police agencies and a bit of policy laundering by the U.S. Department of Justice to get more (surveillance) authority." }
Strong anonymity is the only sure protection to the current level of corporate invasion of privacy. Do you know that for $50 you can get anyones SS# ? For a few hundred you can get all kinds of things like bank statements securities holdings, real estate holdings. I want pervasive strong anonymity so that i control my information and only a series of court orderd warrants can get it.
We won the battle on encryption. But we are likely going to loose this at least with the lawmakers. Why ? BECAUSE in the ENCRYPTION debate BUSINESS was ON OUR SIDE. Now they are almost entirely against us. ZKS is for us. Who else ? You know the power of money. Help fight for anonymity and against the DMCA and DMCA like provisions. Write your representatives and support an organization that is part of The Global Internet Liberty Campaign : http://www.gilc.org/ (includes organizations like the ACLU, EFF, EPIC, CDT)
They might be able to find the first time that for example a jpg was posted to any web site or any newsgroup or anything else public. But simple private communication with encryption will not be seen nor will anyone using stuff like freedom.net or better - the cypherpunk / mixmaster remailers. If they monitored every entry/exit point into those networks like some believe the NSA does, then they might be able to track things to the source only because those networks have some weaknesses at this point to such a powerful observer.
Alot of comments ive read indicate that people dont quite understand what crypto can do for a smart card. It can make cards practically unforgeable without the cooperation of one or more "official" card makers like the people who work at the DMV windows. If the card stores biometric data (like retna scan / dna) and this is signed to a name (yours) by the state's public key (thier master key or some set of master keys) this cant be forged without the states cooperation. If you only assume you can mess with the cards (in your possession) and not the card readers (police hands) or the card issueres then the card is unforgeable. The signature checking mechanism in the (retna / dna) readers will detect a bad signature and presumably retna / dna scans cant be forged. If the states keys are shared between many people - like you have to have 3 DMV type people aggree before you get a smart card signed - then you have to bribe 3 people or sabotage 3 machines. RSA and 3DES are very likely not breakable EVER unless quantum computers meet their potential. Perhaps we can make public crypto which will survive quantum computers. Symmetric crypto like AES 256 bit cyphers will onlly be dropped to 128 bits in strength with quantum computers so they will survive an ideal quantum computer. In short : for the above function - biometric identity smart cards - the cards are UNFORGEABLE without bribes of card makers. Even the bribing can be made very hard if many people MUST be bribed to make it work. Digital cash on smart cards can also be UNFORGEABLE as long as every transaction includes a check with the bank. (Ive read its possible without going to the bank each time but i dont understand it so i wont assert it)
In a way I like what Shawn has to say,but recently ive been wondering if ill like the results if Napster wins in court. He says he wants to be able to support the artists : " am an avid music fan myself and it is important to me that Napster benefit artists". Its not clear that any idea to pay for music when its free will work PRACTICALLY. Yet somehow im not worried about loosing all that big money top40 music. But what happens when this happens to MOVIES in a BIG WAY say 10 years from now when many have (two way) T1s and more ? So recently ive been wondering will they still make movies like the MATRIX ? Ill miss that. Wont you ?
Im not joking at all. Look at the specs on ibm's website for thier newest ide drives - even at 5400 rpm. And yes i know that the inner tracks can be much faster that the outer tracks on a disk.
I have used loopback before and did not find the performance "poor" at all compared other encrypting filesystems in software. However you should know that I have seen a huge performance hit is huge for a supposedly good encrypting file system. I do have rough numbers for scramdisk in windows with blowfish (the fastest it has). 2MByte / sec for a 350mhz PII. All I remember is that the loopback device for linux being at least as fast. If you dont know disks these days - even IDE - can be 10-20 MBytes / sec. It dosent make much sense to me why the scramdisk implementation is the speed it is. It is supposed to be a good implementation. Theoretically i think you can get 26 clocks / byte on a PII for blowfish which is over 10 MB/sec on a PII 350.
Each ALU runs at 100Mhz. Why so slow ? It makes the chip much less impressive than it seems. I think that an Athalon can theoretically perform 6 integer multiply-accumulates per clock cycle. A 1Ghz Athalon then can theoreticaly perform 6 giga multiply-accumulates per second. The XPU128 theoretically perform 12Giga multiply-accumulates per second. Twice as fast. Big deal. So why is the XPU128 clock rate so slow ????????? Athalon info: http://www.azillionmonkeys.com/qed/cpujihad.shtml