Feeds

Zero-Knowledge bags anonymity service

So long and thanks for all the quips

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Zero-Knowledge Systems' Freedom Network, an Internet privacy service that many believed would make on-line eavesdropping all but impossible, will cease to exist 22 October, the company announced Thursday.

The Montreal-based privacy and security company notified its subscribers of the change in a curt support notice on the Freedom Web site. The company will continue to supply other privacy tools to corporations and consumers, however, including personal firewall and e-wallet software.

The sudden suspension may have come as a shock, but not a surprise. Privacy mavens contacted by SecurityFocus said they saw little evidence that Freedom was being used.

"I get only a few hits from ZKS, but I get only a few hits from anonymizers of any kind," said John Young, a New York City architect who operates Cryptome, a site dedicated to airing documents that deal with the world intelligence community. "What most of us were concerned about was how long they could keep it up."

ZKS co-founder Austin Hill conceded that Freedom never really took off.

"This was purely a business decision," Hill said. "Initially we got incredible response for the premium services, but we knew we were dealing with early adopters. But soon we saw the transfer into the mass market just didn't carry over. The subscription rates really plunged."

Hill declined to disclose subscriber numbers.

ZKS made a huge splash in the world of privacy-aware Netizens when it announced Freedom in 1998. Back then, the Internet was still riding high. High, too, was anxiety over unscrupulous governments and corporations that might monitor Internet users' every click and keystroke. The looming combination of Web cookies, server logs and purchase histories, many feared, would lead to the compilation not just of what people bought, but what they wrote, what they read, and every aspect of their on-line identity.

Product had cypherpunk credibility

To some, ZKS' Freedom seemed to be the answer. To prevent others from tying tell-tale data left by PCs back to individuals, Freedom used powerful data-scrambling technology to make that data unreadable, and users virtually untraceable. Customers paid about $50.00 per year for the service.

Adding to the buzz was ZKS' solid cypherpunk pedigree. Company executives signed up a passel of renowned security experts to design Freedom, including Ian Goldberg, who first won fame by exposing security flaws in the Netscape browser. If people like civil libertarian Goldberg and fellow cryptographer Adam Shostack designed the system, the reasoning went, it had to be good.

Special servers that resided on the Internet functioned as privileged gateways for Freedom users. Instead of broadcasting their data to their ISPs and the rest of the world, PCs with the ZKS software installed talked only to Freedom servers through a series of specially encrypted packets.

Users could pass their Web traffic through one, two or three separate Freedom servers before landing at the Web site they wanted to browse. When their requests touched down at a target site, the server there saw only that it came from a Freedom user. Because Freedom never left any other information that could be traced to the user, the target Web site had no way of tying, say, a user's numeric IP address to the name he might leave behind on an order form.

And since the service encrypted traffic as it passed from the user to Freedom server and back again, would-be eavesdroppers never had a chance to figure out what John Q. Netizen saw on the Web. The Freedom network would even run traffic through two or three such servers if a user feared that cyber spies could somehow correlate their Web requests to activities on a given server.

The technology was almost too good to be true, and, some said, too costly to last.

"The business was awfully expensive," said Lance Cottrell, president of Anonymizer.com, a Web-based privacy service that has survived in part because it does not go to the same lengths -- extreme lengths, some say -- to protect its users.

The Freedom network came with performance costs, in part because it generated many packets that served only to make snooping on subscribers more difficult. The proportion of excess traffic declined as more users signed up, but the system would always use much more bandwidth than the unprotected Internet did. Many users noticed a visible slowing in their Net connections as a result.

Too much privacy?
Greg Broiles, a lawyer and cryptographer who advises companies on issues of security and e-commerce, said he didn't think there would ever be enough users to justify the expense of the network. "I just don't see how it could work," said Broiles. "It makes it hard to get out of bootstrap mode."

The system also required users to operate a separate toolbar.

"It was more than what the market wants," Cottrell said. "We're down to the point that you download this teeny little button, and you click it on and you're off. That's it."

Observers said the timing of the announcement -- just weeks after terrorist attacks in New York, Washington and Pennsylvania -- was sure to generate conspiracy theories about law-enforcement pressure to kill anonymity throughout the world.

But even Broiles, a long-time opponent of federal restrictions on privacy technologies, said anyone who needed the extreme privacy protection Freedom offered, probably has many more things to worry about.

"I don't imagine there's anyone out there especially interested in knowing which Web pages I have read," said Broiles. "But if I did, I would also worry about whether they had broken into my house and installed an (eavesdropping device) on my machine."

"The only people who have to worry about the NSA spending $100,000 to go after them just aren't the people we want as customers," said Anonymizer.com's Cottrell. "That's a pretty scary group."

Cryptome's Young wonders how much of a future anonymzing services have left. Although some privacy-aware people like them, others simply choose large, national ISPs on the theory that only a formal criminal investigation will likely divulge what they have been doing. And even then, he adds, using anonymity services poses risks to people whose best defense may be simply to blend in.

"Using anonymizers at all raises all sorts of red flags," Young said. "Most of us now are using things other than anonymizers. Staying on the move, not using one system for very long, is what I tell people to do."

© 2001 SecurityFocus.com, all rights reserved.

Beginner's guide to SSL certificates

More from The Register

next story
Docker's app containers are coming to Windows Server, says Microsoft
MS chases app deployment speeds already enjoyed by Linux devs
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
'Urika': Cray unveils new 1,500-core big data crunching monster
6TB of DRAM, 38TB of SSD flash and 120TB of disk storage
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
SDI wars: WTF is software defined infrastructure?
This time we play for ALL the marbles
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
Oracle hires former SAP exec for cloudy push
'We know Larry said cloud was gibberish, and insane, and idiotic, but...'
Symantec backs out of Backup Exec: Plans to can appliance in Jan
Will still provide support to existing customers
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.