ZeroKnowledge to Discontinue Anonymity Service 347
VulgarBoatman writes: "ZeroKnowledge, providers of Freedom.net and Freedom privacy software, have abruptly decided to stop providing anonymous web browsing and private, encrypted, untraceable email for its customers. They give users 7 days before the system is shut down and all untraceable email addresses are disabled. They also say that your "secret" identity may not remain a secret for long." Well, note that that last link is a warning about using the service during the shutdown period, not a warning that they plan to compromise nyms in general. At least they're offering a refund. Update: 10/04 19:00 GMT by M : ZKS has a statement in the comments below.
Not so bad though is it? (Score:3, Insightful)
This is an opportunity (Score:3, Insightful)
First off, when ZeroKnowledge closes, all of its customers will be forced to find another provider. That will make the other providers 1) more profitable (assuming they aren't taking a loss but making it up in volume, like Amazon); and 2) more effective. As mentioned in the warning to their customers, low volume makes it easier to correlate traffic entering their system with traffic leaving their system. When such a system gets sufficiently large, it will be very difficult to correlate input streams and output streams, because of the sheer number of possible matches.
Secondly, the closing of another anonymity service will make it harder for terrorists to operate on the internet. They will have one less place to hide. And that has a positive effect on law-abiding netizens - because when communications are more traceable and less anonymous, the government will have fewer excuses to pass legislation that gives law enforcement more snooping powers. And that benefits us all.
-sting3r
Re:Good. (Score:3, Insightful)
Do you really think you can stop people from developping or using encryption or anonymity? There a rumours Ben Laden uses steganography - should we ban all
Most employeess at ZKS believe in protecting our rights, and in preserving privacy versus what is perceived by many as intrusions of a police state future into what was otherwise a "free" internet. As Phil Zimmerman said:, "if you ban strong crypto only the terrorists and criminals will have access to it."
Web surveillance and the new anti-terror law (Score:4, Insightful)
libertarians with their new, modified stand on Internet
surveillance. They say that the authorities should be allowed
warrantless taps to find out where you surfed, but not what you did
once you got there. The FBI has a right to know that you went to
Amazon, for example, but without a warrant they don't have a right
to know what books you bought. The legal distinction here is from
the old days: a "pen register" would record the number you dialed,
but not the conversation itself, and therefore qualified for a
looser legal standard.
But pundits don't realize that 99 percent of your Web activity can
be reconstructed from the Web's equivalent of "pen register"
information. The search terms you enter into search engines are
attached to the address itself. Do you believe that the FBI will
want this portion of the URL excluded simply because they don't
have probable cause? If and when the NSA is authorized to monitor
the backbone, do you expect that they will chop off the URL at the
question mark, so that this information is kept out of their
keyword-analysis supercomputers? Not likely.
My reading of the provisions of the new Anti-Terrorism Act of 2001
suggests that a single, one-time certification by a federal
law-enforcement official that such information is needed in a
criminal investigation, without any showing of probable cause, is
enough to require a court to issue an order allowing a pen-register
tap on any Internet service provider presented with the order,
throughout the entire U.S. The definition of this "pen-register or
trap and trace device" information has been expanded for the
Internet. It now includes "other dialing, routing, addressing, and
signaling information reasonably likely to identify the source of a
wire or electronic communication (but not including the contents of
such communication)."
For example, some federal official could conceivably serve Google,
or any other search engine, with a court order demanding log
information for all those who searched for particular persons or
particular combinations of search terms. The "query strings"
consisting of the users' search terms are, in all standard HTTP
server logs, included along with the user's domain or IP number.
One hopes that search engines would be inclined to challenge such
an order. But we may never know, because if they decide to
cooperate with the new law, their public relations office won't be
announcing this. The bottom line is that the phrase, "but not
including the contents of such communication," might be useful for
excluding the body of e-mail messages, but is mostly irrelevant for
Web surfing. This poor wording in the new law may mean that search
engines can no longer claim privacy at any level.
If someone wanted to redesign the entire Web for the express
purpose of surveillance, they couldn't do a better job than what we
already have. The profile that could be compiled if one had a list
of all the Web sites you visited, or all the search terms you've
used on Google, would be very revealing. The latter scenario is
more worrisome, because the former scenario, short of a
comprehensive backbone tap, would imply an order served locally at
your own ISP. You'd almost have to be pre-targeted by the
authorities. But a tap on a general search engine would amount to a
global sweep for information. Google currently gets about 110
million searches every day, most of which are from outside the U.S.
It would be tempting for the feds to monitor this traffic.
Anonymity disappears with refunds... (Score:2, Insightful)
Of course, anyone who REALLY wants to remain anonymous will just give up on any refund for unused time... This may be a good way to spot possible illicit activity, after which the FBI may request their records. Seems like a good ploy to me. But then IANAFBISpy.
Instant paranoia doesn't solve problems... (Score:4, Insightful)
Before the internet there was terrorism... and unfortunately terrorism will continue.
A step in the right direction would be tighter immigration laws. Better security on flights, and letting the millitary do their job (no more bullshit police actions).
But closing down a remailer or web proxy won't stop anything. It's paranoia. Why can't the terrorists set up their OWN anon remailers or proxies. Hell they could revert to using RFC1149 technology with a Honeycomb Cereal invisible ink pen....
Paranoia does not solve problems...
No Great Loss (Spam, Piracy, Harassment, etc.) (Score:4, Insightful)
Sadly, I think that time has now passed.
On most of the Usenet groups I frequent (which, of course, is merely the tiniest fraction of those available), the people using anonymous remailers seem to be overwhelmingly: A.) Spammers, B.) Jerks who contribute nothing to the group and who cower behind anonymity for the sole purpose of flaming others free of consequences, and C.) People who not not only pirate intellectual property, but who spam newsgroups with it to show everyone how big their virtual Warezzz penis is. For example, a couple of months ago, someone spammed rec.arts.sf.written with hundreds of badly OCRed SF novels and stories, including some by people who are by no means rich.
Frankly, the people with the most urgent need for legitimate use of anonymous remailers (i.e., those in communist or otherwise oppressive countries where there is no freedom of the press) are the ones who either can't get to them anyway, or whose governments have so much of the system tapped that it would be easy to track them down.
While there are still some legitimate uses for anonymous remailers (Scientology whistle-blowers, for example), the jerks and spammers seem to outweigh legitimate uses about 100 to 1. Thus I see no real cause to mourn their passing. I wish that it were otherwise, but we must deal with the world as it is, not as we wish it were.
Re:Lets have a US government anonymizing service (Score:4, Insightful)
The general consensus seems to be
GOVERNMENT == BAD
Personal rights to do anything electronically and have it hidden and undecipherable == GOOD
Wake up.
You people are not helping. If you want to hold onto reasonable rights, you have to offer reasonable, effective alternatives that still allow us stop and catch the bad guys.
I choose not to believe the US government is essentially evil. I choose to believe the US government has improved its stance on human rights in general, effectively and steadily over the last 200 years. I choose to believe there are truly evil men out there that would do America harm. I believe the majority of you online rights complainers are spoiled pampered brats that have never had to sacrifice the least little thing in your lives, and don't understand that we have to help find solutions to the problems caused by unintended side-effect our electronic age has brought us.
Re:Time for these to disapear (Score:3, Insightful)
And no, it's not a co-incidence that practically all anonymity-enhancing services have been located outside US of A for years now.
Re:Lets have a US government anonymizing service (Score:3, Insightful)
I think Franklin, Jefferson, et al. would be aghast to think that the government agents could secretly and undetectably evesdrop on the public en mass, without a court order. This simply wasn't possible in their day -- the only way of communicating over distance was via a letter.
Even if all the mail of the day had been carried by the USPS (of which Franklin was the first Postmaster General), it would have been impossible for the gvt. to open and read every letter. Considering that sealing wax was used (in combination with distinctive seals) to close the letters, it was very difficult to open a letter without the intrusion being detected.
One of the biggest grievances the Colonists had with England was the fact that the Redcoats used general searches -- anyone & anyplace could be searched at any time for any reason. Our founding fathers considered this to be unacceptable conduct for a fair and just government. In response to this abuse of power, they established the principles set out in the 4th amendment: that a warrant is required for a search to take place, and that the warrant must explicitly list who and what is to be searched, and what the object of the search is. There's a world of diffence between being monitored because the Gvt. has probable cause (or, to use your own words, justifiable suspicion) and being monitored because you "fit the profile" or just because you happen to use the same ISP as somebody else who's under suspicion for somthing.
The wholesale monitoring of electronic communications is the moral equivilent of opening and reading every postal letter. It is unacceptable, immoral, and unconstituitonal. The government has no Constitutional authority to do so, and is explicitly BARRED from doing so without a warrant by the 4th amendment.
As a practical matter, the gvt. can and will monitor electronic communications, the Constitution be damned. It is a limitation of the technology that it is easy to monitor. However, we have the absolute right to use any and all technological measures available to us in order to guard the privacy of our communications against prying eyes and ears. Furthermore, while the Government may be able to COLLECT information via illicit/illegal means, there MUST be SEVERE restrictions on how that information can be used. Comunications intercepted without a warrant should NEVER be admissible in court, under any circumstances whatsoever. This is fine for anti-terrorism purposes.
A Terrorist (or any other covert operative) requires total secrecy in order to do his job. If his "cover" is blown, his operational effectiveness drops almost to nil. You don't even necessarily need to arrest a suspected terrorist in order to stop him - you just need to let him know that you know who & what he is and that he's being watched. If he's well-trained (as bin Laden's people are), his response will to cut all contact with his handlers in order to minimize the damage to the organization. You don't get the viceral satisfaction of sending his butt to jail, but that is really unimportant next to the fact that you've prevented a tragedy.
Sealand will be next (Score:3, Insightful)
The whole cryptographic anonymity area was likely to take a massive hit in the wake of the WTC attack.
Even if ZeroKnowledge had kept going the increased scrutiny and surveillance would render the scheme pointless. Having a FreedomNet account or connecting to the server would get you put on a watch list the minute the NSA found out - and find out they would.
I suspect that the number of hosting facilities willing to run the service servers declined substantially after the WTC attack.
I would not give the Sealand folk much chance of lasting very much longer. For all the riddiculous libberprattle the platform is now inside UK territorial waters and the UK government does not recognise sealand as a state. Since the sealand employees are mainly from the US that would make them illegal workers subject to arrest when they set foot on the mainland.
Re:Sealand will be next (Score:4, Insightful)
HavenCo (the datacenter on Sealand) has *always* been focused on business clients, and selling services to people who receive bottom line benefits from HavenCo hosting -- a lot of our clients are chosing us at USD 1500/month where the only alternative is traditional central american offshore at USD 15k/month. That's why we have been profitable since 4 months after we started general sales. We're on-track with expansion plans, both in terms of physical sites, and related business offerings.We don't even offer a consumer web hosting or mail option because it just doesn't make money. You can feel free to criticize us for being mercenary, but that's why we'll be in business in 10 years, and companies which in effect subsidize consumer security offerings will probably not. In a recessionary market, products which can provide 1 for 1 substitution at a dramatic and immediate cost savings do well; we've had if anything an uptick since the summer.
(interestingly, at least one member of the press also claimed HavenCo would be out of business; this was in December 2000 if I recall correctly.)
Regardless of people of questionable impartiality or competence from cyberia-l, the fact is Sealand's legal claims have withstood more than 30 years of challenge by other governments; every lawyer who has written an opinion, including numerous professors of law, has recognized this, and there is substantial documentation from various government agencies, in the UK and other nations, to support.
It has always been clear that the true threat to security and privacy companies is market demand; followed perhaps by internal execution. Any threat of government action is so remote that if a company gets to the point where the government DOES shut them down, they've already won. The majority of the p2p systems in the US were forced to shut for commercial reasons (scour, aimster, etc.). Only a few of the most successful were challenged in court, and their failings were after the initial challenge primarily due to execution and lack of a real way to extract revenue, not action by the MPAA or RIAA.
That being said, I'm more than happy to run a Freedom server; I already run a mixmaster remailer (which is fairly similar technology), and there have been absolutely no serious complaints or difficulties. I know several of the executives at ZKS, and I'm sure they'll do the right thing. ZKS has always had a lot of support within the security and privacy community; they were started by and hired some of the best people, and developed technology which made no compromises on security. I'm sure their business and consulting offerings, as well as their remaining optimized client software, will do well.