Technology

Zero-Knowledge to Close Anonymity Service


Zero-Knowledge Systems' Freedom network, an Internet privacy service that

many believed would make online eavesdropping all but impossible, will

cease to exist October 22nd, the company announced Thursday.

The Montreal-based privacy and security company notified its subscribers

of the change in a curt support notice on the Freedom web

site. The company will continue to supply other privacy tools to

corporations and consumers, however, including personal firewall and

e-wallet software.

The sudden suspension may have come as a shock, but not a surprise.

Privacy mavens contacted by SecurityFocus said they saw little evidence

that Freedom was being used.

"I get only a few hits from ZKS, but I get only a few hits from

anonymizers of any kind," said John Young, a New York City architect who

operates Cryptome, a site dedicated to airing documents that deal with

the world intelligence community. "What most of us were concerned about

was how long they could keep it up."

ZKS co-founder Austin Hill conceded that Freedom never really took off.

"This was purely a business decision," Hill said. "Initially we got

incredible response for the premium services, but we knew we were dealing

with early adopters. But soon we saw the transfer into the mass market

just didn't carry over. The subscription rates really plunged."

Hill declined to disclose subscriber numbers.

ZKS made a huge splash in the world of privacy-aware netizens when it

announced Freedom in 1998. Back then, the Internet was still riding high.

High, too, was anxiety over unscrupulous governments and corporations

that might monitor Internet users' every click and keystroke. The looming

combination of web cookies, server logs and purchase histories, many

feared, would lead to the compilation not just of what people bought, but

what they wrote, what they read, and every aspect of their online

identity.

PRODUCT HAD CYPHERPUNK CREDIBILITY. To some, ZKS' Freedom seemed to be the answer. To prevent others from tying tell-tale data left by PCs back to individuals, Freedom used powerful data-scrambling technology to make that data unreadable, and users virtually untraceable. Customers paid about $50.00 per year for the service.

Adding to the buzz was ZKS' solid cypherpunk pedigree. Company executives

signed up a passil of renowned security experts to design Freedom,

including Ian Goldberg, who first won fame by exposing security flaws in

the Netscape browser. If people like civil libertarian Goldberg and

fellow cryptographer Adam Shostack designed the system, the reasoning

went, it had to be good.

Special servers that resided on the Internet functioned as privileged

gateways for Freedom users. Instead of broadcasting their data to their

ISPs and the rest of the world, PCs with the ZKS software installed talked

only to Freedom servers through a series of specially encrypted packets.

Users could pass their web traffic through one, two or three separate

Freedom servers before landing at the website they wanted to browse. When

their requests touched down at a target site, the server there saw only

that it came from a Freedom user. Because Freedom never left any other

information that could be traced to the user, the target website had no

way of tying, say, a user's numeric IP address to the name he might leave

behind on an order form.

And since the service encrypted traffic as it passed from the user to

Freedom server and back again, would-be eavesdroppers never had a chance

to figure out what John Q. Netizen saw on the net. The Freedom network

would even run traffic through two or three such servers if a user feared

that cyber spies could somehow correlate their web requests to activities

on a given server.

The technology was almost too good to be true, and, some said, too costly

to last.

"The business was awfully expensive," said Lance Cottrell, president of

Anonymizer.com, a web-based privacy service that has survived in part

because it does not go to the same lengths -- extreme lengths, some say --

to protect its users.

The Freedom network came with performance costs, in part because it

generated many packets that served only to make snooping on subscribers

more difficult. The proportion of excess traffic declined as more users

signed up, but the system would always use much more bandwidth than the

unprotected Internet did. Many users noticed a visible slowing in their

net connections as a result.

TOO MUCH PRIVACY?. Greg Broiles, a lawyer and cryptographer who advises companies on issues of security and e-commerce, said he didn't think there would ever be enough users to justify the expense of the network. "I just don't see how

it could work," said Broiles. "It makes it hard to get out of bootstrap

mode."

The system also required users to operate a separate toolbar.

"It was more than what the market wants," Cottrell said. "We're down to

the point that you download this teeny little button, and you click it on

and you're off. That's it."

Observers said the timing of the announcement -- just weeks after

terrorist attacks in New York, Washington and Pennsylvania -- was sure to

generate conspiracy theories about law-enforcement pressure to kill

anonymity throughout the world.

But even Broiles, a long-time opponent of federal restrictions on privacy

technologies, said anyone who needed the extreme privacy protection

Freedom offered, probably has many more things to worry about.

"I don't imagine there's anyone out there especially interested in knowing

which web pages I have read," said Broiles. "But if I did, I would also

worry about whether they had broken into my house and installed an

(eavesdropping device) on my machine."

"The only people who have to worry about the NSA spending $100,000 to go

after them just aren't the people we want as customers," said

Anonymizer.com's Cottrell. "That's a pretty scary group."

Cryptome's Young wonders how much of a future anonymzing services have

left. Although some privacy-aware people like them, others simply choose

large, national ISPs on the theory that only a formal criminal

investigation will likely divulge what they have been doing. And even

then, he adds, using anonymity services poses risks to people whose best

defense may be simply to blend in.

"Using anonymizers at all raises all sorts of red flags," Young said.

"Most of us now are using things other than anonymizers. Staying on the

move, not using one system for very long, is what I tell people to do." By Will Rodger


We Almost Lost the Nasdaq
LIMITED-TIME OFFER SUBSCRIBE NOW

(enter your email)
(enter up to 5 email addresses, separated by commas)

Max 250 characters

Sponsored Links

Buy a link now!

 
blog comments powered by Disqus