Lucky, you offer some interesting challenges and questions. I'm going
to focus on getting the whitepapers and security analysis finished and
published before responding in depth, because I think that its more
useful to have this conversation with all the issues on the table.
Adam
On Tue, Nov 16, 1999 at 12:26:53AM -0800, Lucky Green wrote:
| Anon wrote:
| > The information that "traffic shaping" (link padding?) will be
| > turned off in the initial release is especially disappointing.
| > Without this technology Freedom provides little more privacy than
| > anonymizer.com, or one of the hundreds of free web proxies listed at
| > http://www.ijs.co.nz/proxies.htm and http://proxys4all.cgi.net/.
| >
| > No doubt the same cypherpunks who make excuses for ZKS's lack of open
| > source because of potential protocol instability (when they are already
| > issuing Release Candidate versions!) will explain why the absence of
| > link padding is nothing to worry about. It will be interesting to see
| > how long ZKS continues to get a free pass from cypherpunks.
|
| I wouldn't fully agree that ZKS received a free pass from Cypherpunks, but I
| readily admit that ZKS received a "presumption of security absent final
| specs and evidence to the contrary" due to the fact that Ian Goldberg is
| their Chief Scientist. Ian, unlike all but a few, is certainly capable of
| designing a secure anon IP system and has built up the impeccable personal
| credentials to not ever have given anyone even a hint of doubt that anything
| with Ian's name on it is anything but secure. Therefore, Freedom received
| the benefit of the doubt. This was a reasonable course of action to take at
| the time.
|
| However, I must agree with Anon that the time for doubt is over. Freedom's
| present pseudonymous email system is massively insecure and subject to
| compromise by even a moderately competent script-kiddy attacker. Freedom
| email nyms allow for easy confirmation of the identity of a suspected nym
| user. This attack does not require the powers of the NSA, but can be
| accomplished by the average Bugtraq or Cypherpunks reader. At present, the
| use of Freedom nym email for anything significantly more sensitive than you
| would find comfortable discussing via your Hotmail account must be
| discouraged. I want a secure infrastructure as much, probably more so, than
| the next guy and therefore don't relish these findings. But undeniably,
| given the facts, these findings are the truth.
|
| Unfortunately, Freedom security holes do not stop there. Freedom, as a
| feature, does not provide for anonymous IP. It provides for pseudonymous IP.
| The exit node (AIP) knows the nym of the user making an outgoing connection.
| If this user has been so unfortunate as to have set up a reply block, as the
| default sign-up script will prompt him to do, he too will fall to the same
| attack Freedom email nyms are subject to.
|
| Now one may assert that the thread model for most users is not a corrupted
| Freedom server, but a corrupted target host. Sure, Raytheon may first
| subpoena Yahoo, but they will just as quickly subpoena the exit hop you
| chose in Freedom to access Yahoo. This task completed, they will know your
| Freedom nym. All that's left to do is a trivial attack against your POP
| server and your identity has been revealed. Your sole prayer for maintaining
| privacy is that your opponent will only resort to subpoenas, not hacks.
| YMMV, but I wouldn't want to bet any significant amount of money on the
| rigidity of this thin piece of straw.
|
| Sadly, the core architecture of the Freedom IP network as presently fielded
| appears to be insecure even disregarding the fatal email nym-based attacks.
| Absent link padding, an attacker with access to your modem link, your ISP's
| router, or you ISP's Postmaster (that is to say any attacker that bothers to
| subscribe to Bugtraq or knows how to access http://www.rootshell.com) will
| be able to correlate your activities to those of your Freedom nym.
|
| At this point, it seems that the best we can hope with respect to Freedom
| security is for ZKS to fix the truck-size security holes by version 1.1 and
| that nobody with any sensitive information will use Freedom until that time.
|
| --Lucky Green <[EMAIL PROTECTED]>
|
| "Among the many misdeeds of British rule in India, history will look
| upon the Act depriving a whole nation of arms as the blackest."
| - Mohandas K. Gandhi, An Autobiography, pg 446
| http://www.citizensofamerica.org/missing.ram
|
--
Resistance is futile! http://jobs.zeroknowledge.com
