Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

ZeroKnowledge to Discontinue Anonymity Service 347

VulgarBoatman writes: "ZeroKnowledge, providers of and Freedom privacy software, have abruptly decided to stop providing anonymous web browsing and private, encrypted, untraceable email for its customers. They give users 7 days before the system is shut down and all untraceable email addresses are disabled. They also say that your "secret" identity may not remain a secret for long." Well, note that that last link is a warning about using the service during the shutdown period, not a warning that they plan to compromise nyms in general. At least they're offering a refund. Update: 10/04 19:00 GMT by M : ZKS has a statement in the comments below.
This discussion has been archived. No new comments can be posted.

ZeroKnowledge to Discontinue Anonymity Service

Comments Filter:
  • this was the best anonymizer that existed. I used it personally as a great tool for testing our site from inside the firewall (while appearing to the site like I was outside).

    Not a good day :(
  • by milkme123 ( 302350 ) on Thursday October 04, 2001 @11:36AM (#2388359)
    .. but doesn't it seem a little strange that this comes in the wake of september 11th? Who's pressuring them to discontinue annonymity?
  • by rm-r ( 115254 ) on Thursday October 04, 2001 @11:36AM (#2388361) Homepage
    It's a shame sure, but like the article says- it's all down to people finding other ways to do it themselves rather than rely on somebody else. It would be nice if they gave advice to their existing nyms on how they might be able to maintain their privact though
  • by Quasar1999 ( 520073 ) on Thursday October 04, 2001 @11:36AM (#2388365) Journal
    My question is, how did billing for the service work in the first place?

    Umm, account #12344234 owes us $300... but we don't know who it is, or where he lives...

    I think their business model didn't work... the collections department had nothing to do...
    • Easy, no billing (Score:5, Informative)

      by Anonymous Coward on Thursday October 04, 2001 @12:45PM (#2388417)
      No collections department, you paid in advance for a year's service. If you wanted to ensure anonymity, you could sign up online, get an account number, and write that on an money order. You could also pay by credit card - they claimed to have an internal system to remove the linkage between the payment and the account.
    • And how are they giving refunds? "Please send my refund check to [home address] or deposit it directly to my credit card [account number]."
  • I'm curious as to whether the motivation is financial or some other reason... Maybe in the wake of all this terrorist bru-ha-ha about encryption and anonymity, someone (or more likely, some government entity) approached them and they, ahem, decided to stop.

    I truly hope that's not the reason...
    • according to a Washington Post article []

      "In Hollywood, Fla., the FBI last weekend quizzed Paul Dragomir, manager at the Longshore Motel, about a visit in late August from two men he believes were hijackers Atta and Ziad Samir Jarrah, who demanded 24-hour Internet access.

      Loaded down with baggage and laptops, the men signed in at the small pink beachfront motel using apparent aliases. They claimed to be computer engineers from Iran, Dragomir said, and said they were down from Canada to find jobs.

      They booted up a laptop, showing Dragomir that they had NetZero Internet accounts. For the next few hours, Dragomir unsuccessfully tried to accommodate the men."

      Makes one wonder just what or who 'motivated' NetZero to pull the plug on this product.
    • I don't know how much pressure there is from the gov't on businesses in Canada regarding crypto. I doubt they are responsible for this service being shut down, though.
  • Sept. 11 (Score:3, Interesting)

    by grub ( 11606 ) <> on Thursday October 04, 2001 @11:37AM (#2388369) Homepage Journal
    My money says it's all because of the September 11 attacks. From being a "cool" thing, companies offering anonymity services seem to be less cool in the eyes of the unwashed masses.
    • Well, you may or may not remember

      Anonymous remailer and mail -> Usenet gateway which I had to use because my University didn't allow non-CS students to post to Usenet directly.

      Was shut down [] in 1996 due to spammers and legal concerns of email privacy in Finland. But while it worked, it was great!

    • My money says it's all because of the September 11 attacks. From being a "cool" thing, companies offering anonymity services seem to be less cool in the eyes of the unwashed masses.

      Sadly so.

      The "unwashed masses" won't find anonymity "cool" until the government becomes overtly repressive, say along the lines of the governments of Afghanistan or Myanmar, for example.

      Of course by the time a repressive regime is widely recognized, it will be too late to officially re-introduce anonymity as an effective tool for, and guarantee of, free expression and political dissent. Citizens will have to make do with only those rights embedded in the Constitution two hundred years ago that are practically difficult to rescind.

      I'm not surprised, but sad nevertheless, that our leaders are reacting without giving thought and credence to liberties that promote and enhance a free society; proposed legislation seems to me rather more hurried and less thoughtful than, say, the legislation after the American Revolution (except for Alien & Sedition Acts).

  • by bodin ( 2097 ) [] is still there.
    • by billstewart ( 78916 ) on Thursday October 04, 2001 @01:18PM (#2388587) Journal
      Safeweb is one of several anonymizing services, of which the first well-known one was There are a couple of serious problems with it, one technical, one trust-related. On the other hand, Triangle Boy is really cool.

      The technical problem is that their service uses Javascript, and doesn't work if you're not running Javascript. That means that any time you're using the system, you're vulnerable to any other JS problems on any other web page your browser encounters, until you turn JS back off. IIRC, Safeweb does attempt to clean up JS and other dangerous stuff from pages it displays to you, but it's still a risk. Also, I'm not that impressed with their Javascript, though I'm not an expert on the stuff - my problem was that under Mozilla ~0.91, they pop up windows to do the secure browsing in, and they're not really quite the shape of my screen, though that could have been Mozilla's fault. I sent email to the Safeweb folks about the fundamental "You're using Javascript" problem, and got a really prompt reply from their technical management, which was good, but they fundamentally didn't get it, which bothered me.

      The other problem is trust - in general, you always need to be concerned about whether a service like this is trustable, both because of the intent of the people running it (are they ratting you out to somebody) and the security of their systems (if their server is 0wned by CrackerZ, you're not secure.) As I mentioned, Triangle Boy is really cool - it's a sort of distributed set of volunteer-run anonymizing servers, which keep moving around to prevent blocking services from blocking them, and Safeweb announced that they were going to be using this to provide censorship-free web access for people in China, the Middle East, and other places with censorship problems. The catch - they've got funding from In-Q-Tel, the CIA venture fund. It's probably entirely legit, and certainly good enough for most purposes - but how paranoid you need to be depends on who's really out to get you. ZeroKnowledge was very upfront about what their trustability levels were (plus I knew the folks there, and they were well-connected to the cypherpunks community.)

      • IIRC, Safeweb does attempt to clean up JS and other dangerous stuff from pages it displays to you, but it's still a risk.

        They do a pretty good job of sanitizing JS, but not perfect. In about an hour, I found a couple ways for a malicious server to compromise anonymity through SafeWeb, using JS. I'll grant that it's a tough job to sanitize all JS, but SafeWeb should provide a way for users to browse without JS. In my opinion, this is the single biggest problem with using SafeWeb.

        I sent email to the Safeweb folks about the fundamental "You're using Javascript" problem, and got a really prompt reply from their technical management, which was good, but they fundamentally didn't get it, which bothered me.

        Their FAQ [] indicates they don't get it-- they dismiss the notion that JS is a privacy concern, and discredit those who say it is. However, I think they realize it internally. I know someone who used to work there. He says they get emails complaining about JS every day, but they don't want to do away with their current UI.

        As I mentioned, Triangle Boy is really cool - it's a sort of distributed set of volunteer-run anonymizing servers, which keep moving around to prevent blocking services from blocking them...

        The concept is old... some people (*cough*) have been doing this since at least 1996 []. All it takes is an anonymizing proxy script that is released for distribution. I wrote one called CGIProxy [], and there are others out there. Triangle Boy has pros and cons compared to these-- it puts the bandwidth load on SafeWeb's machines rather than the volunteer Triangle Boy servers, but then it won't work at all if the SafeWeb server ever has a problem (the other scripts run independently).

        Feel free to ask more questions; this particular topic is a specialty of mine.

      • (plus I knew the folks there, and they were well-connected to the cypherpunks community.)

        Not to argue with the other points in your (well-written) post... but surely a certain percentage of the 'cypherpunk' community is going to be undercover stooges for the FBI/CIA/NSA? Sort of like COINTELPRO in the Nixon years -- strong encryption is perceived as a strong enough threat to warrant this sort of spying on your citizens, according to that mindset.

        I'm not saying this is fact, but merely that it's probably a factor that should be considered... the easiest way to break this sort of encryption is to already have someone on the inside, or to get someone to talk.
  • Hushmail... (Score:1, Informative)

    by Anonymous Coward

    ...but I see that hushmail is still in operation.

  • ...

    whoever would think now that they stop it because of what happened in NYC or the slight possibility that someone actually might have used to plan this has nothing to do with it.

    Sorry for the sarcasm, let's see how long it'll take until safweb decideds to shut down as well.
  • Does anyone have a decent list of potential alternatives? The nym thing was too cool.
  • by CaptainAlbert ( 162776 ) on Thursday October 04, 2001 @11:40AM (#2388393) Homepage

    This is even more depressing, because this time the company running the service has pre-empted the government pressure to shut down, and gone ahead and done it before the lawyers arrive.

    Eek. DOes anyone else get the feeling that the terrorists might actually be winning?

    • Maybe it's good, and smart.
      If they shut down now, and wipe records.. it's legal.
      If they wait until lawyers and Feds arrive.... everything would be compromised.
    • Does anyone get the feeling that the government might be doing what it wanted to do anyway?

      There seem to be a few reasons here, but that just makes it more convenient for them.

      I don't know what the terrorists were after, or what they were working. So I can't guess whether or not they are winning. OTOH, what the local authoritarians want is pretty clear. And they are certainly using this to get a lot of what they want. Many of their "protective measures" don't protect anyone. Perhaps it's just to make it look like they are on the job, and make everyone feel good. That's the optomistic viewpoint.
  • by sting3r ( 519844 ) on Thursday October 04, 2001 @12:39PM (#2388398) Homepage
    Certainly, the loss of one more tool in the fight for online privacy is a Bad Thing(tm). But we also need to examine the upside to this event.

    First off, when ZeroKnowledge closes, all of its customers will be forced to find another provider. That will make the other providers 1) more profitable (assuming they aren't taking a loss but making it up in volume, like Amazon); and 2) more effective. As mentioned in the warning to their customers, low volume makes it easier to correlate traffic entering their system with traffic leaving their system. When such a system gets sufficiently large, it will be very difficult to correlate input streams and output streams, because of the sheer number of possible matches.

    Secondly, the closing of another anonymity service will make it harder for terrorists to operate on the internet. They will have one less place to hide. And that has a positive effect on law-abiding netizens - because when communications are more traceable and less anonymous, the government will have fewer excuses to pass legislation that gives law enforcement more snooping powers. And that benefits us all.


    • by malkavian ( 9512 ) on Thursday October 04, 2001 @12:42PM (#2388405)
      Secondly, the closing of another anonymity service will make it harder for terrorists to operate on the internet.

      But, as just about all the security agencies with a clue keep admitting, terrorists don't use the internet because it's just too insecure.
      So closing down all the privacy sites does nothing to hinder the Bad Guys(TM), it just bugs the ordinary guy.

      • So closing down all the privacy sites does nothing to hinder the Bad Guys(TM), it just bugs the ordinary guy.

        So what else is new? It's all part of Anarcho-tyranny. This is the method of governance by which the State (everyone bow down now!) allows a certain amount of mayhem to go on, cracks down in general on liberty, and in the end the State (bow down!) has more power and more control, but the mayhem just keeps on. Repeat after me: "war on drugs".

    • This is either good for anonymity or bad for it. You can't argue both sides.

      When Zero Knowledge closes...[that] will make the other providers...more effective.
      ...the closing of another anonymity service will make it harder for terrorists

      These services make no effort to determine who you are or why you use their service. If they're more effective (presumably for the likes of you and me), they'll be more effective for terrorists, too. If it's harder for terrorists, then it's harder for all of us.

    • The thing is it's really fucking easy for terrorists to operate on the internet.

      The signal to say go forth with the plans we made in the OsamaCave, and cause armegeddon could just be a slashdot post saying 'I find Jon Katz to be an incredibly intelligent, well-reasoned, thoughtful writer. His exposition is beyond reproach.'

    • How can you say in your 2nd paragraph that closing down a provider will give volume to other providers and enhance privacy

      Then in the 3rd paragraph say that communications are more traceable and less anonymous?
  • by Lawmeister ( 201552 ) on Thursday October 04, 2001 @12:42PM (#2388404) Homepage
    "Zero-Knowledge is introducing Freedom Privacy & Security Tools 3.0, the next generation of its online security software for consumers. This new software includes a personal firewall, form filler/password manager, ad manager, cookie manager and keyword alert. As a result, we have decided to focus our main development efforts on this product as well as other software solutions providing online security.

    As such, I regret to inform you that Freedom Premium Services - Anonymous Web Browsing and Private Encrypted Email - will be discontinued as of October 22nd, 2001. Please refer to the detailed Freedom Network shutdown timetable below"

    So basically they are winding down their subscription based business model, leasing nyms (4 minimum as far as I recall) on an annual basis and going with a shrink wrap product.

    I'm holding my breath to see what the reviewers have to say about this Tool kit v3.0 - it may provide what most users are looking for.
  • by Anonymous Coward on Thursday October 04, 2001 @12:45PM (#2388416)
    holy smokes, when i read that a zero knowledge system was discontinuing anonymity, I thought
    that it meant that slashdot was going to stop
    posting by AC's!
  • by wiredog ( 43288 ) on Thursday October 04, 2001 @12:47PM (#2388426) Journal
    I suspect that various governments are bringing pressure to bear. Hotmail et al are probably next. See this article at []
  • by Pituritus Ani ( 247728 ) on Thursday October 04, 2001 @12:50PM (#2388442) Homepage
    Yesterday, I received the following message in response to questions about upcoming changes in services and offshore servers (emphasis mine):

    Date: Wed, 3 Oct 2001 09:56:46 -0400 (EDT)
    Subject: Ref: "New anonymous browsing service"


    Thank you for your interest in Freedom. Currently, we are unable to release specific details about our upcoming privacy services; I wish I could provide you with more information. :(

    As for the servers, the upgrades should be completed shortly, and more servers should appear on the network. We apologize for the inconvenience.


    Freedom Support Team

    Have a question? Looking for answers? Visit our Knowledge Center for up-to-date solutions to common problems.
  • That should stop those pesky terrorists! They'll never think of getting a hotmail account from some public library system!
  • For those of you left out in the cold by this, Hushmail [] provides secure e-mail at a reasonable fee (I forget what I paid) or free accounts. Although if today's message is anything, supporting privacy services with money should be considered if you're going to use the service often!
  • I will probably get flamed for this one, and I must admit my views on privacy and security are in flux right now.

    It seems to me the government should offer a free anonymizer service, with the proviso that detection of verifiable illegal activities transacted through same would lead to the immediate disclosure of the sender's identity (or at least location) to the appropriate legal agency. Private anonymizer services should not be allowed (at least within US borders).

    This would then be a way for whistle blowers and others not engaged in illegal activities to easily, and with better legal shielding, submit their disclosures or air their personal political views. Mailing death threats, circulating child pornography, arranging for killings, or setting up drug drops shouldn't have any kind of guarantee of hiding the sender's identity.

    I can already hear the big sucking sound from civil libertarians -- "HOW CAN YOU POSSIBLY TRUST THE GOVERNMENT WITH THIS?"

    It would seem trusting private individuals with this isn't much better (and the government gets what they want eventually anyway). Perhaps using a private anonymizing service shouldn't imply that someone has something to hide, but in the minds of many, it does.

    Being intractable on this issue will hurt the IT community more in the long run, because it closely associates it with the ability to conduct illicit and untraceable activities. I am more worried about being being prevented from using cryptography, or being forced to register the keys with a government agencies. Here is where the battle should be fought, because it will lead to the real government oversight of the flow of sensitive information.

    Yes this probably comes as result of 9-11-2001. Stop burying your heads in the sand and telling yourselves the world isn't any different now.

    • by swordgeek ( 112599 ) on Thursday October 04, 2001 @01:00PM (#2388491) Journal
      "Stop burying your heads in the sand and telling yourselves the world isn't any different now."

      I take offense to this remark. The world isn't really any different now than it was a month ago, and my saying that isn't an indication of me "burying my head in the sand." The only real difference is that some of you (mostly in the US) have pulled your heads _out_ of the sand and started to realise what's going on in the world.

      As for your idea of a government run anonymizer service, there's just one problem: It won't work! It's exactly like banning secure encryption in the US now--the genie is already out of the bottle, and you can't put it back in. Criminals will always find ways around security, surveillance, and general watchfulness. By forcing bcakdoors on systems, you're only affecting (persecuting, in fact) the law-abiding citizens who will use them.
      • The only real difference is that some of you (mostly in the US) have pulled your heads _out_ of the sand and started to realise what's going on in the world.

        Oh so TRUE!!!!

        I wish I had mod points for you.

        If the FBI announces that terrorists had a hotmail account, there will be a clamour to ban anonymous hotmail accounts. But we know the terrorists used boxcutters and jets and nobody says we should stop using boxcutters or jets.

        THe problem with privacy is that it is a issue of principle that has little mainstream appeal. Most people are too damn boring to care about anybody reading their correspondence. It is the odd one out, the "perverse", the non-conformist, the politically marginal, etc. that will be hurt most.

        The change of mood after September 11 just enhances a fundamental problem: marginal concerns are marginal. To those who cared about privacy, the attack should make no difference. If privacy is really important, it cannot be surrendered any more than air-travel can be surrendered.

    • Boy do I have to be reundant these days:

      "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."

      Even every point of technical communication was plain text and traceable, the "security" you recieve is more of a myth. Your philosphy is a slap in the face to the thousands that died for our freedom.

    • Yes, it is a different world. The threat of terrorism is exactly the same as it was, of course, and so is the need to protect civil liberties (the latter being one of the few eternal constants in society, I'd say -- not civil liberties themselves, regrettably, but the need to protect them.) But two important things have changed:

      1) The forces in government which would like to take away our rights in the name of national security now feel they have the perfect excuse, and

      2) Otherwise intelligent people are so convinced that "the world is different now" that they'll let these would-be tyrants get away with it.

      Can you spell "Reichstag?" I knew you could ...
    • Sorry, that is just a really stupid idea. Ask the family of Martin Luther King, who was monitored for years by J. Edgar Hoover's COINTELPRO.

      Ask yourself: would you ever use it? With Ashcroft (or Janet Reno) as AG? Neither of these two have a strong record in favor of liberty or privacy.

    • Well the flow of responses is as predicted, I expected this would be flamebait.

      The general consensus seems to be
      Personal rights to do anything electronically and have it hidden and undecipherable == GOOD

      Wake up.
      You people are not helping. If you want to hold onto reasonable rights, you have to offer reasonable, effective alternatives that still allow us stop and catch the bad guys.

      I choose not to believe the US government is essentially evil. I choose to believe the US government has improved its stance on human rights in general, effectively and steadily over the last 200 years. I choose to believe there are truly evil men out there that would do America harm. I believe the majority of you online rights complainers are spoiled pampered brats that have never had to sacrifice the least little thing in your lives, and don't understand that we have to help find solutions to the problems caused by unintended side-effect our electronic age has brought us.

      • There are no side-effects of the electronic age except one: that the government finds it easier and easier to invade our rights as new technologies are developed, since people keep "interpreting" how our Constitutional rights should apply in a new medium instead of just doing what the Framers intended--reading our rights as literally as possible and applying them everywhere, without regard to medium, without regard to the changing temper of the times.

        "The mushrooming of surveillance has been explained by the sense of panic
        and crisis felt throughout the government during this period of extremely
        vocal dissent, large demonstrations, political and campus violence, and
        what at the time seemed the inauguration of a period of wide- spread
        anarchy. While officials... suggested that these crises justified the
        surveillance, they failed to recognize that the rights guaranteed by the
        constitution are constant and unbending to the temper of the times..."
        --Senate Subcommittee on Constitutional Rights, 1973

        Terrorist attacks do not justify concurrent attacks by government on our freedoms--not even if the "tyranny of the majority," the large part of the populace that's most easily mislead by Ashcroft's smooth-talk and the like instead of thinking for themselves and reflecting on the future impact decisions we make now will have on us and our children and our childrens' children, is willing to go along out of Fear, Uncertainty, Doubt, and Ignorance.

        If we have no freedoms, there's nothing to fight the terrorists for.

        "Implicit in the term 'national defense' is the notion of defending those
        values and ideals which set this Nation apart... It would indeed be
        ironic if, in the name of national defense, we would sanction the
        subversion of one of those liberties... which makes the defense of the
        Nation worthwhile."
        --Chief Justice Earl Warren, U.S. Supreme Court, US v Robel

        "Man did not enter into society to become worse than he was before, nor
        to have fewer rights than he had before, but to have those rights better
        --Thomas Paine, 1791

        "Experience should teach us to be most on our guard to protect liberty
        when the government's purposes are beneficient... the greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding."
        --Justice Louis Brandeis, U.S. Supreme Court

        "An elective despotism was not the government we fought for."
        -- Thomas Jefferson

        "Contemplate the mangled bodies of your countrymen, and then say, What should be the reward of such sacrifices? ... If ye love wealth better than liberty, the tranquillity of servitude than the animating contest of freedom--go from us in peace. Crouch down and lick the hands which feed you. May your chains sit lightly upon you."
        --Samuel Adams

        "Necessity is the plea for every infringement of human freedom. It is the
        argument of tyrants; it is the creed of slaves."
        --William Pitt to the House of Commons, November 18, 1783

        Anyone who has an historical awareness realizes that we have lost, rather than gained, rights over the last two centuries. We give rights to more people, such as women and blacks, and that's great. But we give fewer rights than our ancestors had. When Ben Franklin was postmaster-general, he wasn't going to let anyone touch your mail without a warrant. Many decades later the Court ruled that you don't have to have a warrant to get the data on the outside of the envelope--reasonable. E-mail and Web traffic is substantially the same thing and should be protected as much as regular mail--yet it isn't. There is no legislation to give your e-mail and packets the same legal protection your snail mail has. Even worse, Sept. 11 is being used as an excuse to pass legislation that would consider ALL fields in packets except for the actual data being shuffled, as ftree for the government to examine without warrant. Disastrous because where e-mail and Web traffic diverges from snail mail is that the FBI can't scan all envelopes and record who's sending what to whom, but they CAN do so with e-mail and Web traffic if only thay can get backbones or local ISPs to install a little equipment. Is that what the Founders would have wanted to happen to mail? For all the information on the envelope to recorded for posterity so that they can know exactly whom you're corresponding with, and monitor you if they don't like who you write to? No? Then we shouldn't allow it.

        It's as simple as that.

        I can go down a whole list of such rights that our forefathers instituted that we have lost. Most of them are rights people don't even realize used to exist, because they weren't codified into the Bill of Rights so clearly. In fact, the principal objection that many of the Founders, including Jefferson, had to creating the Bill of Rights is that it may create the misconception that those are the only absolute rights--which is what it's done. That's why a clause was inserted to reinforce the fact that the listing of rights does not disparage or deny all other rights held by the people, and that it is not a complete list of our inalienable rights. In fact, at the time, our rights were more defined by the Common Law than by the Constitution. Yet today's legal system treats the Common Law and all the rights it gives us as a doormat. The most famous example is probably the elimination, without any legislation to support the move, of the right of juries to nullify the application of a law in given circumstances, so that all common sense and fairness are lost at trial today.

        Wake up yourself. Our rights are a tiny shadow of what Jefferson and Washington and Madison and Franklin and the Adams' and all the citizens of their age had. I'm beginning to think that Jefferson was right, and that each generation should have a revolution against the last, to ensure its rights. One thing's for sure: none of the principal Founders would like the government we live under today. Thay'd recognize it as oppressing us and denying our natural rights and our rights under Common Law.
    • You know, the reason whistle blowers need an anonymizing service is that some self proclaimed 'religious organisations' have lots of lawyers that they send out to destroy the lives of the said whistle blowers. When the said organisation can convince the judge that their 'religious text' is copyrighted, the mere act of discussing the text is then a copyrighted infringement and may be viewed as illegal.

      The government can't protect you.
    • That's the dumbest idea I've ever heard. The reason we need an anonymous service is that the government, and laws are for sale to the highest bidder. And anything can be made illegal if someone in the FBI or a company with enough friends on the hill decide they want your details.
  • The open sourced client and routers are here [].
  • That certainly sucks ass, but I can't say I didn't see this coming.

    They've been showing signs of for months now...discontinuning free services, raising prices, etc.
    Wonder if FuckedCompany has gotten word of this yet...

    C-X C-S
  • by Everyman ( 197621 ) on Thursday October 04, 2001 @01:12PM (#2388550) Homepage
    The liberals in Congress think they're sounding like civil
    libertarians with their new, modified stand on Internet
    surveillance. They say that the authorities should be allowed
    warrantless taps to find out where you surfed, but not what you did
    once you got there. The FBI has a right to know that you went to
    Amazon, for example, but without a warrant they don't have a right
    to know what books you bought. The legal distinction here is from
    the old days: a "pen register" would record the number you dialed,
    but not the conversation itself, and therefore qualified for a
    looser legal standard.

    But pundits don't realize that 99 percent of your Web activity can
    be reconstructed from the Web's equivalent of "pen register"
    information. The search terms you enter into search engines are
    attached to the address itself. Do you believe that the FBI will
    want this portion of the URL excluded simply because they don't
    have probable cause? If and when the NSA is authorized to monitor
    the backbone, do you expect that they will chop off the URL at the
    question mark, so that this information is kept out of their
    keyword-analysis supercomputers? Not likely.

    My reading of the provisions of the new Anti-Terrorism Act of 2001
    suggests that a single, one-time certification by a federal
    law-enforcement official that such information is needed in a
    criminal investigation, without any showing of probable cause, is
    enough to require a court to issue an order allowing a pen-register
    tap on any Internet service provider presented with the order,
    throughout the entire U.S. The definition of this "pen-register or
    trap and trace device" information has been expanded for the
    Internet. It now includes "other dialing, routing, addressing, and
    signaling information reasonably likely to identify the source of a
    wire or electronic communication (but not including the contents of
    such communication)."

    For example, some federal official could conceivably serve Google,
    or any other search engine, with a court order demanding log
    information for all those who searched for particular persons or
    particular combinations of search terms. The "query strings"
    consisting of the users' search terms are, in all standard HTTP
    server logs, included along with the user's domain or IP number.

    One hopes that search engines would be inclined to challenge such
    an order. But we may never know, because if they decide to
    cooperate with the new law, their public relations office won't be
    announcing this. The bottom line is that the phrase, "but not
    including the contents of such communication," might be useful for
    excluding the body of e-mail messages, but is mostly irrelevant for
    Web surfing. This poor wording in the new law may mean that search
    engines can no longer claim privacy at any level.

    If someone wanted to redesign the entire Web for the express
    purpose of surveillance, they couldn't do a better job than what we
    already have. The profile that could be compiled if one had a list
    of all the Web sites you visited, or all the search terms you've
    used on Google, would be very revealing. The latter scenario is
    more worrisome, because the former scenario, short of a
    comprehensive backbone tap, would imply an order served locally at
    your own ISP. You'd almost have to be pre-targeted by the
    authorities. But a tap on a general search engine would amount to a
    global sweep for information. Google currently gets about 110
    million searches every day, most of which are from outside the U.S.
    It would be tempting for the feds to monitor this traffic.
  • Because if you want a refund, you gotta give them a return address - even if you paid anonymously up front (with a money order).

    Of course, anyone who REALLY wants to remain anonymous will just give up on any refund for unused time... This may be a good way to spot possible illicit activity, after which the FBI may request their records. Seems like a good ploy to me. But then IANAFBISpy.
  • What a gyp! (Score:2, Informative)

    by p0nderous ( 318850 )
    So I started beta-testing Freedom a while back... probably August or Sept. of 1999. I purchased the product in Dec. of 99 as soon as it was available. Hell, I was one of the first 100 to buy it since I got my free stinking t-shirt. The way they described licensing back then was "you can either use five nyms for one year, one nym for five years, or any combination in between." At this point, I have not yet used all of my nyms, meaning I have not fully used the product, meaning I should get a refund. Especially because I helped beta test and submitted bug reports left and right. But no! I don't fall within the "on or before Jan. 1, 2001" time frame, so I'm SOL. Perfect example of a good company gone bad. I wonder if Ian Goldberg is going to jump ship now that their product does Zer0 Cryptography.

    Oh well. Another fantastic product down the drain. Nice job, upper management! That's what happens when you let guys from the stone age manage a cool new company with something real to offer.
  • by Sonicboom ( 141577 ) on Thursday October 04, 2001 @01:48PM (#2388734) Journal
    Closing an anon remailer or anon web proxy is not going to stop terrorism. Neither is putting backdoors into encryption schemes, or making National ID cards that people will be required to carry. They are great deterrents tho.

    Before the internet there was terrorism... and unfortunately terrorism will continue.

    A step in the right direction would be tighter immigration laws. Better security on flights, and letting the millitary do their job (no more bullshit police actions).

    But closing down a remailer or web proxy won't stop anything. It's paranoia. Why can't the terrorists set up their OWN anon remailers or proxies. Hell they could revert to using RFC1149 technology with a Honeycomb Cereal invisible ink pen....

    Paranoia does not solve problems...

  • There was once a time when anonymous remailers served a purpose on the net, and where the people using them were as or more likely to contribute something to the online community as any others.

    Sadly, I think that time has now passed.

    On most of the Usenet groups I frequent (which, of course, is merely the tiniest fraction of those available), the people using anonymous remailers seem to be overwhelmingly: A.) Spammers, B.) Jerks who contribute nothing to the group and who cower behind anonymity for the sole purpose of flaming others free of consequences, and C.) People who not not only pirate intellectual property, but who spam newsgroups with it to show everyone how big their virtual Warezzz penis is. For example, a couple of months ago, someone spammed rec.arts.sf.written with hundreds of badly OCRed SF novels and stories, including some by people who are by no means rich.

    Frankly, the people with the most urgent need for legitimate use of anonymous remailers (i.e., those in communist or otherwise oppressive countries where there is no freedom of the press) are the ones who either can't get to them anyway, or whose governments have so much of the system tapped that it would be easy to track them down.

    While there are still some legitimate uses for anonymous remailers (Scientology whistle-blowers, for example), the jerks and spammers seem to outweigh legitimate uses about 100 to 1. Thus I see no real cause to mourn their passing. I wish that it were otherwise, but we must deal with the world as it is, not as we wish it were.

  • by Corgha ( 60478 ) on Thursday October 04, 2001 @02:01PM (#2388798)
    ...when you've got wireless?

    Just find your local wide-open corporate or university wireless network, and hack away! Maybe even buy yourself a nice directional antenna... w00t!
  • by Zeinfeld ( 263942 ) on Thursday October 04, 2001 @03:59PM (#2389454) Homepage
    I posted a story to slashdot predicting this would happen a couple of weeks ago.

    The whole cryptographic anonymity area was likely to take a massive hit in the wake of the WTC attack.

    Even if ZeroKnowledge had kept going the increased scrutiny and surveillance would render the scheme pointless. Having a FreedomNet account or connecting to the server would get you put on a watch list the minute the NSA found out - and find out they would.

    I suspect that the number of hosting facilities willing to run the service servers declined substantially after the WTC attack.

    I would not give the Sealand folk much chance of lasting very much longer. For all the riddiculous libberprattle the platform is now inside UK territorial waters and the UK government does not recognise sealand as a state. Since the sealand employees are mainly from the US that would make them illegal workers subject to arrest when they set foot on the mainland.

    • by rdl ( 4744 ) <<moc.anonev> <ta> <nayr>> on Friday October 05, 2001 @01:35AM (#2391033) Homepage
      ZKS ended Freedom because it doesn't make money for them; they rightly have shifted their focus to a somewhat better business model. I think ZKS was from the beginning a bit overly cypherpunk and not enough pragmatic business; it's widely known end-users DO NOT pay for privacy or anonymity and usually not for security. They are rightly focusing on what their major clients want. If the markets were doing better, ZKS could have continued subsidizing the Freedom network, and maybe more applications could have been built on top of it, but this is commercial reality -- they need to turn a profit ASAP.

      HavenCo (the datacenter on Sealand) has *always* been focused on business clients, and selling services to people who receive bottom line benefits from HavenCo hosting -- a lot of our clients are chosing us at USD 1500/month where the only alternative is traditional central american offshore at USD 15k/month. That's why we have been profitable since 4 months after we started general sales. We're on-track with expansion plans, both in terms of physical sites, and related business offerings.We don't even offer a consumer web hosting or mail option because it just doesn't make money. You can feel free to criticize us for being mercenary, but that's why we'll be in business in 10 years, and companies which in effect subsidize consumer security offerings will probably not. In a recessionary market, products which can provide 1 for 1 substitution at a dramatic and immediate cost savings do well; we've had if anything an uptick since the summer.

      (interestingly, at least one member of the press also claimed HavenCo would be out of business; this was in December 2000 if I recall correctly.)

      Regardless of people of questionable impartiality or competence from cyberia-l, the fact is Sealand's legal claims have withstood more than 30 years of challenge by other governments; every lawyer who has written an opinion, including numerous professors of law, has recognized this, and there is substantial documentation from various government agencies, in the UK and other nations, to support.
      It has always been clear that the true threat to security and privacy companies is market demand; followed perhaps by internal execution. Any threat of government action is so remote that if a company gets to the point where the government DOES shut them down, they've already won. The majority of the p2p systems in the US were forced to shut for commercial reasons (scour, aimster, etc.). Only a few of the most successful were challenged in court, and their failings were after the initial challenge primarily due to execution and lack of a real way to extract revenue, not action by the MPAA or RIAA.

      That being said, I'm more than happy to run a Freedom server; I already run a mixmaster remailer (which is fairly similar technology), and there have been absolutely no serious complaints or difficulties. I know several of the executives at ZKS, and I'm sure they'll do the right thing. ZKS has always had a lot of support within the security and privacy community; they were started by and hired some of the best people, and developed technology which made no compromises on security. I'm sure their business and consulting offerings, as well as their remaining optimized client software, will do well.
  • I think it's safe to say that we are all saddened by the recently announced shutdown of the Freedom Network.

    I signed up for Zero Knowledge Systems' premium services not too long ago, that is, when I was moving into a university where I am connected on a non-switched network that is extremely easy to sniff traffic off of. I found freedom to be very useful.

    I was about to set up another node on the Freedom Network as well. At this very moment I have a server setting in a data center, idling. Now I am hit with this news.

    I will be brief. I am interested in setting up a secure SOCKS proxy server, and want to know how many people would pay for this kind of a service. It would be different than the Freedom Network, in that its main focus would be on privacy instead of anonymity. Of course your connection would be pseudo-anonymous, but not subpoena resistant like freedom was. However it would support any program which supports SOCKS proxies, for example AOL Instant Messenger, ICQ, file sharing programs, etc, in addition to regular web browsing. It would use either IPSec or some other strong cryptography to secure all traffic between the client and the proxy.

    There would have to be some kind of bandwidth based billing system, however, for example either a bandwidth cap or a cost based on the amount of bandwidth used. I am not in this to make tons of money, but then again I couldn't afford the bandwidth if users paying $10/month are downloading numerous movies and MP3s through the proxy.

    Please email me at [mailto] to express any interest or provide any ideas or suggestions.

    Thank you,
    Adam Smith
  • List of alternatives (Score:2, Informative)

    by lmd ( 413644 )
    Alternatives to Zero Knowledge include

    Anonymizer [],
    Rewebber [],
    Siegesoft [], and
    Orangatango [].
  • I used to run a SourceForge project called Tweakdom, which was for tweaks to Freedom's old open-source Linux client. Several months ago, ZKS dropped support of Linux clients, so the project was shut down. We still have the client source code, but in order for the system to work, we needed a network of running servers.

    Since ZKS will no longer be in the business, several existing Freedom users have asked ZKS if they would make their old server code available to the open-source community. If that happens, I'll be happy to start up the Tweakdom project again. Here's hopin'...

    If you're interested, check the web page for updates, or join the mailing list. Here's the URL's:

    The Tweakdom web page: []

    The Tweakdom mailing list: []


Loose bits sink chips.