ZeroKnowledge to Discontinue Anonymity Service 347
VulgarBoatman writes: "ZeroKnowledge, providers of Freedom.net and Freedom privacy software, have abruptly decided to stop providing anonymous web browsing and private, encrypted, untraceable email for its customers. They give users 7 days before the system is shut down and all untraceable email addresses are disabled. They also say that your "secret" identity may not remain a secret for long." Well, note that that last link is a warning about using the service during the shutdown period, not a warning that they plan to compromise nyms in general. At least they're offering a refund. Update: 10/04 19:00 GMT by M : ZKS has a statement in the comments below.
Glad i didn't sign up.. (Score:3, Interesting)
Why are they stopping service? (Score:2, Interesting)
I truly hope that's not the reason...
Sept. 11 (Score:3, Interesting)
Surprise to the staff as well? (Score:5, Interesting)
Date: Wed, 3 Oct 2001 09:56:46 -0400 (EDT)
From: InfoReplies@zeroknowledge.com
To: @freedom.net
Subject: Ref: "New anonymous browsing service"
Hello,
Thank you for your interest in Freedom. Currently, we are unable to release specific details about our upcoming privacy services; I wish I could provide you with more information.
As for the servers, the upgrades should be completed shortly, and more servers should appear on the network. We apologize for the inconvenience.
Regards,
Freedom Support Team
Have a question? Looking for answers? Visit our Knowledge Center for up-to-date solutions to common problems.
http://www.freedom.net/support/knowledge.html
Lets have a US government anonymizing service (Score:4, Interesting)
It seems to me the government should offer a free anonymizer service, with the proviso that detection of verifiable illegal activities transacted through same would lead to the immediate disclosure of the sender's identity (or at least location) to the appropriate legal agency. Private anonymizer services should not be allowed (at least within US borders).
This would then be a way for whistle blowers and others not engaged in illegal activities to easily, and with better legal shielding, submit their disclosures or air their personal political views. Mailing death threats, circulating child pornography, arranging for killings, or setting up drug drops shouldn't have any kind of guarantee of hiding the sender's identity.
I can already hear the big sucking sound from civil libertarians -- "HOW CAN YOU POSSIBLY TRUST THE GOVERNMENT WITH THIS?"
It would seem trusting private individuals with this isn't much better (and the government gets what they want eventually anyway). Perhaps using a private anonymizing service shouldn't imply that someone has something to hide, but in the minds of many, it does.
Being intractable on this issue will hurt the IT community more in the long run, because it closely associates it with the ability to conduct illicit and untraceable activities. I am more worried about being being prevented from using cryptography, or being forced to register the keys with a government agencies. Here is where the battle should be fought, because it will lead to the real government oversight of the flow of sensitive information.
Yes this probably comes as result of 9-11-2001. Stop burying your heads in the sand and telling yourselves the world isn't any different now.
Grab it while it's still there (Score:2, Interesting)
Re:Lets have a US government anonymizing service (Score:5, Interesting)
I take offense to this remark. The world isn't really any different now than it was a month ago, and my saying that isn't an indication of me "burying my head in the sand." The only real difference is that some of you (mostly in the US) have pulled your heads _out_ of the sand and started to realise what's going on in the world.
As for your idea of a government run anonymizer service, there's just one problem: It won't work! It's exactly like banning secure encryption in the US now--the genie is already out of the bottle, and you can't put it back in. Criminals will always find ways around security, surveillance, and general watchfulness. By forcing bcakdoors on systems, you're only affecting (persecuting, in fact) the law-abiding citizens who will use them.
Re:Refunds? (Score:2, Interesting)
I would say that this makes their reason pretty clear. I don't know whether there was outside pressure or not, but judging by the date, I'd guess not. That's exactly one month.
Yah right... (Score:1, Interesting)
Hush 2.0 is total crap. It no longer runs under any browser I've tried under Linux (even with the SUN JDK plugin), and it -barely- runs with IE under windows--and very slowly, at that. The new login procedure is heavily laden with Javascript (why?!) that only seems to work properly on IE.
I no longer recommend Hushmail to anyone. It's pretty much unusable, even under Windows.
SAFEWEB has Javascript, CIA problems. Cool though (Score:4, Interesting)
The technical problem is that their service uses Javascript, and doesn't work if you're not running Javascript. That means that any time you're using the system, you're vulnerable to any other JS problems on any other web page your browser encounters, until you turn JS back off. IIRC, Safeweb does attempt to clean up JS and other dangerous stuff from pages it displays to you, but it's still a risk. Also, I'm not that impressed with their Javascript, though I'm not an expert on the stuff - my problem was that under Mozilla ~0.91, they pop up windows to do the secure browsing in, and they're not really quite the shape of my screen, though that could have been Mozilla's fault. I sent email to the Safeweb folks about the fundamental "You're using Javascript" problem, and got a really prompt reply from their technical management, which was good, but they fundamentally didn't get it, which bothered me.
The other problem is trust - in general, you always need to be concerned about whether a service like this is trustable, both because of the intent of the people running it (are they ratting you out to somebody) and the security of their systems (if their server is 0wned by CrackerZ, you're not secure.) As I mentioned, Triangle Boy is really cool - it's a sort of distributed set of volunteer-run anonymizing servers, which keep moving around to prevent blocking services from blocking them, and Safeweb announced that they were going to be using this to provide censorship-free web access for people in China, the Middle East, and other places with censorship problems. The catch - they've got funding from In-Q-Tel, the CIA venture fund. It's probably entirely legit, and certainly good enough for most purposes - but how paranoid you need to be depends on who's really out to get you. ZeroKnowledge was very upfront about what their trustability levels were (plus I knew the folks there, and they were well-connected to the cypherpunks community.)
Re:Shaver (Score:5, Interesting)
I think that Hamnett's message says it all (they couldn't afford to keep operating the network, because of that traditional operating-cost-vs.-revenue balance).
I think that gov't pressure -- should any have actually existed; I don't recall much such pressure from when I was there -- had nothing to do the decision.
I think they picked a very hard market nut to crack, and chose a very high bar for the level of security and privacy they were going to provide.
I think the market didn't share their (our) enthusiasm for that level of service, perhaps unfortunately.
I think a lot of people have talked here and elsewhere about how the Freedom network could have been done better, from technology or marketing or whatever perspectives...
...but I think nobody has done a better job so far of that type of network service.
I think they've learned a _lot_ about protecting privacy and helping other people and organizations protect privacy.
I think there's a market for that knowledge, and good applications of it.
I think they're going to be OK.
I think you shouldn't really care what I think.
(I think Craig's still a dork.)
Looks like at least 2 terrorosts used NetZero... (Score:2, Interesting)
"In Hollywood, Fla., the FBI last weekend quizzed Paul Dragomir, manager at the Longshore Motel, about a visit in late August from two men he believes were hijackers Atta and Ziad Samir Jarrah, who demanded 24-hour Internet access.
Loaded down with baggage and laptops, the men signed in at the small pink beachfront motel using apparent aliases. They claimed to be computer engineers from Iran, Dragomir said, and said they were down from Canada to find jobs.
They booted up a laptop, showing Dragomir that they had NetZero Internet accounts. For the next few hours, Dragomir unsuccessfully tried to accommodate the men."
Makes one wonder just what or who 'motivated' NetZero to pull the plug on this product.
Re:You said it ... (Score:3, Interesting)
As a victim of identity theft I can assure you the threat of other people reading your email is no illusion. So far they've managed to charge over $10,000 to our credit cards in three months, and I suspect the sum is that low only because they maxed them out. We know our email is compromised because we got an email confirmation for one of the bogus orders.
Those of you who guard your email address to ward off spam are doing the right thing for the wrong reason, and I pray you never learn what can happen when you truely lose your privacy. If my wife knew I posted here she'd kill me, she's become so paranoid over this.
Sealand won't be next... (Score:1, Interesting)
The assertion that the UK doesn't recognize Sealand as a state is unfounded. The UK has, de facto, done so by refusing to intervene during the period when Sealand held a German national prisoner after an attempted takeover of the platform. The German government was obliged to negotiate directly with Sealand when the UK informed them that Sealand was (then) in international waters and hence beyond their jurisdiction.
That the UK does not currently recognize Sealand is irrelevant under international law. That Sealand is now inside UK territorial waters is likewise irrelevant under international law. Failure of one state to recognize another (such as the US refusing to recognize mainland China before Nixon) is an obvious example of the former principle.
Once a state exercises sovereign power (such as by taking a prisoner and negotiating for release with another sovereign power as above) a claim for recognition under international law has been made. That the UK subseqently extended territorial waters to include Sealand is not a claim on Sealand as a territory, just as a US claim to extend territorial waters to include Cuba does not make Cuba a US territory.
These are well-established legal precepts. I find it curious that the UK says it exercises jurisdicion over Sealand, but makes no effort to shut them down or even attempt to confiscate the small cache of firearms held (in violation of UK law)on the platform.
I submit that the UK legal system realizes they have a very weak claim on Sealand and does not wish to engage in a legal battle they can easily lose (with attendant international embarassment.) For now and the foreseeable future, they will continue to tolerate Sealand and the operations of Havenco. If Havenco or Sealand ever posed a credible threat to the UK, the issue would be settled in an instant with whatever force might be necessary. The operation of a data haven, remailers or even a FN-like system on Havenco does not meet this criterion.
As to the NSA watching those who obtain Freedom accounts -- who cares? Given an agency with those kinds of resources, does anyone seriously suppose that Freedom or any other service could be truly anonymous? If "they" want you badly enough, "they" will find you. If you don't generate that sort of attention, no one will care. Using Freedom for illegal purposes is beyond stupid, since traffic analysis will likely give you away and subject you to "real" surveillance, like "black bag" entry, password grabbers or even just a simple review of your bank accounts and purchases.
Freedom died because the "privacy nuts" like me didn't spend enough to keep it alive, pure and simple. That being said, Freedom (or something like it) will rise again. My guess is that it will be located on Sealand with the security afforded by that facility. Even if Sealand is assailed successfully, the data on the servers will be gone before a single bit is recovered. While I'm as upset as anyone about the death of Freedom (from which I'm posting this message) it may pave the way for an even better system with both cryptographic and physical data security.
I maintain that the events of September 11 are not going to cripple the use of cryptography or anonymity. Terrorists are smart enough to realize that the veil can be pierced with enough resources, and hence avoid using them for critical communications. (bin-Laden's congratulatory cell phone conversations nonwithstanding.) Over 70% of the American public feels that crypto restrictions would have been helpful, but I doubt that they would withstand a 1st or 4th Amendment challenge, and Sealand is not subject to US law.
The demand is there, the technology is there and the location is for rent. What remains is for an affordable system to be built.
BTW, I have no financial interest in Freedom or Sealand.
The Tweakdom project might be able to fill the gap (Score:2, Interesting)
Since ZKS will no longer be in the business, several existing Freedom users have asked ZKS if they would make their old server code available to the open-source community. If that happens, I'll be happy to start up the Tweakdom project again. Here's hopin'...
If you're interested, check the web page for updates, or join the mailing list. Here's the URL's:
The Tweakdom web page: http://tweakdom.sourceforge.net [sourceforge.net]
The Tweakdom mailing list: http://sourceforge.net/mail/?group_id=23929 [sourceforge.net]
--willdye