ZeroKnowledge to Discontinue Anonymity Service

VulgarBoatman writes: "ZeroKnowledge, providers of Freedom.net and Freedom privacy software, have abruptly decided to stop providing anonymous web browsing and private, encrypted, untraceable email for its customers. They give users 7 days before the system is shut down and all untraceable email addresses are disabled. They also say that your "secret" identity may not remain a secret for long." Well, note that that last link is a warning about using the service during the shutdown period, not a warning that they plan to compromise nyms in general. At least they're offering a refund. Update: 10/04 19:00 GMT by M : ZKS has a statement in the comments below.

this blows

[gregclimbs]

this was the best anonymizer that existed. I used it personally as a great tool for testing our site from inside the firewall (while appearing to the site like I was outside).

Not a good day :(

Glad i didn't sign up..

[milkme123]

.. but doesn't it seem a little strange that this comes in the wake of september 11th? Who's pressuring them to discontinue annonymity?

MODERATION screwup

[h2odragon]

Offtopic? Really.

Don't editorialize out our paranoia, it has served well so far.

Not so bad though is it?

[rm-r]

It's a shame sure, but like the article says- it's all down to people finding other ways to do it themselves rather than rely on somebody else. It would be nice if they gave advice to their existing nyms on how they might be able to maintain their privact though

Bad business model

[Quasar1999]

My question is, how did billing for the service work in the first place?

Umm, account #12344234 owes us $300... but we don't know who it is, or where he lives...

I think their business model didn't work... the collections department had nothing to do...

Easy, no billing

[Anonymous Coward]

No collections department, you paid in advance for a year's service. If you wanted to ensure anonymity, you could sign up online, get an account number, and write that on an money order. You could also pay by credit card - they claimed to have an internal system to remove the linkage between the payment and the account.

Re:Bad business model

[cd_Csc]

And how are they giving refunds? "Please send my refund check to [home address] or deposit it directly to my credit card [account number]."

Why are they stopping service?

[jgerry]

I'm curious as to whether the motivation is financial or some other reason... Maybe in the wake of all this terrorist bru-ha-ha about encryption and anonymity, someone (or more likely, some government entity) approached them and they, ahem, decided to stop.

I truly hope that's not the reason...

Looks like at least 2 terrorosts used NetZero...

[Lawmeister]

according to a Washington Post article [washingtonpost.com]

"In Hollywood, Fla., the FBI last weekend quizzed Paul Dragomir, manager at the Longshore Motel, about a visit in late August from two men he believes were hijackers Atta and Ziad Samir Jarrah, who demanded 24-hour Internet access.

Loaded down with baggage and laptops, the men signed in at the small pink beachfront motel using apparent aliases. They claimed to be computer engineers from Iran, Dragomir said, and said they were down from Canada to find jobs.

They booted up a laptop, showing Dragomir that they had NetZero Internet accounts. For the next few hours, Dragomir unsuccessfully tried to accommodate the men."

Makes one wonder just what or who 'motivated' NetZero to pull the plug on this product.

Zero Knowledge a Canadian company

[nano-second]

I don't know how much pressure there is from the gov't on businesses in Canada regarding crypto. I doubt they are responsible for this service being shut down, though.

Sept. 11

[grub]

My money says it's all because of the September 11 attacks. From being a "cool" thing, companies offering anonymity services seem to be less cool in the eyes of the unwashed masses.

Re:Sept. 11

[Pope]

Well, you may or may not remember anon.penet.fi

Anonymous remailer and mail -> Usenet gateway which I had to use because my University didn't allow non-CS students to post to Usenet directly.

Was shut down [penet.fi] in 1996 due to spammers and legal concerns of email privacy in Finland. But while it worked, it was great!

Re:Sept. 11

[kubrick]

Back in the anon.penet.fi days, I was looking around for a topic for a paper in law school, and briefly considered something related to porn on usenet, so I spent a couple weeks gathering all the porn that came through my newsreader.

Ah, so that's why you did it.

Sure, I might believe you... thousands wouldn't. :)

Re:Sept. 11

[4of12]

My money says it's all because of the September 11 attacks. From being a "cool" thing, companies offering anonymity services seem to be less cool in the eyes of the unwashed masses.

Sadly so.

The "unwashed masses" won't find anonymity "cool" until the government becomes overtly repressive, say along the lines of the governments of Afghanistan or Myanmar, for example.

Of course by the time a repressive regime is widely recognized, it will be too late to officially re-introduce anonymity as an effective tool for, and guarantee of, free expression and political dissent. Citizens will have to make do with only those rights embedded in the Constitution two hundred years ago that are practically difficult to rescind.

I'm not surprised, but sad nevertheless, that our leaders are reacting without giving thought and credence to liberties that promote and enhance a free society; proposed legislation seems to me rather more hurried and less thoughtful than, say, the legislation after the American Revolution (except for Alien & Sedition Acts).

SAFEWEB is still there.

[bodin]

http://www.safeweb.com/ [safeweb.com] is still there.

SAFEWEB has Javascript, CIA problems. Cool though

[billstewart]

Safeweb is one of several anonymizing services, of which the first well-known one was www.anonymizer.com. There are a couple of serious problems with it, one technical, one trust-related. On the other hand, Triangle Boy is really cool.

The technical problem is that their service uses Javascript, and doesn't work if you're not running Javascript. That means that any time you're using the system, you're vulnerable to any other JS problems on any other web page your browser encounters, until you turn JS back off. IIRC, Safeweb does attempt to clean up JS and other dangerous stuff from pages it displays to you, but it's still a risk. Also, I'm not that impressed with their Javascript, though I'm not an expert on the stuff - my problem was that under Mozilla ~0.91, they pop up windows to do the secure browsing in, and they're not really quite the shape of my screen, though that could have been Mozilla's fault. I sent email to the Safeweb folks about the fundamental "You're using Javascript" problem, and got a really prompt reply from their technical management, which was good, but they fundamentally didn't get it, which bothered me.

The other problem is trust - in general, you always need to be concerned about whether a service like this is trustable, both because of the intent of the people running it (are they ratting you out to somebody) and the security of their systems (if their server is 0wned by CrackerZ, you're not secure.) As I mentioned, Triangle Boy is really cool - it's a sort of distributed set of volunteer-run anonymizing servers, which keep moving around to prevent blocking services from blocking them, and Safeweb announced that they were going to be using this to provide censorship-free web access for people in China, the Middle East, and other places with censorship problems. The catch - they've got funding from In-Q-Tel, the CIA venture fund. It's probably entirely legit, and certainly good enough for most purposes - but how paranoid you need to be depends on who's really out to get you. ZeroKnowledge was very upfront about what their trustability levels were (plus I knew the folks there, and they were well-connected to the cypherpunks community.)

Re:SAFEWEB has Javascript, CIA problems. Cool thou

[jsm]

IIRC, Safeweb does attempt to clean up JS and other dangerous stuff from pages it displays to you, but it's still a risk.

They do a pretty good job of sanitizing JS, but not perfect. In about an hour, I found a couple ways for a malicious server to compromise anonymity through SafeWeb, using JS. I'll grant that it's a tough job to sanitize all JS, but SafeWeb should provide a way for users to browse without JS. In my opinion, this is the single biggest problem with using SafeWeb.

I sent email to the Safeweb folks about the fundamental "You're using Javascript" problem, and got a really prompt reply from their technical management, which was good, but they fundamentally didn't get it, which bothered me.

Their FAQ [safeweb.com] indicates they don't get it-- they dismiss the notion that JS is a privacy concern, and discredit those who say it is. However, I think they realize it internally. I know someone who used to work there. He says they get emails complaining about JS every day, but they don't want to do away with their current UI.

As I mentioned, Triangle Boy is really cool - it's a sort of distributed set of volunteer-run anonymizing servers, which keep moving around to prevent blocking services from blocking them...

The concept is old... some people (*cough*) have been doing this since at least 1996 [cfcl.com]. All it takes is an anonymizing proxy script that is released for distribution. I wrote one called CGIProxy [jmarshall.com], and there are others out there. Triangle Boy has pros and cons compared to these-- it puts the bandwidth load on SafeWeb's machines rather than the volunteer Triangle Boy servers, but then it won't work at all if the SafeWeb server ever has a problem (the other scripts run independently).

Feel free to ask more questions; this particular topic is a specialty of mine.

Re:SAFEWEB has Javascript, CIA problems. Cool thou

[kubrick]

(plus I knew the folks there, and they were well-connected to the cypherpunks community.)

Not to argue with the other points in your (well-written) post... but surely a certain percentage of the 'cypherpunk' community is going to be undercover stooges for the FBI/CIA/NSA? Sort of like COINTELPRO in the Nixon years -- strong encryption is perceived as a strong enough threat to warrant this sort of spying on your citizens, according to that mindset.

I'm not saying this is fact, but merely that it's probably a factor that should be considered... the easiest way to break this sort of encryption is to already have someone on the inside, or to get someone to talk.

Hushmail...

[Anonymous Coward]

...but I see that hushmail is still in operation.

Of course...

[MKalus]

...

whoever would think now that they stop it because of what happened in NYC or the slight possibility that someone actually might have used to plan this has nothing to do with it.

Sorry for the sarcasm, let's see how long it'll take until safweb decideds to shut down as well.

Alternatives?

[broody]

Does anyone have a decent list of potential alternatives? The nym thing was too cool.

Re:Alternatives?

[matrix0040]

as ppl have pointed out .. one is safeweb.com another alternative is idzap.com [idzap.com]

History repeats itself

[CaptainAlbert]

Remember anon.penet.fi?

This is even more depressing, because this time the company running the service has pre-empted the government pressure to shut down, and gone ahead and done it before the lawyers arrive.

Eek. DOes anyone else get the feeling that the terrorists might actually be winning?

Re:History repeats itself

[mindstrm]

Maybe it's good, and smart.
If they shut down now, and wipe records.. it's legal.
If they wait until lawyers and Feds arrive.... everything would be compromised.

Re:History repeats itself

[HiThere]

Does anyone get the feeling that the government might be doing what it wanted to do anyway?

There seem to be a few reasons here, but that just makes it more convenient for them.

I don't know what the terrorists were after, or what they were working. So I can't guess whether or not they are winning. OTOH, what the local authoritarians want is pretty clear. And they are certainly using this to get a lot of what they want. Many of their "protective measures" don't protect anyone. Perhaps it's just to make it look like they are on the job, and make everyone feel good. That's the optomistic viewpoint.

Re:History repeats itself

[ktakki]

What happened to them anyway? One minute addresses from that domain seemed to be everywhere (whether you wanted to see them or not) and the next minute poof.

Collateral damage from the $cientologists' war against the Internet (circa '95 or '96).

The Co$ got Finnish authorities to subpoena anon.penet.fi's records. The operator, Julf Helsingius [sic?] closed up shop, saying he couldn't guarantee the anonymity of his users anymore.

There's probably something about it in WiReD's archives.

k.

This is an opportunity

[sting3r]

Certainly, the loss of one more tool in the fight for online privacy is a Bad Thing(tm). But we also need to examine the upside to this event.

First off, when ZeroKnowledge closes, all of its customers will be forced to find another provider. That will make the other providers 1) more profitable (assuming they aren't taking a loss but making it up in volume, like Amazon); and 2) more effective. As mentioned in the warning to their customers, low volume makes it easier to correlate traffic entering their system with traffic leaving their system. When such a system gets sufficiently large, it will be very difficult to correlate input streams and output streams, because of the sheer number of possible matches.

Secondly, the closing of another anonymity service will make it harder for terrorists to operate on the internet. They will have one less place to hide. And that has a positive effect on law-abiding netizens - because when communications are more traceable and less anonymous, the government will have fewer excuses to pass legislation that gives law enforcement more snooping powers. And that benefits us all.

-sting3r

Re:This is an opportunity

[malkavian]

Secondly, the closing of another anonymity service will make it harder for terrorists to operate on the internet.

But, as just about all the security agencies with a clue keep admitting, terrorists don't use the internet because it's just too insecure.
So closing down all the privacy sites does nothing to hinder the Bad Guys(TM), it just bugs the ordinary guy.

Malk

Re:This is an opportunity

[jazman_777]

So closing down all the privacy sites does nothing to hinder the Bad Guys(TM), it just bugs the ordinary guy.

So what else is new? It's all part of Anarcho-tyranny. This is the method of governance by which the State (everyone bow down now!) allows a certain amount of mayhem to go on, cracks down in general on liberty, and in the end the State (bow down!) has more power and more control, but the mayhem just keeps on. Repeat after me: "war on drugs".

quitting coffee.

[hawk]

>You ever see someone with a four-cup/day habit go cold turkey?

I've quit a two or three *pot* a day habit cold turkey. Of course, the fact that I didn't know just *how far* past two a day I was was part of the reason.

Then again, caffeeine doesn't faze me. It doesn't keep me awake or alert, or make me jittery (OK, a grand total of twice I got jittery, but that's from the multiple pots in a sitting thing :).

When I dumped the multi-pot a day habit in grad school, I wnet over to decaff without a problem. OK, a little problem; I had to change to flavored beans to mask the funny taste from the lack of caffination.

Add a few more years, and there's some difficulty. I make decaff in my office, but my wife makes the regular stuff at home. So with decaff all week and then real stuff on the weekends, I did start getting mild headaches on monday or tuesday (this didn't used to happen), so now I have a cup of my wife's at home before I leave.

hawk

Re:Those things *are* drugs

[mpe]

Most of the so-called 'hard' drugs are the ones that cause high rates of addiction; they may not even produce that strong of a dependence, but the craving and build-up of tolerance are always there. This is part of the reason for the confusion between different definitions of 'addictive' substances.

Also definitions get corrupted by politics. Leading to nicotine products being called "soft drugs" when calling them "legal hard drugs" actually makes more sense.

I'll agree that THC products shouldn't be classified in the way as narcotics, but some drugs really are dangerous.

Except that banning drugs has nothing to do with danger. One of the most dangerous drugs is paracetamol, but you can buy this easily.
Most of the danger from illegal drugs actually comes from their being outside of the kind of standards which would otherwise apply to them. i.e. known dosage free from contamination.

Re:This is an opportunity

[mpe]

The list of banned substances has more to do with unrelated historical acts than social issues. For example, hemp was banned primarily because it was competing with the production of paper using pulp - this has translated to a social issue pretty much through misinformation.

Depending which story you believe it could also have been the use of hemp for making rope...

And why isn't alcohol banned?

That's been tried, problem is that the results of prohibition were worst than the "problem" it was intended to address. The same is probably true now, legalise the lot and most of the problems may well disappear.

Re:This is an opportunity

[dillon_rinker]

This is either good for anonymity or bad for it. You can't argue both sides.

When Zero Knowledge closes...[that] will make the other providers...more effective.
...the closing of another anonymity service will make it harder for terrorists

These services make no effort to determine who you are or why you use their service. If they're more effective (presumably for the likes of you and me), they'll be more effective for terrorists, too. If it's harder for terrorists, then it's harder for all of us.

Re:This is an opportunity

[mosch]

The thing is it's really fucking easy for terrorists to operate on the internet.

The signal to say go forth with the plans we made in the OsamaCave, and cause armegeddon could just be a slashdot post saying 'I find Jon Katz to be an incredibly intelligent, well-reasoned, thoughtful writer. His exposition is beyond reproach.'

Re:This is an opportunity

[Kanasta]

How can you say in your 2nd paragraph that closing down a provider will give volume to other providers and enhance privacy

Then in the 3rd paragraph say that communications are more traceable and less anonymous?

Looks like more of a business model switch

[Lawmeister]

"Zero-Knowledge is introducing Freedom Privacy & Security Tools 3.0, the next generation of its online security software for consumers. This new software includes a personal firewall, form filler/password manager, ad manager, cookie manager and keyword alert. As a result, we have decided to focus our main development efforts on this product as well as other software solutions providing online security.

As such, I regret to inform you that Freedom Premium Services - Anonymous Web Browsing and Private Encrypted Email - will be discontinued as of October 22nd, 2001. Please refer to the detailed Freedom Network shutdown timetable below"

So basically they are winding down their subscription based business model, leasing nyms (4 minimum as far as I recall) on an annual basis and going with a shrink wrap product.

I'm holding my breath to see what the reviewers have to say about this Tool kit v3.0 - it may provide what most users are looking for.

Re:Looks like more of a business model switch

[sulli]

No more anonymous IPs or email addresses. It sounds like just another personal firewall - I'm happy with ZoneAlarm [zonelabs.com] and probably won't switch. Too bad.

whew! when I read that, I thought...

[Anonymous Coward]

holy smokes, when i read that a zero knowledge system was discontinuing anonymity, I thought
that it meant that slashdot was going to stop
posting by AC's!

Fallout from Sept 11

[wiredog]

I suspect that various governments are bringing pressure to bear. Hotmail et al are probably next. See this article at [washingtonpost.com]

Re:Fallout from Sept 11

[wiredog]

No. Hotmail. Apparently the terrorists were using free hotmail accounts to exchange info. No indications that they used crypto however.

Re:Fallout from Sept 11

[Tassach]

Hushmail and ZipLip, however, don't log anything.

Or so you hope. It's a matter of trust. They could be logging IP's without disclosing it. One of their employees might have covertly set up a packet sniffer. A programmer "planted" by some third party could have built a covert channel into the software that leaks information to his handlers. There could be a stupid bug somewhere in their system that can be used to recover the dropped logs. There are countless ways that the security can be subverted. Unless you control the channel end-to-end, there's always a risk of it being subverted.

That's how they used it

[wiredog]

Logons from libraries, cafe's, etc.

Surprise to the staff as well?

[Pituritus Ani]

Yesterday, I received the following message in response to questions about upcoming changes in services and offshore servers (emphasis mine):

Date: Wed, 3 Oct 2001 09:56:46 -0400 (EDT)
From: InfoReplies@zeroknowledge.com
To: @freedom.net
Subject: Ref: "New anonymous browsing service"

Hello,

Thank you for your interest in Freedom. Currently, we are unable to release specific details about our upcoming privacy services; I wish I could provide you with more information. :(

As for the servers, the upgrades should be completed shortly, and more servers should appear on the network. We apologize for the inconvenience.

Regards,

Freedom Support Team

Have a question? Looking for answers? Visit our Knowledge Center for up-to-date solutions to common problems.
http://www.freedom.net/support/knowledge.html

oh yeah

[WinDoze]

That should stop those pesky terrorists! They'll never think of getting a hotmail account from some public library system!

Well, at least there are *options*

[Majik]

For those of you left out in the cold by this, Hushmail [hushmail.com] provides secure e-mail at a reasonable fee (I forget what I paid) or free accounts. Although if today's message is anything, supporting privacy services with money should be considered if you're going to use the service often!

Lets have a US government anonymizing service

[DumbSwede]

I will probably get flamed for this one, and I must admit my views on privacy and security are in flux right now.

It seems to me the government should offer a free anonymizer service, with the proviso that detection of verifiable illegal activities transacted through same would lead to the immediate disclosure of the sender's identity (or at least location) to the appropriate legal agency. Private anonymizer services should not be allowed (at least within US borders).

This would then be a way for whistle blowers and others not engaged in illegal activities to easily, and with better legal shielding, submit their disclosures or air their personal political views. Mailing death threats, circulating child pornography, arranging for killings, or setting up drug drops shouldn't have any kind of guarantee of hiding the sender's identity.

I can already hear the big sucking sound from civil libertarians -- "HOW CAN YOU POSSIBLY TRUST THE GOVERNMENT WITH THIS?"

It would seem trusting private individuals with this isn't much better (and the government gets what they want eventually anyway). Perhaps using a private anonymizing service shouldn't imply that someone has something to hide, but in the minds of many, it does.

Being intractable on this issue will hurt the IT community more in the long run, because it closely associates it with the ability to conduct illicit and untraceable activities. I am more worried about being being prevented from using cryptography, or being forced to register the keys with a government agencies. Here is where the battle should be fought, because it will lead to the real government oversight of the flow of sensitive information.

Yes this probably comes as result of 9-11-2001. Stop burying your heads in the sand and telling yourselves the world isn't any different now.

Re:Lets have a US government anonymizing service

[swordgeek]

"Stop burying your heads in the sand and telling yourselves the world isn't any different now."

I take offense to this remark. The world isn't really any different now than it was a month ago, and my saying that isn't an indication of me "burying my head in the sand." The only real difference is that some of you (mostly in the US) have pulled your heads _out_ of the sand and started to realise what's going on in the world.

As for your idea of a government run anonymizer service, there's just one problem: It won't work! It's exactly like banning secure encryption in the US now--the genie is already out of the bottle, and you can't put it back in. Criminals will always find ways around security, surveillance, and general watchfulness. By forcing bcakdoors on systems, you're only affecting (persecuting, in fact) the law-abiding citizens who will use them.

Re:Lets have a US government anonymizing service

[metis]

The only real difference is that some of you (mostly in the US) have pulled your heads _out_ of the sand and started to realise what's going on in the world.

Oh so TRUE!!!!

I wish I had mod points for you.

If the FBI announces that terrorists had a hotmail account, there will be a clamour to ban anonymous hotmail accounts. But we know the terrorists used boxcutters and jets and nobody says we should stop using boxcutters or jets.

THe problem with privacy is that it is a issue of principle that has little mainstream appeal. Most people are too damn boring to care about anybody reading their correspondence. It is the odd one out, the "perverse", the non-conformist, the politically marginal, etc. that will be hurt most.

The change of mood after September 11 just enhances a fundamental problem: marginal concerns are marginal. To those who cared about privacy, the attack should make no difference. If privacy is really important, it cannot be surrendered any more than air-travel can be surrendered.

Re:How about this perspective ?

[swordgeek]

"That's just "When guns will have been outlawed, only outlaws will own guns" paraphrased yet again."

You're right--it is, and I HATE that argument. And yet, still I made it...

There is one fundamental difference between using the argument for guns vs. encryption: Guns are designed for the sole purpose of killing. They are a destructive weapon. Encryption is a means of enforcing privacy, and privacy can be used as an aid to a weapon.
Encryption isn't fundamentally a weapon and shouldn't be treated like one. What your post suggests is that if I don't want to play nice and give all of my correspondence to the government, I'm going to be treated like a criminal. Yes this happens in totalitarian states. That doesn't mean that it's a good thing, or that we should be trying to emulate it. In fact, we should be holding on tightly to the fact that we _can_ safely dissent and maintain our privacy.

There's another problem that no one in this thread has mentioned yet: Corruption. If the government has the ability to break your email encryption, rest assurred that someone will, sometime. If you're having an affair, expect to see blackmail letters sooner or later. Or possibly you're a schoolteacher who likes to dress in drag on the weekends, in a different town. No harm, no laws broken, but the school boards probably don't want you teaching, and you might pay to have them not find out.

The two problems with a government escrow are that it won't work for it's intended purpose, and it will be abused by corrupt individuals. You can count on that.

Re:Lets have a US government anonymizing service

[tshak]

Boy do I have to be reundant these days:

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."

Even every point of technical communication was plain text and traceable, the "security" you recieve is more of a myth. Your philosphy is a slap in the face to the thousands that died for our freedom.

Re:Lets have a US government anonymizing service

[Tassach]

I doubt Franklin would have considered being able to use an electronic anonymizing service an "essential liberty"

I think Franklin, Jefferson, et al. would be aghast to think that the government agents could secretly and undetectably evesdrop on the public en mass, without a court order. This simply wasn't possible in their day -- the only way of communicating over distance was via a letter.

Even if all the mail of the day had been carried by the USPS (of which Franklin was the first Postmaster General), it would have been impossible for the gvt. to open and read every letter. Considering that sealing wax was used (in combination with distinctive seals) to close the letters, it was very difficult to open a letter without the intrusion being detected.

One of the biggest grievances the Colonists had with England was the fact that the Redcoats used general searches -- anyone & anyplace could be searched at any time for any reason. Our founding fathers considered this to be unacceptable conduct for a fair and just government. In response to this abuse of power, they established the principles set out in the 4th amendment: that a warrant is required for a search to take place, and that the warrant must explicitly list who and what is to be searched, and what the object of the search is. There's a world of diffence between being monitored because the Gvt. has probable cause (or, to use your own words, justifiable suspicion) and being monitored because you "fit the profile" or just because you happen to use the same ISP as somebody else who's under suspicion for somthing.

The wholesale monitoring of electronic communications is the moral equivilent of opening and reading every postal letter. It is unacceptable, immoral, and unconstituitonal. The government has no Constitutional authority to do so, and is explicitly BARRED from doing so without a warrant by the 4th amendment.

As a practical matter, the gvt. can and will monitor electronic communications, the Constitution be damned. It is a limitation of the technology that it is easy to monitor. However, we have the absolute right to use any and all technological measures available to us in order to guard the privacy of our communications against prying eyes and ears. Furthermore, while the Government may be able to COLLECT information via illicit/illegal means, there MUST be SEVERE restrictions on how that information can be used. Comunications intercepted without a warrant should NEVER be admissible in court, under any circumstances whatsoever. This is fine for anti-terrorism purposes.

A Terrorist (or any other covert operative) requires total secrecy in order to do his job. If his "cover" is blown, his operational effectiveness drops almost to nil. You don't even necessarily need to arrest a suspected terrorist in order to stop him - you just need to let him know that you know who & what he is and that he's being watched. If he's well-trained (as bin Laden's people are), his response will to cut all contact with his handlers in order to minimize the damage to the organization. You don't get the viceral satisfaction of sending his butt to jail, but that is really unimportant next to the fact that you've prevented a tragedy.

Re:Lets have a US government anonymizing service

[mpe]

A Terrorist (or any other covert operative) requires total secrecy in order to do his job.

An atmosphere of suspecting anyone might actually make it easier for someone to act covertly. Let alone it's proven not to work, the government of the GDR had no idea that their whole country was about to cease to exist, dispite having files on something like 25% of the population.

If his "cover" is blown, his operational effectiveness drops almost to nil.

You first need to identify the terrorist. Mass interception (and machine scanning) isn't likely to help you much.

Re:Lets have a US government anonymizing service

[Tassach]

I agree with you on both points, that an atmosphere of general suspicion makes it harder to single out the genuinely suspicious people, and that mass surveillance isn't going to be effective. All of which means that Dubya and the Congresscritters are peddling snake oil; shitcanning the Constitution in order to advance their own political agendas.

Re:Lets have a US government anonymizing service

[Daniel Dvorkin]

Yes, it is a different world. The threat of terrorism is exactly the same as it was, of course, and so is the need to protect civil liberties (the latter being one of the few eternal constants in society, I'd say -- not civil liberties themselves, regrettably, but the need to protect them.) But two important things have changed:

1) The forces in government which would like to take away our rights in the name of national security now feel they have the perfect excuse, and

2) Otherwise intelligent people are so convinced that "the world is different now" that they'll let these would-be tyrants get away with it.

Can you spell "Reichstag?" I knew you could ...

Re:Lets have a US government anonymizing service

[Daniel Dvorkin]

"The threat of terrorism is not the same now as it has always been, it has escalated in severity and consequences since 1993, both from sources internal and abroad."

Silly me; I thought we were talking about how the world has changed since Sept. 11, 2001, not since 1993. (And why did you pick 1993, particularly?)

"Quit inventing rights that didn't exist 200 years ago, and then pretending we are turning into Nazis if we have to modify them."

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, --That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness.

The Nazis, of course, did not hold these truths to be self-evident at all. Neither did the Communists. Neither, apparently, does John Ashcroft. Neither, apparently, do you. I still have enough faith in my fellow Americans to hope that, once the current panic dies down a bit, these will prove to be exceptions to the rule.

Re:Lets have a US government anonymizing service

[Tackhead]

> When we lose a million citizens [...] someday, they will have lost the most essential liberty of all, the right to life.

Last time I checked, it didn't say "Life, Liberty, Pursuit of Happiness. Choose any two."

For some of us, any two are meaningless unless accompanied by the third.

Re:Lets have a US government anonymizing service

[WNight]

Just for reference, I'm Canadian.

I will (voluntarily) cede NOTHING to the government, unless I am convinced that it will help.

If the government banned strong crypto, it wouldn't help, at all. Strong crypto already exists. When used with stegonagraphy, strong crypto can produce essentially invisible messages. This means criminals could continue to use strong crypto, but ordinary law-abiding citizens couldn't.

Thus, if I give up my right to crypto, I haven't actually helped to make the world any safer. In fact, by putting all my communications in plain-text (trusting DMCA-type laws to prevent evesdropping) I'd have made life even easier for the criminals.

There's a good article on Counterpane (www.counterpane.com/labs.html) about this very thing. He says that it makes sense to be inconvenienced by some security measures, but only if they actually provide security. If they don't make anything more secure, they're just a placebo (at best) and might be harmful.

Do you care to suggest some rights that I might choose to give up?

Re:Lets have a US government anonymizing service

[WNight]

You only assume that lawlessness would run rampant with the control measure of the week.

If phones were just invented and police weren't allowed to tap them, criminals would use them, but police would bug or tap something else. If they wanted to know what a criminal was doing, they'd follow him around and use a directional mic.

What would happen if someone invented a quantum communicator, so-called because it involves instantaneous communication between two points with no in-between signal. It would be untappable by nature. Would you advocate crippling it by either covering up the technology, or requiring every communicator to have a second communications channel that recorded everything at a government monitoring station?

My main problem with phone tapping and key escrow is that they allow automated tapping. Automated tapping is where you get your abuses. It's so easy, so why don't they simply record everything and scan it at their leisure. Voice recognition means that keyword scanning is a possibility, and text can trivially be scanned.

In the days when tapping a phone meant that you had to leave a reel-to-reel tape recorder on it, and then have an agent listen to it you couldn't do it indiscriminately.

Today's technology raises the scary spectre of McCarthy-ism. Imagine when all your communications in the last twenty years can be quickly perused and used against you. However, by keeping evesdropping hard, the government (or anyone who could potentially crack their databases) would have to suspect you of a crime instead of just going on a fishing expedition.

There are many ways now that criminals can communicate safely, including over the telephone, and crime isn't rampant. I think you're grasping at straws.

Re:Lets have a US government anonymizing service

[WNight]

"Women would never be free from obscene phone calls, because tracing back the callers would be impossible in a truly anonymous system. [...]"

If there was a problem with a system accepting connections from unknown hosts, people could choose to accept anonymous calls or make callers authenticate with a code.

"without a means to backtrack, after proof a crime, someone without a criminal record, or a prior criminal not currently being monitored will never be caught. So you will have to monitor 24-7 all prior criminals, and most likely everyone you suspect could ever become a criminal. Talk about a police state!"

That's exactly what keeping a log of phone calls does. It assumes that law enforcement will need to monitor everyone and keeps a record now, for them to refer to later. That's not really much different than recording all the calls and only listening to them if you suspect the person. It's still assuming guilt.

"Just because the majority of the /. community doesn?t think guaranteed anonymity facilitates criminal activity doesn?t make it so, and there have been no reasonable explanations of how to keep this from occurring."

Guaranteed anonymity might make things easier for criminals, but it'd also give non-criminals something they couldn't have achieved before without criminal acts (false ID, etc). Criminals can work around the identifiers in the system, non-criminals by definition, can't. Just because something CAN be used in a crime doesn't mean that it should be banned. This is where you get stuck.

" The argument that crime is not rampant seems a bit specious. Do we wait for it to become rampant as criminals become more technically savvy, then implement what I?m suggesting?"

Do we ban or neuter any technology that might be of use to a criminal someday?

"If someone sends me a message, why should they be able to completely disguise who sends it or from where? Why is this protected as Free Speech?"

It's protected because unless you have the ability to say something without fear of attacks. Thanks to this, Afghanis have been able (for years) to tell the free world about the atrocities of the Taliban. Imagine if their 'anonymous' communications could be logged by the government. Whistleblowers also tell of government corruption and coverups.

Also, if the government can tell who said something, so can a determined criminal. Think of the informant who wants to give evidence against a mafia member. The only way to guarantee anonimity is to not log the identity in the first place, because protecting it in the future is impossible to guarantee.

"I am not for the government reading your postings and transactions, only being able to identity the source of anonymous posting when there is proof of abuse."

This assumes the government isn't who you're trying to hide your identity from. There have been a lot of cases of corruption where the last people you'd want to be able to find you aree the law enforcement.

And any system that has a backdoor built in (either logging, or weaker encryption, or key escrow) is vulnerable to attack at that point.

Look at cell phones, for example. People didn't want evesdroppers, so it was made illegal to buy a scanner that would listen on those frequencies even though the law is essentially unenforceable. This to prevent people from using encryption, because the government didn't want untappable calls.

So what happens? Criminals, who for the most part are the only ones who stand to gain, still listen in on calls.

Now digital cell phones are encrypted, but with a weak encryption, that evidence shows the governments weakened, so that they wouldn't be untappable.

And we're again back to where criminals (by definition, with anti-scanner and DMCA type laws) are the only ones who can break the law, but they can do it with relative impunity. It's a passive attack, so all it's good for is a harsher charge if you catch them doing something else, it can't be used to actually prevent the evesdropping.

"It could be that you are confusing my position, as been the case in half the posting to this thread."

I could be, but you could also be missing some implications. By taking something (anything) away from non-criminals, you're just widening the gap between haves and have-nots. Sometimes this is worth it (I wouldn't want to see everyone with tac-nukes) and sometimes is isn't. I think the fact that anonymous posting is essential for free speech (whistle-blowing, unpopular speech) means that we can't jeapordize it just because it may, at some unspecified point in the future, help law enforcement. Especially when there are other ways to catch people.

Re:Lets have a US government anonymizing service

[BinxBolling]

I keep saying it over and over and no one responds. Will you give up anything to the government that will allow some reasonable means of assuring security?

Maybe. But only when I'm presented with convincing evidence that restricting these rights will actually help to maintain security. There's been no evidence published that these services are being used by terrorists (in fact, they used ordinary Hotmail accounts). So maybe you should can the hysterical posturing.

Re:Lets have a US government anonymizing service

[BinxBolling]

There are many illegal activities being done through anonymizing services (I will not re-enumerate them here).

Troll. You never enumerated any illegal activites being carried out through anonymizers in the first place.

From another of your comments:

I have challenged over and over again others to come up with alternatives to keeping anonymizing services from being used to support illegal activities, so far none have been proffered.

No. The burden is on you to demonstrate
that these services are being used for significant criminal activity. Until you do so, there's no burden on anyone to defend the existence and use of anonymizers.

Re:Lets have a US government anonymizing service

[sulli]

Sorry, that is just a really stupid idea. Ask the family of Martin Luther King, who was monitored for years by J. Edgar Hoover's COINTELPRO.

Ask yourself: would you ever use it? With Ashcroft (or Janet Reno) as AG? Neither of these two have a strong record in favor of liberty or privacy.

Re:Lets have a US government anonymizing service

[DumbSwede]

Well the flow of responses is as predicted, I expected this would be flamebait.

The general consensus seems to be
GOVERNMENT == BAD
Personal rights to do anything electronically and have it hidden and undecipherable == GOOD

Wake up.
You people are not helping. If you want to hold onto reasonable rights, you have to offer reasonable, effective alternatives that still allow us stop and catch the bad guys.

I choose not to believe the US government is essentially evil. I choose to believe the US government has improved its stance on human rights in general, effectively and steadily over the last 200 years. I choose to believe there are truly evil men out there that would do America harm. I believe the majority of you online rights complainers are spoiled pampered brats that have never had to sacrifice the least little thing in your lives, and don't understand that we have to help find solutions to the problems caused by unintended side-effect our electronic age has brought us.

Oh, Bollocks!

[Chasing Amy]

There are no side-effects of the electronic age except one: that the government finds it easier and easier to invade our rights as new technologies are developed, since people keep "interpreting" how our Constitutional rights should apply in a new medium instead of just doing what the Framers intended--reading our rights as literally as possible and applying them everywhere, without regard to medium, without regard to the changing temper of the times.

"The mushrooming of surveillance has been explained by the sense of panic
and crisis felt throughout the government during this period of extremely
vocal dissent, large demonstrations, political and campus violence, and
what at the time seemed the inauguration of a period of wide- spread
anarchy. While officials... suggested that these crises justified the
surveillance, they failed to recognize that the rights guaranteed by the
constitution are constant and unbending to the temper of the times..."
--Senate Subcommittee on Constitutional Rights, 1973

Terrorist attacks do not justify concurrent attacks by government on our freedoms--not even if the "tyranny of the majority," the large part of the populace that's most easily mislead by Ashcroft's smooth-talk and the like instead of thinking for themselves and reflecting on the future impact decisions we make now will have on us and our children and our childrens' children, is willing to go along out of Fear, Uncertainty, Doubt, and Ignorance.

If we have no freedoms, there's nothing to fight the terrorists for.

"Implicit in the term 'national defense' is the notion of defending those
values and ideals which set this Nation apart... It would indeed be
ironic if, in the name of national defense, we would sanction the
subversion of one of those liberties... which makes the defense of the
Nation worthwhile."
--Chief Justice Earl Warren, U.S. Supreme Court, US v Robel

"Man did not enter into society to become worse than he was before, nor
to have fewer rights than he had before, but to have those rights better
secured."
--Thomas Paine, 1791

"Experience should teach us to be most on our guard to protect liberty
when the government's purposes are beneficient... the greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding."
--Justice Louis Brandeis, U.S. Supreme Court

"An elective despotism was not the government we fought for."
-- Thomas Jefferson

"Contemplate the mangled bodies of your countrymen, and then say, What should be the reward of such sacrifices? ... If ye love wealth better than liberty, the tranquillity of servitude than the animating contest of freedom--go from us in peace. Crouch down and lick the hands which feed you. May your chains sit lightly upon you."
--Samuel Adams

"Necessity is the plea for every infringement of human freedom. It is the
argument of tyrants; it is the creed of slaves."
--William Pitt to the House of Commons, November 18, 1783

Anyone who has an historical awareness realizes that we have lost, rather than gained, rights over the last two centuries. We give rights to more people, such as women and blacks, and that's great. But we give fewer rights than our ancestors had. When Ben Franklin was postmaster-general, he wasn't going to let anyone touch your mail without a warrant. Many decades later the Court ruled that you don't have to have a warrant to get the data on the outside of the envelope--reasonable. E-mail and Web traffic is substantially the same thing and should be protected as much as regular mail--yet it isn't. There is no legislation to give your e-mail and packets the same legal protection your snail mail has. Even worse, Sept. 11 is being used as an excuse to pass legislation that would consider ALL fields in packets except for the actual data being shuffled, as ftree for the government to examine without warrant. Disastrous because where e-mail and Web traffic diverges from snail mail is that the FBI can't scan all envelopes and record who's sending what to whom, but they CAN do so with e-mail and Web traffic if only thay can get backbones or local ISPs to install a little equipment. Is that what the Founders would have wanted to happen to mail? For all the information on the envelope to recorded for posterity so that they can know exactly whom you're corresponding with, and monitor you if they don't like who you write to? No? Then we shouldn't allow it.

It's as simple as that.

I can go down a whole list of such rights that our forefathers instituted that we have lost. Most of them are rights people don't even realize used to exist, because they weren't codified into the Bill of Rights so clearly. In fact, the principal objection that many of the Founders, including Jefferson, had to creating the Bill of Rights is that it may create the misconception that those are the only absolute rights--which is what it's done. That's why a clause was inserted to reinforce the fact that the listing of rights does not disparage or deny all other rights held by the people, and that it is not a complete list of our inalienable rights. In fact, at the time, our rights were more defined by the Common Law than by the Constitution. Yet today's legal system treats the Common Law and all the rights it gives us as a doormat. The most famous example is probably the elimination, without any legislation to support the move, of the right of juries to nullify the application of a law in given circumstances, so that all common sense and fairness are lost at trial today.

Wake up yourself. Our rights are a tiny shadow of what Jefferson and Washington and Madison and Franklin and the Adams' and all the citizens of their age had. I'm beginning to think that Jefferson was right, and that each generation should have a revolution against the last, to ensure its rights. One thing's for sure: none of the principal Founders would like the government we live under today. Thay'd recognize it as oppressing us and denying our natural rights and our rights under Common Law.

Re:Lets have a US government anonymizing service

[Kanasta]

You know, the reason whistle blowers need an anonymizing service is that some self proclaimed 'religious organisations' have lots of lawyers that they send out to destroy the lives of the said whistle blowers. When the said organisation can convince the judge that their 'religious text' is copyrighted, the mere act of discussing the text is then a copyrighted infringement and may be viewed as illegal.

The government can't protect you.

Re:Lets have a US government anonymizing service

[G-funk]

That's the dumbest idea I've ever heard. The reason we need an anonymous service is that the government, and laws are for sale to the highest bidder. And anything can be made illegal if someone in the FBI or a company with enough friends on the hill decide they want your details.

Grab it while it's still there

[Pituritus Ani]

The open sourced client and routers are here [zeroknowledge.com].

Well...

[Pope Slackman]

That certainly sucks ass, but I can't say I didn't see this coming.

They've been showing signs of titsup.com-ness for months now...discontinuning free services, raising prices, etc.
Wonder if FuckedCompany has gotten word of this yet...

C-X C-S

Web surveillance and the new anti-terror law

[Everyman]

The liberals in Congress think they're sounding like civil
libertarians with their new, modified stand on Internet
surveillance. They say that the authorities should be allowed
warrantless taps to find out where you surfed, but not what you did
once you got there. The FBI has a right to know that you went to
Amazon, for example, but without a warrant they don't have a right
to know what books you bought. The legal distinction here is from
the old days: a "pen register" would record the number you dialed,
but not the conversation itself, and therefore qualified for a
looser legal standard.

But pundits don't realize that 99 percent of your Web activity can
be reconstructed from the Web's equivalent of "pen register"
information. The search terms you enter into search engines are
attached to the address itself. Do you believe that the FBI will
want this portion of the URL excluded simply because they don't
have probable cause? If and when the NSA is authorized to monitor
the backbone, do you expect that they will chop off the URL at the
question mark, so that this information is kept out of their
keyword-analysis supercomputers? Not likely.

My reading of the provisions of the new Anti-Terrorism Act of 2001
suggests that a single, one-time certification by a federal
law-enforcement official that such information is needed in a
criminal investigation, without any showing of probable cause, is
enough to require a court to issue an order allowing a pen-register
tap on any Internet service provider presented with the order,
throughout the entire U.S. The definition of this "pen-register or
trap and trace device" information has been expanded for the
Internet. It now includes "other dialing, routing, addressing, and
signaling information reasonably likely to identify the source of a
wire or electronic communication (but not including the contents of
such communication)."

For example, some federal official could conceivably serve Google,
or any other search engine, with a court order demanding log
information for all those who searched for particular persons or
particular combinations of search terms. The "query strings"
consisting of the users' search terms are, in all standard HTTP
server logs, included along with the user's domain or IP number.

One hopes that search engines would be inclined to challenge such
an order. But we may never know, because if they decide to
cooperate with the new law, their public relations office won't be
announcing this. The bottom line is that the phrase, "but not
including the contents of such communication," might be useful for
excluding the body of e-mail messages, but is mostly irrelevant for
Web surfing. This poor wording in the new law may mean that search
engines can no longer claim privacy at any level.

If someone wanted to redesign the entire Web for the express
purpose of surveillance, they couldn't do a better job than what we
already have. The profile that could be compiled if one had a list
of all the Web sites you visited, or all the search terms you've
used on Google, would be very revealing. The latter scenario is
more worrisome, because the former scenario, short of a
comprehensive backbone tap, would imply an order served locally at
your own ISP. You'd almost have to be pre-targeted by the
authorities. But a tap on a general search engine would amount to a
global sweep for information. Google currently gets about 110
million searches every day, most of which are from outside the U.S.
It would be tempting for the feds to monitor this traffic.

Anonymity disappears with refunds...

[Goldenhawk]

Because if you want a refund, you gotta give them a return address - even if you paid anonymously up front (with a money order).

Of course, anyone who REALLY wants to remain anonymous will just give up on any refund for unused time... This may be a good way to spot possible illicit activity, after which the FBI may request their records. Seems like a good ploy to me. But then IANAFBISpy.

What a gyp!

[p0nderous]

So I started beta-testing Freedom a while back... probably August or Sept. of 1999. I purchased the product in Dec. of 99 as soon as it was available. Hell, I was one of the first 100 to buy it since I got my free stinking t-shirt. The way they described licensing back then was "you can either use five nyms for one year, one nym for five years, or any combination in between." At this point, I have not yet used all of my nyms, meaning I have not fully used the product, meaning I should get a refund. Especially because I helped beta test and submitted bug reports left and right. But no! I don't fall within the "on or before Jan. 1, 2001" time frame, so I'm SOL. Perfect example of a good company gone bad. I wonder if Ian Goldberg is going to jump ship now that their product does Zer0 Cryptography.

Oh well. Another fantastic product down the drain. Nice job, upper management! That's what happens when you let guys from the stone age manage a cool new company with something real to offer.

Instant paranoia doesn't solve problems...

[Sonicboom]

Closing an anon remailer or anon web proxy is not going to stop terrorism. Neither is putting backdoors into encryption schemes, or making National ID cards that people will be required to carry. They are great deterrents tho.

Before the internet there was terrorism... and unfortunately terrorism will continue.

A step in the right direction would be tighter immigration laws. Better security on flights, and letting the millitary do their job (no more bullshit police actions).

But closing down a remailer or web proxy won't stop anything. It's paranoia. Why can't the terrorists set up their OWN anon remailers or proxies. Hell they could revert to using RFC1149 technology with a Honeycomb Cereal invisible ink pen....

Paranoia does not solve problems...

No Great Loss (Spam, Piracy, Harassment, etc.)

[Nova Express]

There was once a time when anonymous remailers served a purpose on the net, and where the people using them were as or more likely to contribute something to the online community as any others.

Sadly, I think that time has now passed.

On most of the Usenet groups I frequent (which, of course, is merely the tiniest fraction of those available), the people using anonymous remailers seem to be overwhelmingly: A.) Spammers, B.) Jerks who contribute nothing to the group and who cower behind anonymity for the sole purpose of flaming others free of consequences, and C.) People who not not only pirate intellectual property, but who spam newsgroups with it to show everyone how big their virtual Warezzz penis is. For example, a couple of months ago, someone spammed rec.arts.sf.written with hundreds of badly OCRed SF novels and stories, including some by people who are by no means rich.

Frankly, the people with the most urgent need for legitimate use of anonymous remailers (i.e., those in communist or otherwise oppressive countries where there is no freedom of the press) are the ones who either can't get to them anyway, or whose governments have so much of the system tapped that it would be easy to track them down.

While there are still some legitimate uses for anonymous remailers (Scientology whistle-blowers, for example), the jerks and spammers seem to outweigh legitimate uses about 100 to 1. Thus I see no real cause to mourn their passing. I wish that it were otherwise, but we must deal with the world as it is, not as we wish it were.

A little privacy humour in a depressing discussion

[Glytch]

Straight from Three Dead Trolls In A Baggie. [mp3s.com]

Who needs anonymous services...

[Corgha]

...when you've got wireless?

Just find your local wide-open corporate or university wireless network, and hack away! Maybe even buy yourself a nice directional antenna... w00t!

Sealand will be next

[Zeinfeld]

I posted a story to slashdot predicting this would happen a couple of weeks ago.

The whole cryptographic anonymity area was likely to take a massive hit in the wake of the WTC attack.

Even if ZeroKnowledge had kept going the increased scrutiny and surveillance would render the scheme pointless. Having a FreedomNet account or connecting to the server would get you put on a watch list the minute the NSA found out - and find out they would.

I suspect that the number of hosting facilities willing to run the service servers declined substantially after the WTC attack.

I would not give the Sealand folk much chance of lasting very much longer. For all the riddiculous libberprattle the platform is now inside UK territorial waters and the UK government does not recognise sealand as a state. Since the sealand employees are mainly from the US that would make them illegal workers subject to arrest when they set foot on the mainland.

Re:Sealand will be next

[rdl]

ZKS ended Freedom because it doesn't make money for them; they rightly have shifted their focus to a somewhat better business model. I think ZKS was from the beginning a bit overly cypherpunk and not enough pragmatic business; it's widely known end-users DO NOT pay for privacy or anonymity and usually not for security. They are rightly focusing on what their major clients want. If the markets were doing better, ZKS could have continued subsidizing the Freedom network, and maybe more applications could have been built on top of it, but this is commercial reality -- they need to turn a profit ASAP.

HavenCo (the datacenter on Sealand) has *always* been focused on business clients, and selling services to people who receive bottom line benefits from HavenCo hosting -- a lot of our clients are chosing us at USD 1500/month where the only alternative is traditional central american offshore at USD 15k/month. That's why we have been profitable since 4 months after we started general sales. We're on-track with expansion plans, both in terms of physical sites, and related business offerings.We don't even offer a consumer web hosting or mail option because it just doesn't make money. You can feel free to criticize us for being mercenary, but that's why we'll be in business in 10 years, and companies which in effect subsidize consumer security offerings will probably not. In a recessionary market, products which can provide 1 for 1 substitution at a dramatic and immediate cost savings do well; we've had if anything an uptick since the summer.

(interestingly, at least one member of the press also claimed HavenCo would be out of business; this was in December 2000 if I recall correctly.)

Regardless of people of questionable impartiality or competence from cyberia-l, the fact is Sealand's legal claims have withstood more than 30 years of challenge by other governments; every lawyer who has written an opinion, including numerous professors of law, has recognized this, and there is substantial documentation from various government agencies, in the UK and other nations, to support.
It has always been clear that the true threat to security and privacy companies is market demand; followed perhaps by internal execution. Any threat of government action is so remote that if a company gets to the point where the government DOES shut them down, they've already won. The majority of the p2p systems in the US were forced to shut for commercial reasons (scour, aimster, etc.). Only a few of the most successful were challenged in court, and their failings were after the initial challenge primarily due to execution and lack of a real way to extract revenue, not action by the MPAA or RIAA.

That being said, I'm more than happy to run a Freedom server; I already run a mixmaster remailer (which is fairly similar technology), and there have been absolutely no serious complaints or difficulties. I know several of the executives at ZKS, and I'm sure they'll do the right thing. ZKS has always had a lot of support within the security and privacy community; they were started by and hired some of the best people, and developed technology which made no compromises on security. I'm sure their business and consulting offerings, as well as their remaining optimized client software, will do well.

Re:Sealand won't be next...

[Zeinfeld]

The assertion that the UK doesn't recognize Sealand as a state is unfounded. The UK has, de facto, done so by refusing to intervene during the period when Sealand held a German national prisoner after an attempted takeover of the platform

Untrue. At the time of the incident the platform was outside UK waters. Now it is inside.

The point you attempt to make about 'international law' is utterly bogus. No country recognises Sealand. Under UK law any ship that is not registered with what UK law determines to be a national government may be considered a pirate vessel.

The failure to close down Sealand does not mean that the UK government recognises it. That will not stop the Libbertarian Taleban from arguing the theology of the case at inordinate length.

If as alleged Sealand was a sovereign teritory then the UK government could under accepted international law serve it a notice insisting that it cease aiding and abetting criminals. If Sealand declined it could under international law issue an ultimatum and commence hostilities.

Given the measures likely to be agreed by the UN security council in the comming weeks the chances are that the UK would even be able to state it was operating under a UN mandate.

Freedom Network Replacement?

[cyberops0]

I think it's safe to say that we are all saddened by the recently announced shutdown of the Freedom Network.

I signed up for Zero Knowledge Systems' premium services not too long ago, that is, when I was moving into a university where I am connected on a non-switched network that is extremely easy to sniff traffic off of. I found freedom to be very useful.

I was about to set up another node on the Freedom Network as well. At this very moment I have a server setting in a data center, idling. Now I am hit with this news.

I will be brief. I am interested in setting up a secure SOCKS proxy server, and want to know how many people would pay for this kind of a service. It would be different than the Freedom Network, in that its main focus would be on privacy instead of anonymity. Of course your connection would be pseudo-anonymous, but not subpoena resistant like freedom was. However it would support any program which supports SOCKS proxies, for example AOL Instant Messenger, ICQ, file sharing programs, etc, in addition to regular web browsing. It would use either IPSec or some other strong cryptography to secure all traffic between the client and the proxy.

There would have to be some kind of bandwidth based billing system, however, for example either a bandwidth cap or a cost based on the amount of bandwidth used. I am not in this to make tons of money, but then again I couldn't afford the bandwidth if users paying $10/month are downloading numerous movies and MP3s through the proxy.

Please email me at feedback@senseofsecurity.com [mailto] to express any interest or provide any ideas or suggestions.

Thank you,
Adam Smith

List of alternatives

[lmd]

Alternatives to Zero Knowledge include

Anonymizer [anonymizer.com],
Rewebber [rewebber.com],
Siegesoft [siegesoft.com], and
Orangatango [orangatango.com].

The Tweakdom project might be able to fill the gap

[willdye]

I used to run a SourceForge project called Tweakdom, which was for tweaks to Freedom's old open-source Linux client. Several months ago, ZKS dropped support of Linux clients, so the project was shut down. We still have the client source code, but in order for the system to work, we needed a network of running servers.

Since ZKS will no longer be in the business, several existing Freedom users have asked ZKS if they would make their old server code available to the open-source community. If that happens, I'll be happy to start up the Tweakdom project again. Here's hopin'...

If you're interested, check the web page for updates, or join the mailing list. Here's the URL's:

The Tweakdom web page: http://tweakdom.sourceforge.net [sourceforge.net]

The Tweakdom mailing list: http://sourceforge.net/mail/?group_id=23929 [sourceforge.net]

--willdye

Re:In true .com fashion

[VulgarBoatman]

Nope. $59.95 for 5 identities - each good for a maximum of 1 year.

Re:Refunds?

[Chmarr]

The "At least they're offering a refund." in the article body above would imply "Yes".

Re:Refunds?

[HiThere]

Freedom nym mailboxes will not accept any incoming mail as of October 11th, 2001.

I would say that this makes their reason pretty clear. I don't know whether there was outside pressure or not, but judging by the date, I'd guess not. That's exactly one month.

Re:check the math dude....

[Red Aardvark House]

Yes, according to the article all services shut down by Oct. 22nd.

Incoming e-mail servies shut down Oct. 11th as a result of most of their servers being taken offline. So you have 7 days to notify people you're changing your e-mail address.

Re:Shaver

[furiousgeorge]

Mike left Zero Knowledge quite some time ago.....

Re:Shaver

[Mike Shaver]

I think I left ZKS several months back (on good terms, etc., etc.).

I think that Hamnett's message says it all (they couldn't afford to keep operating the network, because of that traditional operating-cost-vs.-revenue balance).

I think that gov't pressure -- should any have actually existed; I don't recall much such pressure from when I was there -- had nothing to do the decision.

I think they picked a very hard market nut to crack, and chose a very high bar for the level of security and privacy they were going to provide.

I think the market didn't share their (our) enthusiasm for that level of service, perhaps unfortunately.

I think a lot of people have talked here and elsewhere about how the Freedom network could have been done better, from technology or marketing or whatever perspectives...

...but I think nobody has done a better job so far of that type of network service.

I think they've learned a _lot_ about protecting privacy and helping other people and organizations protect privacy.

I think there's a market for that knowledge, and good applications of it.

I think they're going to be OK.

I think you shouldn't really care what I think.

(I think Craig's still a dork.)

Re:You said it ...

[Rick the Red]

Privacy is only a concern for those who are under the illusion that anyone else would care to know what they write in their emails.

As a victim of identity theft I can assure you the threat of other people reading your email is no illusion. So far they've managed to charge over $10,000 to our credit cards in three months, and I suspect the sum is that low only because they maxed them out. We know our email is compromised because we got an email confirmation for one of the bogus orders.

Those of you who guard your email address to ward off spam are doing the right thing for the wrong reason, and I pray you never learn what can happen when you truely lose your privacy. If my wife knew I posted here she'd kill me, she's become so paranoid over this.

Re:Getting rid of anonymity is not the answer

[coolgeek]

except for the surveillance cams and firewall logs at the library. probably not too big a deal for library to spit images out regularly to biometric systems at FBI offices. next step CIA and NSA "acquire" cybercafes.

and don't forget that thing that looks like an eye on the front of your TiVO... =)

Re:Getting rid of anonymity is not the answer

[josepha48]

"I can go to the public library, open a hotmail account, and e-mail and browse anonymously. "

Yup and that is what spammers do. How many people really tell the truth when they open up hotmail, yahoo, or any other free email account? Not all I can tell you that.

There is also ways of knowing what someone is doing on a web site and doing lots of tracking. When I worked for a web portol, we knew where a user came to our site from, weather it was a search engine, or a link on another site. We knew what pages they viewed. We knew how they navigated through the site, and often how they left the site. I can totally see why the need for anomymous browsing. You are being watched on the net.

In light of sept 11, I think they think that they may have been providing this service to bin laden or some of his people, and this could be true, but it is no reason to stop.

I also wonder if they will get suid by someone if they make the 'secret names' public. I wonder what their user agreement said. Sounds like this could launch a civil action suit against a company that says 'we'll protect your privacy', and then doesn't.

Personally I have nothing to hide. So I just use mozilla and reject the cookies. If you know that I am on a porn site we'll duh, I'm over 18 and it's legal (for now) in this country.

buy the shirt rm -rf /bin/laden [linuxlookup.com]
from http://linuxlookup.com/

Re:Good.

[mathieukhor]

I am an ex-ZKS employee, and you - are a troll.

Do you really think you can stop people from developping or using encryption or anonymity? There a rumours Ben Laden uses steganography - should we ban all .GIF's and JPEG's on the web?

Most employeess at ZKS believe in protecting our rights, and in preserving privacy versus what is perceived by many as intrusions of a police state future into what was otherwise a "free" internet. As Phil Zimmerman said:, "if you ban strong crypto only the terrorists and criminals will have access to it."

Re:Safe Web - see comments on other thread

[billstewart]

http://slashdot.org/comments.pl?sid=22261&cid=2388 370 is another thread of this same discussion - see comments there.

Business model was always a gamble

[billstewart]

ZKS's business model was always a gamble, but it was the critical thing they had to offer. There are a number of people in the cypherpunks community who've developed remailers, but the critical problem was how to keep enough of them running to provide security, diversity, and reliability. (The typical problem remailers have is keeping their ISPs from getting upset by complaints from recipients of unwanted anonymous mail, and running a faster-response-time system like ZKS requires comsuming more upstream bandwidth as well.) What their business model had to offer, besides a good enough friendly user interface to make it easy for the general public to use, was a financial incentive for ISPs to want to run remailers, because they're paying customers rather than problem users. We were never sure whether they'd succeed, but it would be a great thing if they did. Oh, well....

Re:Time for these to disapear

[Doomdark]

Just a small comment; even though US administration certainly has lots of indirect influence on other countries' jurisdictions, it's not all that straight-forward to shut down foreign companies/websites. If I'm not mistaken, ZK is a canadian company, and like IP-name says, anon.penet.fi was a finnish site (a hobby of a finnish Internet pioneer who got lots of unfair shit because of a few uninforment news articles back then).

And no, it's not a co-incidence that practically all anonymity-enhancing services have been located outside US of A for years now.

Re:Ian Goldberg, Bruce Schneier & Whitfield Di

[Ian Goldberg]

Believe me, no one is more disappointed about this than I am, but right now there simply isn't enough market buy-in on the premium services to justify the network's operating costs. :-(

As a business, we are focusing on the product that customers and partners want. Here's an official Zero-Knowledge Systems statement on the matter:

With the release of Freedom 3.0 [zeroknowledge.com] and the discontinuation of the Freedom Network (our anonymous browsing and encrypted pseudonym service) there have been a number of questions for more details about the decision to stop offering the Freedom Network services. Hopefully this will help clarify things.

When we released Freedom 1.0 close to 2 years ago we saw a significant percentage of our users subscribe to the premium Freedom Network services. This was anticipated as our early adopters were very privacy and technology aware and had expressed strong interest in the Freedom Network offering.

As we began to increase the distribution of Freedom into the mass market with the release of Freedom 2.0 & 2.2, we saw a disproportionately high percentage of users who subscribed to the standard features (and not Freedom Network services). The initial interest in the premium (FN) services amongst our early adopters simply didn't carry over to the mainstream and as our user numbers grew, we began to realize that the market was looking for the kind of features we are now offering in Freedom 3.0.

As we began our feature triage for Freedom 3.0 (almost 9 months ago) we heard from customers and focus groups of users, as well as channel partners [zeroknowledge.com], and reflected on the statistics from our existing user base, and decided that there was not enough mass market demand for the premium services to justify continuing the service.

This was entirely a market related decision. The market demand for consumer Internet security and safety tools has grown considerably in the 4 years our company has been in business. Freedom 3.0 is a strong competitor to security offerings from companies such as Symantec and McAfee and we have gotten very positive market support and a warm reception from channel partners to this new version of our suite of privacy and security tools.

There has been speculation that this decision was somehow related to government pressure or was made in the wake of the tragedies of September 11. This is simply untrue. For the past 3 months we have been beta-testing this version with partners, getting certification from Microsoft for our drivers and completing our Alpha and Beta cycles with our beta users. Support for the Freedom network offering was removed from the client code base well before the recent tragedies of September 11.

Our research team is continuing work in the area of privacy enhanced network protocols, and we are open to any suggestions the research community offers on how we can leverage the work that went into the Freedom Network design and operation to advance this area of computer science. If you have suggestions or interest in this, please contact us at corporate@zeroknowledge.com [mailto].

Zero-Knowledge continues to offer our consumer protection utility Freedom 3.0 and we are very excited by the prospects for this product. We also have a division that is addressing the market need of enterprise privacy technologies that stem from managing consumer data that require strong security and policy frameworks to adhere to privacy regulations and customer preference management (Healthcare; Financial and other consumer data that is subject to new security, privacy restrictions relating to legislation like HIPAA, GLB, PIPEDA, EU privacy directive).

Our company continues to evolve and focus our efforts on market needs and customer demands and we remain very confident of our prospects in these markets.

Re:Ian Goldberg, Bruce Schneier & Whitfield Di

[friday2k]

This is really sad to hear. We have seen to many good, anonymous services go down. It all started with DigiCash and Chaum, a payment system utilizing blind signatures. True(!) anonymous payments. And ZKS also had the right tools at hand to create anonymity. Maybe you will move ahead and do something in the private credential arena. Brands' patents should work fine for that ... Readers interested in some level of anonymity for the masses should check out Hushmail [hushmail.com] and Zendit [zendit.com] for anonymous, encrypted email services. And the other usual suspects like Anonymizer.com (BAH!). Good luck to Zeroknowledge!

Re:Ian Goldberg, Bruce Schneier & Whitfield Di

[btempleton]

Ian speaks the truth. As much as we would like there to be a market for services like FN, there isn't one. People won't go out of their way to protect their privacy in the face of vague threats or unease. They need a specific threat before they will spend real money on protecting their privacy.

Which is, of course, what the people who invade privacy want.

I'm not surprised FN died, I'm surprised it lasted this long. ZKS got funded for Freedom Network in the heady days of the dotcom boom, when you could find a few VCs who had read Crytonomicon and get them to fork over money on faith. Their new plan, HIPPA compliance software, is a much sounder business proposition.

To get privacy into the network, you have to get it in with literally zero effort. It needs to be built in to the other tools, and considered a checklist feature. Unfortunately, for now, privacy protection is a feature, not a product

Where it goes wrong...

[Chasing Amy]

What makes people question whether the Freedom Network's shutdown is collateral damage from Sept. 11 is not just the uncanny timing, but the exceedingly short notice and the fact that just recently ZKS was promising the rollout of more servers.

The exceedingly short notice is perhaps the most troubling. I'm sorry, but no matter how much you protest that it's unrelated to Sept. 11, most people are not going to believe you. You couldn't reasonably admit folding the network due to Sept. 11, because that would garner a huge backlash from the sort of customers you want to buy your future "privacy" products. That creates a very real motive for denying that the network's shutdown has something to do with Sept. 11.

As it is, you cannibalized your own market by offering the cheap Freedom product without nyms and access to the Freedom Network, anyway. You started trying to target a more mainstream audience--an audience which doesn't know the difference between Freedom the run-of-the-mill "privacy" utility and Freedom with access to the anonymizing network. You should not have given them a choice in the matter, and doing so naturally cannibalized the market for the Premium product--which was the only unique thing your company offered in the first place. There are so many other packages that do the same thing, some by big-name vendors like Norton and McAfee, that you can't reasonably survive very long selling a virtually identical product with the same features but without the name recognition and without the added distribution these products get through inclusion in general-purpose utility syuites such as those offered by both Symantec and McAfee.

I know I'll likely get flamed and modded down for second-guessing this and playing armchair CEO, but the fact is you never should have offered people a cheaper product which the mainstream audience couldn't be expected to reasonably distinguish from your network anonymity enabled product. Your webpages didn't even give a good explanation that "normal" people would understand about why they should buy your more expensive product. Your less expensive option was more appealing to people merely because of the cost difference and the lack of knowledge of the "average" guy.

When it became apparent that you couldn't keep doing things the way you were doing them, what you should have done is drop the cheap option and support only those people also willing to support the Freedom Network-enabled version of the software. To do otherwise is removing the only thing which made you unique, the only thing which distinguished you from Symantec and McAffee and countless smaller companies and freeware offerings. You cannot and will not survive in such an environment with so many competitors, not to mention the people who are pissed at you for dropping the Freedom network to concentrate on Just Another Cookie Management/Firewall/Etc. Suite and who consequently would never buy your "Freedom 3.0" product even though they used to be supporters. I know I don't need Just Another Firewall/Cookie Suite--too many to choose from already, and if Freedom 3.0 is anything like your current "lite" suite lacking the Freedom Network, it's just too "heavy" and resource-intensive an app. I could tolerate that when I got to access the snonymity of the Freedom Network, but without it I'd rather just run ZoneAlarm's free firewall and get my cookie management free with Mozilla.

Good luck. You're going to need it. And I still don't believe this timing has nothing to do with Sept. 11--and if it doesn't, you had a responsibility to give your users more notice, and shame shame shame on you for not doing so.

Re:Ian Goldberg, Bruce Schneier & Whitfield Di

[Zeinfeld]

Bruce is CTO at counterpane. Whit is a Fellow at Sun. Sure they might be on an advisory board, but that type of work is not exactly onerous. ZeroKnowledge has several well known names but they are only 4 or 5 out of the top 100.

It is not unusual for well financed startup companies to crash and burn despite top people. There have been several that have crashed and burned because they had too many. Its the same in crypto, DigiCash and Cybercash both went under, PGP burned through cash so fast it had to be rescued even before the dotcom bubble burst. Baltimore and Entrust are both looking wobbly.

Doesn't sound like it...

[Bilbo]

Obviously, they can blame it on whatever they want, but it sounds like it's a simple matter of economics. They aren't making enough money from subscription services to pay for expenses (servers, etc.), so they are cutting back. They are still selling their personal firewall software.

Never attribute to malice what can be adequately explained by stupidity (or in this case, money).