Zero-Knowledge bags anonymity service

So long and thanks for all the quips


Zero-Knowledge Systems' Freedom Network, an Internet privacy service that many believed would make on-line eavesdropping all but impossible, will cease to exist 22 October, the company announced Thursday.

The Montreal-based privacy and security company notified its subscribers of the change in a curt support notice on the Freedom Web site. The company will continue to supply other privacy tools to corporations and consumers, however, including personal firewall and e-wallet software.

The sudden suspension may have come as a shock, but not a surprise. Privacy mavens contacted by SecurityFocus said they saw little evidence that Freedom was being used.

"I get only a few hits from ZKS, but I get only a few hits from anonymizers of any kind," said John Young, a New York City architect who operates Cryptome, a site dedicated to airing documents that deal with the world intelligence community. "What most of us were concerned about was how long they could keep it up."

ZKS co-founder Austin Hill conceded that Freedom never really took off.

"This was purely a business decision," Hill said. "Initially we got incredible response for the premium services, but we knew we were dealing with early adopters. But soon we saw the transfer into the mass market just didn't carry over. The subscription rates really plunged."

Hill declined to disclose subscriber numbers.

ZKS made a huge splash in the world of privacy-aware Netizens when it announced Freedom in 1998. Back then, the Internet was still riding high. High, too, was anxiety over unscrupulous governments and corporations that might monitor Internet users' every click and keystroke. The looming combination of Web cookies, server logs and purchase histories, many feared, would lead to the compilation not just of what people bought, but what they wrote, what they read, and every aspect of their on-line identity.

Product had cypherpunk credibility

To some, ZKS' Freedom seemed to be the answer. To prevent others from tying tell-tale data left by PCs back to individuals, Freedom used powerful data-scrambling technology to make that data unreadable, and users virtually untraceable. Customers paid about $50.00 per year for the service.

Adding to the buzz was ZKS' solid cypherpunk pedigree. Company executives signed up a passel of renowned security experts to design Freedom, including Ian Goldberg, who first won fame by exposing security flaws in the Netscape browser. If people like civil libertarian Goldberg and fellow cryptographer Adam Shostack designed the system, the reasoning went, it had to be good.

Special servers that resided on the Internet functioned as privileged gateways for Freedom users. Instead of broadcasting their data to their ISPs and the rest of the world, PCs with the ZKS software installed talked only to Freedom servers through a series of specially encrypted packets.

Users could pass their Web traffic through one, two or three separate Freedom servers before landing at the Web site they wanted to browse. When their requests touched down at a target site, the server there saw only that it came from a Freedom user. Because Freedom never left any other information that could be traced to the user, the target Web site had no way of tying, say, a user's numeric IP address to the name he might leave behind on an order form.

And since the service encrypted traffic as it passed from the user to Freedom server and back again, would-be eavesdroppers never had a chance to figure out what John Q. Netizen saw on the Web. The Freedom network would even run traffic through two or three such servers if a user feared that cyber spies could somehow correlate their Web requests to activities on a given server.

The technology was almost too good to be true, and, some said, too costly to last.

"The business was awfully expensive," said Lance Cottrell, president of Anonymizer.com, a Web-based privacy service that has survived in part because it does not go to the same lengths -- extreme lengths, some say -- to protect its users.

The Freedom network came with performance costs, in part because it generated many packets that served only to make snooping on subscribers more difficult. The proportion of excess traffic declined as more users signed up, but the system would always use much more bandwidth than the unprotected Internet did. Many users noticed a visible slowing in their Net connections as a result.

Too much privacy?
Greg Broiles, a lawyer and cryptographer who advises companies on issues of security and e-commerce, said he didn't think there would ever be enough users to justify the expense of the network. "I just don't see how it could work," said Broiles. "It makes it hard to get out of bootstrap mode."

The system also required users to operate a separate toolbar.

"It was more than what the market wants," Cottrell said. "We're down to the point that you download this teeny little button, and you click it on and you're off. That's it."

Observers said the timing of the announcement -- just weeks after terrorist attacks in New York, Washington and Pennsylvania -- was sure to generate conspiracy theories about law-enforcement pressure to kill anonymity throughout the world.

But even Broiles, a long-time opponent of federal restrictions on privacy technologies, said anyone who needed the extreme privacy protection Freedom offered, probably has many more things to worry about.

"I don't imagine there's anyone out there especially interested in knowing which Web pages I have read," said Broiles. "But if I did, I would also worry about whether they had broken into my house and installed an (eavesdropping device) on my machine."

"The only people who have to worry about the NSA spending $100,000 to go after them just aren't the people we want as customers," said Anonymizer.com's Cottrell. "That's a pretty scary group."

Cryptome's Young wonders how much of a future anonymzing services have left. Although some privacy-aware people like them, others simply choose large, national ISPs on the theory that only a formal criminal investigation will likely divulge what they have been doing. And even then, he adds, using anonymity services poses risks to people whose best defense may be simply to blend in.

"Using anonymizers at all raises all sorts of red flags," Young said. "Most of us now are using things other than anonymizers. Staying on the move, not using one system for very long, is what I tell people to do."

© 2001 SecurityFocus.com, all rights reserved.


Other stories you might like

  • Share your experience: How does your organization introduce new systems?

    The answer is rarely obvious. Take part in our short poll and we'll find out together

    Reg Reader Survey The introduction of new systems into an organization is essential. If we stay still, if we continue to rely on legacy systems, if we fail to innovate – well, we (or, in reality, the company) will die. As business guru Sir John Harvey-Jones once put it: “If you are doing things the same way as two years ago, you are almost certainly doing them wrong.”

    But who should lead innovation in our companies? Who should be introducing new systems? The answer is not obvious.

    On one hand, the introduction of new systems into the business should be led by the business. In principle, the people doing the work, dealing with the suppliers, selling to the customers, are best placed to be standing up and saying: “We need the system to do X,” whether their motivation be to reduce cost, increase revenues, make products more efficiently, or even bolster our environmental credentials.

    Continue reading
  • These Rapoo webcams won't blow your mind, but they also won't break the bank

    And they're almost certainly better than a laptop jowel-cam

    Review It has been a long 20 months since Lockdown 1.0, and despite the best efforts of Google and Zoom et al to filter out the worst effects of built-in laptop webcams, a replacement might be in order for the long haul ahead.

    With this in mind, El Reg's intrepid reviews desk looked at a pair of inexpensive Rapoo webcams in search for an alternative to the horror of our Dell XPS nose-cam.

    Rapoo sent us its higher-end XW2K, a 2K 30fps device and, at the other end of the scale, the 720p XW170. Neither will break the bank, coming in at around £40 and £25 respectively from online retailers, but do include some handy features, such as autofocus and a noise cancelling microphone.

    Continue reading
  • It's one thing to have the world in your hands – what are you going to do with it?

    Google won the patent battle against ART+COM, but we were left with little more than a toy

    Column I used to think technology could change the world. Google's vision is different: it just wants you to sort of play with the world. That's fun, but it's not as powerful as it could be.

    Despite the fact that it often gives me a stomach-churning sense of motion sickness, I've been spending quite a bit of time lately fully immersed in Google Earth VR. Pop down inside a major city centre – Sydney, San Francisco or London – and the intense data-gathering work performed by Google's global fleet of scanning vehicles shows up in eye-popping detail.

    Buildings are rendered photorealistically, using the mathematics of photogrammetry to extrude three-dimensional solids from multiple two-dimensional images. Trees resolve across successive passes from childlike lollipops into complex textured forms. Yet what should feel absolutely real seems exactly the opposite – leaving me cold, as though I've stumbled onto a global-scale miniature train set, built by someone with too much time on their hands. What good is it, really?

    Continue reading
  • Why Cloud First should not have to mean Cloud Everywhere

    HPE urges 'consciously hybrid' strategy for UK public sector

    Sponsored In 2013, the UK government heralded Cloud First, a ground-breaking strategy to drive cloud adoption across the public sector. Eight years on, and much of UK public sector IT still runs on-premises - and all too often - on obsolete technologies.

    Today the government‘s message boils down to “cloud first, if you can” - perhaps in recognition that modernising complex legacy systems is hard. But in the private sector today, enterprises are typically mixing and matching cloud and on-premises infrastructure, according to the best business fit for their needs.

    The UK government should also adopt a “consciously hybrid” approach, according to HPE, The global technology company is calling for the entire IT industry to step up so that the public sector can modernise where needed and keep up with innovation: “We’re calling for a collective IT industry response to the problem,” says Russell MacDonald, HPE strategic advisor to the public sector.

    Continue reading
  • A Raspberry Pi HAT for the Lego Technic fan

    Sneaking in programming under the guise of plastic bricks

    There is good news for the intersection of Lego and Raspberry Pi fans today, as a new HAT (the delightfully named Hardware Attached on Top) will be unveiled for the diminutive computer to control Technic motors and sensors.

    Continue reading
  • Reg scribe spends week being watched by government Bluetooth wristband, emerges to more surveillance

    Home quarantine week was the price for an overseas trip, ongoing observation is the price of COVID-19

    Feature My family and I recently returned to Singapore after an overseas trip that, for the first time in over a year, did not require the ordeal of two weeks of quarantine in a hotel room.

    Instead, returning travelers are required to stay at home, wear a government-issued tracking device, and stay within range of a government-issued Bluetooth beacon at all times for a week … or else. No visitors are allowed and only a medical emergency is a ticket out. But that sounded easy compared to the hotel quarantine we endured in 2020.

    Continue reading
  • Intel teases 'software-defined silicon' with Linux kernel contribution – and won't say why

    It might enable activation of entirely new features on existing Xeon CPUs … or, you know, not

    Intel has teased a new tech it calls "Software Defined Silicon" (SDSi) but is saying almost nothing about it – and has told The Register it could amount to nothing.

    SDSi popped up around three weeks ago in a post to the Linux Kernel mailing list, in which an Intel Linux software engineer named David Box described it as "a post-manufacturing mechanism for activating additional silicon features".

    "Features are enabled through a license activation process," he wrote. "The SDSi driver provides a per-socket, ioctl interface for applications to perform three main provisioning functions." Those provisioning functions are:

    Continue reading
  • Chip manufacturers are going back to the future for automotive silicon

    Where we're going, we don't need 5nm

    Analysis Cars are gaining momentum as computers on wheels, though chip manufacturers' auto focus isn't on making components using the latest and greatest fabrication nodes.

    Instead, companies that include Taiwan Semiconductor Manufacturing Co and Globalfoundries are turning back the clock and investing billions in factories that use older manufacturing techniques to make chips for vehicles.

    The rapid digitization and electrification of cars has created a giant demand for smaller, more power-efficient auto chips, said Jim McGregor, principal analyst at Tirias Research. He added that cars don't necessarily need the latest manufacturing processes, though, and many are still using analog-based components for various functions.

    Continue reading

Biting the hand that feeds IT © 1998–2021