Article in the NY Times the other day:
http://www.nytimes.com/library/tech/00/05/circuits/articles/18cryp.html
> Can these companies maintain their underground image while engaging in
> the promotion that is required of most new tech companies these days? Can
> they continue to uphold the values of straight talk and consumer trust
> while focusing on profits and working with advertisers? Or, like some
> rock bands, will they be accused of selling out?
Yes, Zero-Knowledge in particular will be accused of selling out, and
here is why.
> Many companies have also published the code that lies behind their
> programs -- open-source code -- so that the programming can be reviewed by
> other technical experts. Among those that have open-source philosophies
> are Hush Communications, Zero-Knowledge, PrivacyX and Network Associates,
> which now owns the P.G.P. software.
That's great. ZKS has an open-source philosophy. Only one problem.
THEY'VE NEVER OPENED THEIR SOURCE.
ZKS has sidestepped the trust issue? They've built technical limitations
into their system so that they don't have to say, "Come trust me"?
Baloney! Without open source, their system is nothing but a black box.
In fact, if anything they are moving in the opposite direction, with their
recent crowing about acquiring restrictive patents on blinding technology.
Patents are anathema to an "open-source philosophy". They exist to limit
the kind of technology sharing that open-source is supposed to promote.
> Zero-Knowledge has swelled to 200 employees; it is building a new office
> in Montreal with a massage room, a cappuccino stand, a rooftop terrace
> and free laundry services (a bonus to computer programmers who come from
> a culture that values smart code over personal hygiene).
ZKS is apparently more interested in spending their investor's money
than in taking the steps necessary to build confidence in their system.
They are getting a free ride from cypherpunks and news writers (like
Wired online and this Times article). Even the use of the awkward
phrase "open-source philosophy" suggests that the author was well aware
of Zero-Knowledge's lapses in this area.
So, yes, there are those who accuse Zero Knowledge of selling out.
With all of their resources, 200 employees, a new office full of luxuries,
no doubt a fearsome burn rate, they obviously can't be bothered to do
what is necessary to make their system more than a "trust me" black box.
And why should they? As long as they continue to get a free ride from
those who ought to be playing the role of watchdogs, they have no reason
to. We see articles like the one in the Times blandly including ZKS among
companies with an open-source philosophy. We see cypherpunks leaping
to their defense, saying that ZKS means well, that their credentials
are good, that we should give them more time.
It is past time for ZKS to take the actions they have long promised.
Instead they are moving in the opposite direction. Let the community
speak up and tell them plainly that rhetoric is no longer enough.
ZKS should at least commit to a timetable for when their source will
be opened. (And not with a zero knowledge commitment.) It is time
for action.
