Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Privacy

Zero-Knowledge Open-Sources Linux Client 61

jailbreakist writes "Zero-Knowledge Systems, a Montreal based privacy software company, has released the source code to their Linux client. The software in question provides anonymous web browsing, pseudonymous email, form filling, cookie management and more. You can get the source at opensource.zeroknowledge.com. The source is available under the MPL, and our clientshim and Yarrow (random number generation) implementations are under GPL." A while ago, we had covered Mike Shaver's move to ZK.
This discussion has been archived. No new comments can be posted.

Zero-Knowledge Open-Sources Linux Client

Comments Filter:
  • If your traffic is routed through at least 2 freedom proxies, then no single entity on the route knows both the source and destination. That's what makes it really interesting IMO.

  • After having used the freedom network for a number of months, I have to say I like the idea of being anonymous on the net but don't like the price I have to pay in speed. I have a DSL line and I might as well be on a 56k line when I'm running the Freedom client, the response time is so reduced it's painful. This of course make me pick and choose when to run the client, which means I might as well not run it at all cause I frequently forget to start it when I should. Has anyone else had these difficulties?
  • Several things stick out...

    1. PGP, at least the newer versions is susceptable to an attack. Use GnuPG instead. It's
    developed outside the US in crypto-friendly Germany, and is pure raw open source implementation of public domain crypto.

    2. Don't use Netscape. The Konqueror is a lot less noisy than Navigator; check out http://privacy.net/anonymizer and you'll see what your browser spews out.

    3. Java is not your friend. Java downloads take a lot of time and resources, and it may require a second connection to a server, either the one feeding it to you or another site.

    4. Turn graphics off. Remember the doubleclick 1x1 graphiccookie?

    Hell, I use Lynx for a lot of browsing.
  • by Mike Shaver ( 7985 ) on Monday October 23, 2000 @06:53AM (#683314) Homepage
    (Disclosure: I am a Zero-Knowledge employee, but I am not speaking for the company.)

    The idea here is not that you trust us. The idea is that you don't have to. The name isn't just self-deprecation: the Freedom system is designed to protect us from knowing things about you, as well as protecting you from having us -- and others -- know things about you. The whitepapers [freedom.net] cover this approach[*], and the limitations of it, so I won't bore you with the details here.

    [*] though they focus on the 1.0 technology, the issues remain largely the same. The biggest change is in the mail system, where the removal of ``reply blocks'' removes the chain-of-warrants attack from that part of the system.

  • by geirt ( 55254 ) on Monday October 23, 2000 @08:28AM (#683315)
    Freenet [sourceforge.net] takes this concept to another level, because information on Freenet is not stored at fixed locations or subject to any kind of centralized control like the Zero-Knowledge servers.

    • Both authors and readers of information stored on this system may remain anonymous if they wish.
    • Freenet does not have any form of centralized control or administration.
    • It will be virtually impossible to forcibly remove a piece of information from Freenet.
    • Information will be distributed throughout the Freenet network in such a way that it is difficult to determine where information is being stored.
    • Anyone can publish information. They don't need to buy a domain name or even a permanent Internet connection.
    • Availability of information will increase in proportion to the demand for that information.
    • Information will move from parts of the Internet where it is in low demand to areas where demand is greater.
    For more info: http://freenet.sourceforge.net/ [sourceforge.net]
    The freenet FAQ [sourceforge.net]
  • Good work, guys! You actually did it! Now it will be possible to make Mojo Nation [mojonation.net] run over Freedom.

    :-)

    Regards,

    Zooko

  • Right. What if this software becomes standard among kiddy-porn traders? Would the guys at ZK find that funny?

    I am so sick of 'what-ifs'.

    So what if sickos use the software? The same sickos use the US Postal Service. Would you ban that?
    I suppose digital cameras make it easier for the sickos to make kiddie porn - after all, you don't have to get film developed. Would you ban digital cameras? Hell, ban Polaroid for that matter.
    Cryptography makes it easier for criminals to communicate with each other. Would you ban cryptography?

    Most new technology has a up side and a down side.
    I think in most cases the good far outweighs the bad.

    --K
    And really, do you honestly think the ZKS people never imagined that their software could be used for illegal/immoral purposes?
    ---
  • (I'm a Zero-Knowledge employee, but am not speaking for the company except where noted otherwise.)

    Opensourcing an app the relies on their own network/servers- big risk, big deal; its just a publicity stunt.

    I don't think the ``their own network'' part of the argument indicates a deep understanding of what's going on here: you can configure Freedom to use AIPs that are not owned or operated by ZKS, quite happily.

    As far as the server source goes, I'm behind you 100%: the server source must be released, and it will be. We've said this in public, and I'll say it again here: <speaking officially>all of Freedom -- client and server software alike -- is destined for source release</speaking officially>. It's not going to happen all at once -- there's a fair amount of code involved, and trying to bite it all off at once is a recipe for unbridled pain -- but it's definitely going to happen.

    When? Soon. Before you've forgotten that you read me write ``Soon''. =)

  • by Mike Shaver ( 7985 ) on Monday October 23, 2000 @06:59AM (#683319) Homepage
    (Disclosure: I'm a Zero-Knowledge employee, though I'm not speaking for them here.)

    One of the primary features of the Freedom system is that it provides IP obscurity: people see your traffic originating at one of the Freedom network ``wormholes'', not from your real IP address. Is that not clear from the whitepapers?

  • Although ZeroKnowledge has great technologies it suffers from a few basic fatal flaws that makes it unworkable as a general privacy solution:

    (1) Costs money which experience shows very few will pay for

    (2) Very slow due to fundamental network design of bouncing packets multiple times across smaller ISPs - nothing can be done about this

    (3) Easy to block at firewall because it always runs at fixed high numbered ports (51101,02,07,09) so forget about relying upon access at work, libraries, schools, etc

    (4) Currently only works/supported on Win95/98 - other version promised but none delivered and it will be a long, slow, expensive process to port and support - do you really think that Mac or Linux users will get the same support levels as Win95/98 users?

    (5) Doesn't work with AOL (23M users in US), CompuServe 2000 (?M users) and free ISPs like DirecPC - over a quarter of US Internet users denied access.

    (6) doesn't work with very popular software including McAfee Personal Firewall, Microsoft FrontPage personal webserver, Netware Client32, MS 98SE' Internet Connection Sharing, etc. Nyms will not work with common software such as MS Outlook, Napster, PCAnywhere, cookies filter utilities, etc. I don't know many web surfers who are not using at least one of these applications, which mean ZeroKnowledge will not work for them.

    (7) Does not work with common web sites because it does not support client side cookies with nyms. How many users will tolerate being locked out of NYTimes.com or Yahoo.com?

    (8) Is a large software download that is easily blocked from installation, detected running, and removed automatically from managed corporate networks - upto 50M US corporate workers lost.

    The best way to avoid all these problems is to avoid download software packages altogether. A web-based privacy solution should work with your existing browser, computer, network, and ISP but provide the same levels of encryption as ZeroKnowledge.

    Anonymizer [anonymizer.com] has been the best of the web-based privacy solutions but it (1) costs money $60/yr, (2) doesn't encrypt you personal web traffic so all data is visible except the URL, and (3) doesn't work with most popular rich web sites like sony.com, hotmail, webvan, etrade, etc because they cannot handle DHTML like JavaScript, VBScript, CSS. Instead, it either blocks all DHTML breaking a site's functionality *OR* passes it unprotected which reveals your identity online.

    SafeWeb.com [safeweb.com] is a web-based privacy solution that just launched last Wednesday (See CNET news.com [cnet.com]). SafeWeb is the solves all the problems that both ZeroKnowledge and Anonymizer have listed above and enables users to surf the entire web privately (cookie management anonymity) and securely (128bit SSL) from anywhere at anytime for free - no downloads. SafeWeb finally delivers a practical solution to the growing problems of online privacy by solving all these technical problems with an easy to use service for your existing browser. Let us know your feedback at webmaster@safeweb.com and in this forum.

    Jon Chun
    President
    SafeWeb

  • Hi there,

    It's not fair to say that Freenet "takes this concept to another level." They're two different concepts. Freenet allows people to publish and view information anonymously, and the information that is published through Freenet has a high level of resistance to censorship. Which is really, really cool. On the other hand, you can't send private email with Freenet, you can't telnet anonymously, and you can't post anonymously to newsgroups. These are things that Freedom can do, that Freenet can't.

    Also, it's misleading to state that control of ZKS servers is centralised. The Freedom Network relies on the concept of distributed trust, meaning that no single Freedom server has the ability to compromise the identity of a pseudonym. ZKS runs some of the servers on the network, but the majority are owned and operated by companies not affiliated with Zero-Knowledge. Since selection of the servers is placed in the hands of the end user, it becomes difficult for multiple servers to work together to compromise the identity of a user.
  • Freedom supports the following protocols:

    • Mail
    • Web
    • SSL
    • News
    • IRC
    • Telnet
    I am a ZKS employee. I am not representing them in any offical capacity.

  • ATTENTION: some people use sticks to hit other people. Clearly we, as a civilized people, cannot permit this to continue!

    Let us take this opportunity to ban all sticks, except for those in the possession of licensed stick-users.

    We are also aware of the fact that some people may be using ink to write offensive and/or illegal messages on various surfaces. Rest assured that the FBI is looking into the matter, and will deal with the miscreants accordingly.

    ...a "what if" scenario is the cheapest rhetorical move in the universe. Here's a nickel kid, go buy yourself some better arguments...

  • the client builds but the shim doesn't.

    any chance that it will soon support 2.4.0-testX?

    - brett
  • If you used a commercial news server, you would have to have purchased an account. If you purchased an account, you (probably) used a credit card. What could using Freedom to access that commercial news server do for you, besides slow down your binaries and make it so your dialup/cable/DSL provider didn't know what exactly that is that's saturating your connection. Enquiring minds want to know!
  • Freedom 2.0 includes functionality to choose your packet route interactively.

    I am a ZKS employee. I do not represent them in any any official capacity.

  • My thought on this: the first time the press reports that a {pornographer|fraudster|slashdot troll} went to jail becuase police managed to obtain the real identity behind a Freedom nym, with or without ZKS's cooperation, ZKS is out of business. Unless that happens, I figure "they" haven't nailed anyone.

    It's not mathematical proof, but it's good enough for me.
  • by Anonymous Coward
    Blah blah, I work at zero knowledge, the opinions here are my own not my employers. Down pr people, down.

    Yes support for 2.4 series kernels is a goal, but is not going to happen in the immediate future. That said, since netfilter emulates most of the hooks the shim uses, it's probably a small undertaking to make them happy together. Deep support for 2.4 is probably where we want to be, most of what our kernel stuff does is in netfilter, but getting it all to work won't happen tomorrow.

    Hey, you got the source. If you want it now, go for it!


  • You know, I really hate blatant sales plugs.

    SafeWeb doesn't prevent SafeWeb from abusing users. It's sad that you guys even try to compare yourselves to a cryptographically secure protocol like Freedom.

    First, SafeWeb is nothing more than a filter proxy. SafeWeb prevents doubleclick from profiling you, but who is to stop SafeWeb from profiling you?

    SafeWeb could easily monitor any HTML FORMs you submit, and over time, build up a profile of you, including your name, address, credit card, etc. There is no theoretical security in SafeWeb, it's just another anonymizer.com/proxymate/etc solution.

    Whats more, it slaps irritating ads on top. I'd personally pay $5/month for a privacy service just to get rid of the ads.

    And because SafeWeb's only way of making money is advertising, it can't provide services for non-web based services like NNTP, IRC, SMTP, FTP, etc.

    Finally, SafeWeb's business model is fundamentally at odds with its service. To sell ads, you have to target users. If you can't profile your users, you can't target ads. Non-targeted ads have extremely low CPM rates.

    SafeWeb's only recourse is to sell URL-based targeting. In any case, I predict once the funding runs out, it won't last long.

    Last but not least, you are not "first free, complete private, way to surf anywhere, anytime" Lucent's ProxyMate deserves that title.

  • Ta. That's exactly the sort of overview I was after. So the key for the cipher changes over time. Doesn't this approach give you known plaintext, tho (you can guestimate what the counter is). Why not encrypt the previous value, or the low order digits of the time?

    Johan

  • I'm really getting tired of Free Software advocates who don't take advantage of it.
  • In my original post [slashdot.org] I was trying to describe the limitations of current privacy solutions which we found frustrating and which motivated us to create SafeWeb [safeweb.com]. A couple of readers took exception to various claims made which I would like to substantiate and explain.

    ZeroKnowledge's product, although very sophisticated, suffers from a number of drawbacks that make it difficult to use for most people in common situations. It is clearly not a one click solution to privacy that is accessible for everyone, anywhere, for free, without downloads. Online privacy problems affect everyone, yet most publicized solutions are only partial or specialized and consequently impractical and frustrating for the average Internet user. These users then resign themselves to surrendering their online privacy as a technical cost of using the Internet. The result is a flawed Internet community, and governments threatening to regulate the Internet with overtones of censorship [cnet.com].

    First, let's address some issues I raised in my original post.

    (1) ZeroKnowledge's product, Freedom, costs: $49.95 USD [freedom.net]

    (2) It is unnecessarily slow, bouncing packets between three 2nd tier ISPs [freedom.net].

    (3) It is easy to block at firewalls since it requires fixed ports 5110 through 51113 to be open ( the second to last line on this page describes this incompatibility [freedom.net] ).

    (4) It only runs on Win95/98 [freedom.net].

    (5) It does not work with AOL, CompuServe2000, and some free ISPs [freedom.net]. Even if you think "AOL sucks" as one commentator [slashdot.org] said, Internet privacy is a global issue and by protecting the 24M AOL users [hoovers.com] we protect ourselves by making it more difficult for eavesdroppers in general.

    (6) It does not work with popular software such as McAfee's Personal Firewall, FrontPage webserver, Netware Client32. If you are using Nyms, it also does not work with Outlook, Napster, or PCAnywhere. This is documented on the ZeroKnowledge website under the main support page as #3 among the Top 10 Known Issues [freedom.net] and detailed in Issue #57: Applications not supported by Freedom [freedom.net].

    (7) ZeroKnowlege has difficulty with cookies. Their support page lists two known, unresolved problems dealing with client-side cookies in Issue #222: Websites say I don't have cookies enabled [freedom.net] and Issue #223: Some websites won't let me log in [freedom.net].

    (8) Most users are simply not going to be willing to (or, in managed networks, permitted to) install Freedom. The office is where users have access to a new computer, fast Internet connections, and a nice laser printer. In the increasingly long workday, many people are forced to attend to personal matters from their workplace. Individuals need private access to the Internet at work just as they need private access to the telephone to conduct their lives.

    (9) ZeroKnowledge users must register personal and credit card information [freedom.net]. The less information out there about you the more secure and private you'll be online.

    I respect and admire ZeroKnowlege for the challenges they took on in addressing Internet privacy issues. However, their product is very specialized in its architecture and designed to solve a particular subset of privacy problems. The ZK folks have been big supporters, educators, and sponsors of privacy, and we owe them our gratitude. Finally, the depth of their technical product speaks directly to their skill set and ingenuity.

    I'm posting to inform people about our web-based solution to the privacy problem, a solution that addresses all the issues outlined above and that aims to serve a broader audience. Our approach has many distinct technical challenges just like the download model. We do not claim to have the complete solution, but we feel we are the closest to a practical solution that works for the majority of Internet users. Ultimately the veracity of these claims will be borne out by users: try out SafeWeb [safeweb.com] and compare it to Freedom [freedom.net]. Decide for yourself. Again, if you have constructive feedback in how we can build a better privacy technology we are eager to hear your suggestions. Email us at webmaster@safeweb.com.

    Jon Chun
    President
    SafeWeb

  • I appreciate your skepticism over SafeWeb as privacy advocates and would like to clarify several legitimate concerns you raise.

    (1) SafeWeb is a filter proxy and more. It not only rewrites HTML but also is the first to seriously rewrite and sanitize all DHTML (our unique achievement). It also encrypts all content with up to 128 bit SSL protecting you against dangers bigger than DoubleClick like invasive employers, IT staff, ISPs, governments, etc.

    (2) Anyone you trust your data stream to is in a position to abuse it including SafeWeb. ZeroKnowledge has designed an elegant system that makes this much less likely, but ultimately some trust must be vested in all these systems.

    (3) SafeWeb targets ads based upon content, not cookies. We can accurately target a Nike Tiger Woods ad based upon the fact we are serving up Yahoo:Sports:Golf rather than knowing anything about who is viewing this page. This is more than sustainable.

    (4) SafeWeb is a web-based privacy product and is not intended to secure NNTP, IRC, SMTP, or FTP. However, it can secure web-based news, chat, mail, and ftp via your browser which is the ubiquitous Internet application.

    (5) Anonymizer, ProxyMate, and others predate SafeWeb, but they are not encrypted nor do they rewrite DHTML so most sites break or are passed unsecured. This is why we make the claim of "first".

    I apologize for inflaming the many passionate supporters of ZeroKnowledge. It is a technically elegant product that works well in specific situations. SafeWeb's strength is its effectiveness, free accessibility, and ease of use for general situations. This is the fundamental distinction I think is reasonable to draw without slighting either side unfairly. Let's take this discussion off-line; please email any serious follow-ups or inquires to webmaster@safeweb.com.

  • OK, there's a certain point of humor in that, but since I guess you might mean it seriously:

    Zero-Knowledge comes from something called Zero-Knowledge Proofs (or something like that, it was a while since I read that crypto book). What it means is that you can prove your identity to someone else, in a manner such that the other part will not be able to impersonate you when talking to a third party.

    I don't remember the details, but it works with probabilities - for each communication with you, you have 50% chance of getting away with a wrong answer. So, if he asks you 30 questions, and you don't know the answers, your chances are one in 2 to the power of 30 (slightly more than one billion) of fooling him that you are someone else. The "zero-knowledge" comes from the fact that the questions are chosen by the other part, so he can't "recycle" your answers - unless he's very lucky (the third party asks exactly the same questions as he did, in the same order). I don't remember my combinatorics classes either, but I believe his chances would be better by guessing what to answer, since the order does not matter then.
  • by Jose ( 15075 ) on Monday October 23, 2000 @05:55AM (#683336) Homepage
    "Freedom uses an untraceable transaction system that prevents the association of user identity information revealed during the purchase of a Serial Number
    (for both cash and credit card transactions) to be connected in any way with any Nyms that are created."

    read their privacy statement [freedom.net]

  • by Vassily Overveight ( 211619 ) on Monday October 23, 2000 @05:58AM (#683337)
    If you had read the material on Freedom, you'd know that the serial number is used to purchase 'nyms', which cannot be traced back to you (read the white papers on the ZKS site for a description of the nym system.) All that anyone would know is that you'd purchased a Freedom serial number, nothing else. If you don't want even that on your record, I suspect that ZKS would even do a money-order transaction. Keep in mind that if "they" are watching you, then a sniffer on your internet access is going to show that you're running an encryption program, so "they" will already be suspicious.
  • by Anonymous Coward
    I see a lot of people underestimating what Freedom is. It's not just a remailer. it's not a standalone application (just think, *how* in the world could a standalone application protect your privacy?) Go read: The architecture paper. [freedom.net] A version that doens't go into protocol details. [freedom.net] Please don't compare this to anonymizer.
  • by homb ( 82455 ) on Monday October 23, 2000 @06:01AM (#683339)
    As I understand it from the CEO a few months ago, the serial number does not even allow ZK to trace it back to you. They supposedly don't keep track of any of the serial numbers, it's all done on the client side.
    Also regarding how it works, it's a kind of "onion" system. Let's say A wants to send a bunch of packets to B. The first thing that A has done upon setting up ZK is to choose up to 3 gateway servers for ZK, call them G1, G2, G3, in that order.
    For each packet sent out by A, it will do the following:
    - Put header with destination address to B
    - Encrypt packet with G3's public key
    - Add header with destination address to G3
    - Encrypt the whole thing with G2's public key
    - Add header with destination address to G2
    - Encrypt the whole thing with G1's public key
    - Add header with destination address to G1

    Then it will send it using the first destination address. At each gateway, one layer will be peeled off using the private key, the destination address read, and the packet will be sent forward.

    The cool thing about this is that at any point in the path, if someone intercepts and somehow knows the private key of a gateway, it can only figure out the previous and next hops, not the whole path.
    Of course, if B has PGP or anything like that, nothing stops you from also encrypting the packet with B's public key.
    The ZK system is an addition to this, providing anonymous transfer, not encryption of data.

    It does take a performance hit to do all that, but it's not that bad. I just wish they made it free.
  • Software designers are so infatuated with the fact that they can, that they don't stop to think if they should.

    Right. What if this software becomes standard among kiddy-porn traders? Would the guys at ZK find that funny?

    Same old story.

  • The "Freedom Network" is not free as in beer, but free as in difficult-to-trace.

    These guys are in business, and they do need to make money. If you think there aught to be a zero-cost system to provide these services to the public, go right ahead and set it up.

  • by jovlinger ( 55075 ) on Monday October 23, 2000 @06:30AM (#683342) Homepage
    The importance of a good random number generator is often overlooked. Since symmetric (== fast)session keys are mostly randomly generated (and then encrypted by the asymmetric (==dog slow) user keys) if the the random number generator is weak, this can undermine the whole system's security.

    You all recall that netscape's already paltry 40 bit encraption actually only had something like 14 bits of entropy, because so many bits came from the easily guessable clock (or something like that).

    Anyway, Yarrow is from the always popular counterpane people. I haven't had a look at it myself yet, so if anyone has given it a gander, a summary would be well appreciated.
  • ZKS Freedom goes far beyond blocking cookies and encrypting e-mail.
    They provide an encrypted, anonymous link from the website you're accessing, through your ISP to your machine.
    All your ISP sees is you accessing a Freedom server, and all the website you're accessing sees is a Freedom server.
    The whole point of Freedom is that, in theory, it should be impossible to trace back a name to an IP address.

    You can't do this by using 'paranoid settings' in your browser.

    --K
    ---
  • I got an idea similar to what they do, but no proprietary protocols and you can choose your servers where the data will go. The speed could be improved a lot if you choose the rights servers to route your packets. I'm working on that!
  • Do you think they realize their name is Zero-Knowledge?

  • by stu72 ( 96650 ) on Monday October 23, 2000 @06:34AM (#683346)
    Actually, the name comes from a type of cryptographic protocol. the zero-knowledge proof. Roughly speaking, a way to prove you have a piece of information, without revealing any of that information.

    You can find out more here:
    http://www.tml .hu t.fi/Opinnot/Tik-110.501/1995/zeroknowledge.html [tml.hut.fi]

    I have no idea if any part of Zero Knowledge Inc.'s sytems use zero knowledge proofs or whether they just chose it for its cool name and vague relevancy.

  • It's just too bad that they're subpeona-able, rather than being based in a country that's not extremely cooperative with the US.

    I don't think it matters. They've designed the system so that they *can't* trace anything.
    The most they can do is deactivate a nym, but the nym can't be traced back to the person using it.

    --K
    ---
  • by BHZ ( 246389 ) on Monday October 23, 2000 @06:06AM (#683348) Homepage
    In first issue of Help Net Security newsletter (named Default for some strange reason that bugged us for along time), published on Friday 13 August 1999, one of our editors was Jordan Socran from Zero Knowledge Systems. His first piece was about ZKS and its history, so it is very interesting to read it...

    URL:
    http://www.net-security.org/ tex t/articles/zks.shtml [net-security.org]

    I'll also try to find out an old interview I did with them, when Freedom wasn't even created, where he talks about future plans etc. I'll add the URL to this thread...

    Cheers
  • And, if so, what do you think?
  • If you're planning a revolution, you may have to pay in much more than bandwitdh. I'd say the price is cheap, depending on your reasons for needing true privacy.

    Fist Prost

    "We're talking about a planet of helpdesks."

  • Opensourcing an app the relies on their own network/servers- big risk, big deal; its just a publicity stunt.

    Anyway, Sneakemail.com [sneakemail.com] has better anti-spam/remailer features anyway, and their optional client [freshmeat.net] has been in the the public domain. I'm sure the other features of zeroknowledge can be found elsewhere too.
  • by account_deleted ( 4530225 ) on Monday October 23, 2000 @06:44AM (#683352)
    Comment removed based on user account deletion
  • ---
    > All your ISP sees is you accessing a
    > Freedom server, and all the website
    > you're accessing sees is a Freedom
    > server.
    ---
    I'm hoping the Zero-Knowledge white papers address these questions: won't ZK be classified as a service provider, thus making them a target for Carnivore to be installed (under court order, of course) on their network? How does installing a Carnivore system on the ZK network affect the privacy ensuring capabilities of the system?
  • Here's a nickel kid, go buy yourself some better arguments...

    Thanx for the nickel. But einstein didn't like the idea of people using atom bombs to kill people :O)

    rmstar.

    P.S: Take it easy.

  • How does ZKS/freedom stack up when traffic analysis rules are applied to it? Does the system become more secure, with a larger user base. Or do you need to have more 'internal' hops before your traffic finally appears at it's destination?
  • This app is really the cypherpunks dream come true. All the other pay products out there for anonymity are TOYS compared to Freedom in how well they protect your anonymity. The only thing that has a comparable level of anonymity is the mixmaster / cypherpunk remailers with the nym servers. I have used those too. They are much harder to use. They really only do email. You could use mail to web gateways to get web from the remailers but i never have. Wait a minimum of say 30 minutes (a chain of a few remailers) for one web page ? Yeah right.

    They took a while to release the source code. Some of the cypherpunks were wondering if they had been pressured by their VC backers not to. (one of the founders is one of the original cypherpunks). Im thrilled that they released the client code and expect that they will fulfill thier promise to release the server code - but dont take too long guys. They are also working on a semi-anonymous payment system. I say semi-anonymous because their comments indicate that UNLIKE the Freedom web product, they feel like they need to restrict the financial anonymity somewhat to comply with laws / banks wishes. I cant wait for it anyway.

    Alot of you on slashdot have libertarian attitudes. Attitudes that include being against censorship and illegal snooping (like many think includes Carnivore / Echelon). If there is any company that will protect you against people who want to take away your right to anonymous speech that (US) Supreme Court cases have held exists from cases of anonymous political phamplets, it is Zero Knowledge systems.

    Having said all this you all should know that it is quite likely that laws will be created to make strong anonymity like Freedom offers illegal. No kidding. The opponents of anonymity have not had much luck in congress yet. But right now there is the "Cyber Crime" treaty nearing signature that would require internet service providers to keep records that would make Freedom illegal. It would force DMCA like provisions on its signers. Who wants this and why will it happen ? Media companies, FBI, NSA and non us equivalents. From cnet.com [Edgar Bronfman Jr., chief executive of Universal Music Group parent Seagram, said last week. "As citizens, we have a right to privacy. We have no such right to anonymity."] http://www.canada.cnet.com/news/0-1005-200-1983353 .html

    They are afraid it becoming far more difficult to go after Napster users if they need to. The FBI and NSA and thier non US equivalents like thier Carnivore and Echelon. Many believe that dispite thier assertions they do things that should require a warrant, without one. Here are some quotes from wired.com about this treaty proposal:
    {..Require websites and Internet providers to collect information about their users, a rule that would potentially restrict anonymous emailers.}
    { "It's a direct assault on legal protections and constitutional protections that have been established by national governments to protect their citizens," says Marc Rotenberg of the Electronic Privacy Information Center. "It's both an end run by police agencies and a bit of policy laundering by the U.S. Department of Justice to get more (surveillance) authority." }
    Strong anonymity is the only sure protection to the current level of corporate invasion of privacy. Do you know that for $50 you can get anyones SS# ? For a few hundred you can get all kinds of things like bank statements securities holdings, real estate holdings. I want pervasive strong anonymity so that i control my information and only a series of court orderd warrants can get it.

    We won the battle on encryption. But we are likely going to loose this at least with the lawmakers. Why ? BECAUSE in the ENCRYPTION debate BUSINESS was ON OUR SIDE. Now they are almost entirely against us. ZKS is for us. Who else ? You know the power of money. Help fight for anonymity and against the DMCA and DMCA like provisions. Write your representatives and support an organization that is part of The Global Internet Liberty Campaign : http://www.gilc.org/ (includes organizations like the ACLU, EFF, EPIC, CDT)
  • I am worried about my freedoms. That's why I throw rocks at cops face, and burn down buildings in Serbia.
  • by Sir_Winston ( 107378 ) on Monday October 23, 2000 @12:55PM (#683358)
    I've been looking at Freedom for a long time. In fact, I was a beta tester for all of three minutes, until the beta software somehow managed to complately hose my ability to connect to the Net--I have no idea how it managed to do it, but it was probably because I had some funky firewalls installed at the time. Anyway, what I want to know is this: How can it possibly be anonymous, in a country like the U.S.? Don't you guys get calls from law enforcement agencies all the time, and it it's really anonymous aren't those law enforcement types very, very angry? Why isn't the Web or USENET flooded with copyright violations, harrassments, and child pornography coming from Freedom, if it's really that anonymous? Or has there been a problem with that, and I just haven't heard?

    I'm very curious. Please let us know. Maybe an interview with ZKS would be a good /. Interview topic some time...

  • IIRC, they're a Canadian company, which, I should hope, puts them outside of Big Brother's jurisdiction...

    --K
    ---
  • Why would you be surfing anonymously from work? Try this one -- it's hit me.

    You're trying to fix a software issue. You find a link to a page that should solve all your problems -- but it's hosted on Geocities [ugh!]. Your company's proxy blocks Geocities. Arrgh!

    It's lunch time. You're not going to convince anyone to get you around the proxy. Sure would be nice to be able to circumvent it yourself, no?

    (Btw, this occured while assisting a friend at his place of work -- I'd never work for such a non-clued company).
  • Does this enhance anything that could be done seperately and with more control (pgp/gpg, anonymous remailers, using lynx, etc)?
  • It's used to give "zero knowledge" to other parties who might be in the transaction who are not authorized.
  • by Felipe Hoffa ( 141801 ) on Monday October 23, 2000 @05:45AM (#683363) Homepage Journal
    Although the Freedom client provides some features for free, others rely on access to the Freedom Network. Once the beta testing period is over, users wishing to continue using the network must purchase a serial number, available at http://store.freedom.net/default.asp. For more information about the Linux beta program, please visit http://www.freedom.net/download/betatesters.html.

    So you will need a serial number to use the "privacy services". Where's my privacy if you can track me down to a serial number? It's worst than the Pentium 3 serial number, because you only used it at one computer. If I want to use this software at different places then I should move with my serial number. Or purchase another.

    Food for thought.

  • So basically extending the remailer type of thing with a proxy like anonymizer [anonymizer.com] that is better able to handle traffic and which is based on a standalone application? How trustworthy are they? Has there been any actual evidence that they will protect your information from being captured?
  • As I understand it, their "Freedom Network" provides total anonymity. IOW, when you transmit traffic through their network, there is no way for the site, or anyone in between, to trace that traffic back to you. So it's much better than PGP or other systems, which simply protect the integrity and privacy of the data. This system also protects the identity of the source. Of course, this is all IIRC... someone correct me if I'm off base, here. :)
  • Perhaps I am just paranoid, but why do I need to make a device (in /dev) for this to work? Maybe it is just me....usually is :-)

    What are your takes on this?

  • The pentium 3 ID is about the most useless thing in the world. It's funny that people complained about it at all, when such things as IP addresses, cookies, and MAC addresses exist. "Oh no, yet another unique number attatched to me... All the others are livable, but that one in particular is a BAD thing."

    Onto your post though. ZeroKnowledge is a company trying to make money. They can't just open up their network in hopes that people will send in envelopes stuffed full of cash for them to pocket for their services. They need to be able to authorize people to use their network... It's just too bad that they're subpeona-able, rather than being based in a country that's not extremely cooperative with the US.
  • So basically extending the remailer type of thing with a proxy like anonymizer [anonymizer.com] that is better able to handle traffic and which is based on a standalone application? How trustworthy are they? Has there been any actual evidence that they will protect your information from being captured?

    These are the guys who figured out a way to get a P!!! to send out its serial number [zeroknowledge.com] even if that capability was supposedly shut off in the BIOS, something Intel insisted could never happen. (/. covered it in this article [slashdot.org] about a year and a half ago.) I would characterize that as a white-hat activitity (though INTC was able to convince a few anti-virus companies otherwise).

  • I see a lot of people are a little confused about the implications of this. First, realise that Zero-Knowledge is a *privacy* company. By implication, they do some security stuff as well, but mainly they do privacy. A lot of people make fun of the name, but it comes from the fact their privacy network is designed so that even they can't link the real identity of their users to the pseudonymous identities the software allows them to create. And that sort of explains why they released the linux source. They want to be able prove that there are no NSA backdoors, and that the product actually works the way they say it does.

    Don't confuse Freedom with PGP. PGP will keep the contents of your messages a secret, but Freedom will also keep the origin of your communications a secret. In that respect, it's a little like a mixmaster remailer. Except it anonymises the http and telnet protocols as well. And it's much easier to use than the mixmaster remailer. :)

    It's not a perfect system. One of the white papers on their site talks about the security vulnerabilities [freedom.net] in the product. Another issue is performance. Performance is always traded for security, and that's the case here as well. I think that over time, things will get faster though.

    Some people are complaining because it actually costs money to use. Well, the software itself is free. Anyone can download it. They are actually charging for people to access the network. Last time I checked, that's what every single service provider in the world does. (Except those free ISP companies, but they keep ending up in fuckedcompany.com.)
  • by Anonymous Coward on Monday October 23, 2000 @05:55AM (#683370)
    The serial number can be purchased from Zero-Knowledge Systems, and exchanged through the client for five tokens, each of which is redeemable for one nym (your assumed online identity).

    The tokens are all identical. No traces can be done on the token, and the token can't be linked to the serial number or the nym it is exchanged for.

    All of this is explained in the Zero-Knowledge white papers. Zero-Knowledge is commited to providing privacy.

  • He's right nonetheless.

The explanation requiring the fewest assumptions is the most likely to be correct. -- William of Occam

Working...