Zero-Knowledge bags anonymity service

So long and thanks for all the quips

  • alert
  • submit to reddit

HP ProLiant Gen8: Integrated lifecycle automation

Zero-Knowledge Systems' Freedom Network, an Internet privacy service that many believed would make on-line eavesdropping all but impossible, will cease to exist 22 October, the company announced Thursday.

The Montreal-based privacy and security company notified its subscribers of the change in a curt support notice on the Freedom Web site. The company will continue to supply other privacy tools to corporations and consumers, however, including personal firewall and e-wallet software.

The sudden suspension may have come as a shock, but not a surprise. Privacy mavens contacted by SecurityFocus said they saw little evidence that Freedom was being used.

"I get only a few hits from ZKS, but I get only a few hits from anonymizers of any kind," said John Young, a New York City architect who operates Cryptome, a site dedicated to airing documents that deal with the world intelligence community. "What most of us were concerned about was how long they could keep it up."

ZKS co-founder Austin Hill conceded that Freedom never really took off.

"This was purely a business decision," Hill said. "Initially we got incredible response for the premium services, but we knew we were dealing with early adopters. But soon we saw the transfer into the mass market just didn't carry over. The subscription rates really plunged."

Hill declined to disclose subscriber numbers.

ZKS made a huge splash in the world of privacy-aware Netizens when it announced Freedom in 1998. Back then, the Internet was still riding high. High, too, was anxiety over unscrupulous governments and corporations that might monitor Internet users' every click and keystroke. The looming combination of Web cookies, server logs and purchase histories, many feared, would lead to the compilation not just of what people bought, but what they wrote, what they read, and every aspect of their on-line identity.

Product had cypherpunk credibility

To some, ZKS' Freedom seemed to be the answer. To prevent others from tying tell-tale data left by PCs back to individuals, Freedom used powerful data-scrambling technology to make that data unreadable, and users virtually untraceable. Customers paid about $50.00 per year for the service.

Adding to the buzz was ZKS' solid cypherpunk pedigree. Company executives signed up a passel of renowned security experts to design Freedom, including Ian Goldberg, who first won fame by exposing security flaws in the Netscape browser. If people like civil libertarian Goldberg and fellow cryptographer Adam Shostack designed the system, the reasoning went, it had to be good.

Special servers that resided on the Internet functioned as privileged gateways for Freedom users. Instead of broadcasting their data to their ISPs and the rest of the world, PCs with the ZKS software installed talked only to Freedom servers through a series of specially encrypted packets.

Users could pass their Web traffic through one, two or three separate Freedom servers before landing at the Web site they wanted to browse. When their requests touched down at a target site, the server there saw only that it came from a Freedom user. Because Freedom never left any other information that could be traced to the user, the target Web site had no way of tying, say, a user's numeric IP address to the name he might leave behind on an order form.

And since the service encrypted traffic as it passed from the user to Freedom server and back again, would-be eavesdroppers never had a chance to figure out what John Q. Netizen saw on the Web. The Freedom network would even run traffic through two or three such servers if a user feared that cyber spies could somehow correlate their Web requests to activities on a given server.

The technology was almost too good to be true, and, some said, too costly to last.

"The business was awfully expensive," said Lance Cottrell, president of Anonymizer.com, a Web-based privacy service that has survived in part because it does not go to the same lengths -- extreme lengths, some say -- to protect its users.

The Freedom network came with performance costs, in part because it generated many packets that served only to make snooping on subscribers more difficult. The proportion of excess traffic declined as more users signed up, but the system would always use much more bandwidth than the unprotected Internet did. Many users noticed a visible slowing in their Net connections as a result.

Too much privacy?
Greg Broiles, a lawyer and cryptographer who advises companies on issues of security and e-commerce, said he didn't think there would ever be enough users to justify the expense of the network. "I just don't see how it could work," said Broiles. "It makes it hard to get out of bootstrap mode."

The system also required users to operate a separate toolbar.

"It was more than what the market wants," Cottrell said. "We're down to the point that you download this teeny little button, and you click it on and you're off. That's it."

Observers said the timing of the announcement -- just weeks after terrorist attacks in New York, Washington and Pennsylvania -- was sure to generate conspiracy theories about law-enforcement pressure to kill anonymity throughout the world.

But even Broiles, a long-time opponent of federal restrictions on privacy technologies, said anyone who needed the extreme privacy protection Freedom offered, probably has many more things to worry about.

"I don't imagine there's anyone out there especially interested in knowing which Web pages I have read," said Broiles. "But if I did, I would also worry about whether they had broken into my house and installed an (eavesdropping device) on my machine."

"The only people who have to worry about the NSA spending $100,000 to go after them just aren't the people we want as customers," said Anonymizer.com's Cottrell. "That's a pretty scary group."

Cryptome's Young wonders how much of a future anonymzing services have left. Although some privacy-aware people like them, others simply choose large, national ISPs on the theory that only a formal criminal investigation will likely divulge what they have been doing. And even then, he adds, using anonymity services poses risks to people whose best defense may be simply to blend in.

"Using anonymizers at all raises all sorts of red flags," Young said. "Most of us now are using things other than anonymizers. Staying on the move, not using one system for very long, is what I tell people to do."

© 2001 SecurityFocus.com, all rights reserved.

Reducing security risks from open source software

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
BlackBerry: Toss the server, mate... BES is in the CLOUD now
BlackBerry Enterprise Services takes aim at SMEs - but there's a catch
The triumph of VVOL: Everyone's jumping into bed with VMware
'Bandwagon'? Yes, we're on it and so what, say big dogs
Carbon tax repeal won't see data centre operators cut prices
Rackspace says electricity isn't a major cost, Equinix promises 'no levy'
prev story


Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.