-Caveat Lector-
http://www.theregister.co.uk/content/5/22056.html
Zero-Knowledge bags anonymity service
By Will Roger
Posted: 05/10/2001 at 06:15 GMT
Zero-Knowledge Systems' Freedom Network, an Internet privacy service that
many believed would make on-line eavesdropping all but impossible, will
cease to exist 22 October, the company announced Thursday.
The Montreal-based privacy and security company notified its subscribers of
the change in a curt support notice on the Freedom Web site. The company
will continue to supply other privacy tools to corporations and consumers,
however, including personal firewall and e-wallet software.
The sudden suspension may have come as a shock, but not a surprise. Privacy
mavens contacted by SecurityFocus said they saw little evidence that
Freedom was being used.
"I get only a few hits from ZKS, but I get only a few hits from anonymizers
of any kind," said John Young, a New York City architect who operates
Cryptome, a site dedicated to airing documents that deal with the world
intelligence community. "What most of us were concerned about was how long
they could keep it up."
ZKS co-founder Austin Hill conceded that Freedom never really took off.
"This was purely a business decision," Hill said. "Initially we got
incredible response for the premium services, but we knew we were dealing
with early adopters. But soon we saw the transfer into the mass market just
didn't carry over. The subscription rates really plunged."
Hill declined to disclose subscriber numbers.
ZKS made a huge splash in the world of privacy-aware Netizens when it
announced Freedom in 1998. Back then, the Internet was still riding high.
High, too, was anxiety over unscrupulous governments and corporations that
might monitor Internet users' every click and keystroke. The looming
combination of Web cookies, server logs and purchase histories, many
feared, would lead to the compilation not just of what people bought, but
what they wrote, what they read, and every aspect of their on-line
identity.
Product had cypherpunk credibility To some, ZKS' Freedom seemed to be the
answer. To prevent others from tying tell-tale data left by PCs back to
individuals, Freedom used powerful data-scrambling technology to make that
data unreadable, and users virtually untraceable. Customers paid about
$50.00 per year for the service.
Adding to the buzz was ZKS' solid cypherpunk pedigree. Company executives
signed up a passel of renowned security experts to design Freedom,
including Ian Goldberg, who first won fame by exposing security flaws in
the Netscape browser. If people like civil libertarian Goldberg and fellow
cryptographer Adam Shostack designed the system, the reasoning went, it had
to be good.
Special servers that resided on the Internet functioned as privileged
gateways for Freedom users. Instead of broadcasting their data to their
ISPs and the rest of the world, PCs with the ZKS software installed talked
only to Freedom servers through a series of specially encrypted packets.
Users could pass their Web traffic through one, two or three separate
Freedom servers before landing at the Web site they wanted to browse. When
their requests touched down at a target site, the server there saw only
that it came from a Freedom user. Because Freedom never left any other
information that could be traced to the user, the target Web site had no
way of tying, say, a user's numeric IP address to the name he might leave
behind on an order form.
And since the service encrypted traffic as it passed from the user to
Freedom server and back again, would-be eavesdroppers never had a chance to
figure out what John Q. Netizen saw on the Web. The Freedom network would
even run traffic through two or three such servers if a user feared that
cyber spies could somehow correlate their Web requests to activities on a
given server.
The technology was almost too good to be true, and, some said, too costly
to last.
"The business was awfully expensive," said Lance Cottrell, president of
Anonymizer.com, a Web-based privacy service that has survived in part
because it does not go to the same lengths -- extreme lengths, some say --
to protect its users.
The Freedom network came with performance costs, in part because it
generated many packets that served only to make snooping on subscribers
more difficult. The proportion of excess traffic declined as more users
signed up, but the system would always use much more bandwidth than the
unprotected Internet did. Many users noticed a visible slowing in their Net
connections as a result.
Too much privacy? Greg Broiles, a lawyer and cryptographer who advises
companies on issues of security and e-commerce, said he didn't think there
would ever be enough users to justify the expense of the network. "I just
don't see how it could work," said Broiles. "It makes it hard to get out of
bootstrap mode."
The system also required users to operate a separate toolbar.
"It was more than what the market wants," Cottrell said. "We're down to the
point that you download this teeny little button, and you click it on and
you're off. That's it."
Observers said the timing of the announcement -- just weeks after terrorist
attacks in New York, Washington and Pennsylvania -- was sure to generate
conspiracy theories about law-enforcement pressure to kill anonymity
throughout the world.
But even Broiles, a long-time opponent of federal restrictions on privacy
technologies, said anyone who needed the extreme privacy protection Freedom
offered, probably has many more things to worry about.
"I don't imagine there's anyone out there especially interested in knowing
which Web pages I have read," said Broiles. "But if I did, I would also
worry about whether they had broken into my house and installed an
(eavesdropping device) on my machine."
"The only people who have to worry about the NSA spending $100,000 to go
after them just aren't the people we want as customers," said
Anonymizer.com's Cottrell. "That's a pretty scary group."
Cryptome's Young wonders how much of a future anonymzing services have
left.
Although some privacy-aware people like them, others simply choose large,
national ISPs on the theory that only a formal criminal investigation will
likely divulge what they have been doing. And even then, he adds, using
anonymity services poses risks to people whose best defense may be simply
to blend in.
"Using anonymizers at all raises all sorts of red flags," Young said. "Most
of us now are using things other than anonymizers. Staying on the move, not
using one system for very long, is what I tell people to do."
C 2001 SecurityFocus.com, all rights reserved.
================================================================
Kadosh, Kadosh, Kadosh, YHVH, TZEVAOT
FROM THE DESK OF:
*Michael Spitzer* <[EMAIL PROTECTED]>
The Best Way To Destroy Enemies Is To Change Them To Friends
================================================================
<A HREF="http://www.ctrl.org/";>www.ctrl.org</A>
DECLARATION & DISCLAIMER
==========
CTRL is a discussion & informational exchange list. Proselytizing propagandic
screeds are unwelcomed. Substance—not soap-boxing—please! These are
sordid matters and 'conspiracy theory'—with its many half-truths, mis-
directions and outright frauds—is used politically by different groups with
major and minor effects spread throughout the spectrum of time and thought.
That being said, CTRLgives no endorsement to the validity of posts, and
always suggests to readers; be wary of what you read. CTRL gives no
credence to Holocaust denial and nazi's need not apply.
Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://peach.ease.lsoft.com/archives/ctrl.html
<A HREF="http://peach.ease.lsoft.com/archives/ctrl.html";>Archives of
[EMAIL PROTECTED]</A>
http:[EMAIL PROTECTED]/
<A HREF="http:[EMAIL PROTECTED]/";>ctrl</A>
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]
To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]
Om
