many believed would make online eavesdropping all but impossible, will
cease to exist October 22nd, the company announced Thursday.
The Montreal-based privacy and security company notified its subscribers
of the change in a curt support notice on the Freedom web
site. The company will continue to supply other privacy tools to
corporations and consumers, however, including personal firewall and
The sudden suspension may have come as a shock, but not a surprise.
Privacy mavens contacted by SecurityFocus said they saw little evidence
that Freedom was being used.
"I get only a few hits from ZKS, but I get only a few hits from
anonymizers of any kind," said John Young, a New York City architect who
operates Cryptome, a site dedicated to airing documents that deal with
the world intelligence community. "What most of us were concerned about
was how long they could keep it up."
ZKS co-founder Austin Hill conceded that Freedom never really took off.
"This was purely a business decision," Hill said. "Initially we got
incredible response for the premium services, but we knew we were dealing
with early adopters. But soon we saw the transfer into the mass market
just didn't carry over. The subscription rates really plunged."
Hill declined to disclose subscriber numbers.
ZKS made a huge splash in the world of privacy-aware netizens when it
announced Freedom in 1998. Back then, the Internet was still riding high.
High, too, was anxiety over unscrupulous governments and corporations
that might monitor Internet users' every click and keystroke. The looming
combination of web cookies, server logs and purchase histories, many
feared, would lead to the compilation not just of what people bought, but
what they wrote, what they read, and every aspect of their online
PRODUCT HAD CYPHERPUNK CREDIBILITY. To some, ZKS' Freedom seemed to be the answer. To prevent others from tying tell-tale data left by PCs back to individuals, Freedom used powerful data-scrambling technology to make that data unreadable, and users virtually untraceable. Customers paid about $50.00 per year for the service.
Adding to the buzz was ZKS' solid cypherpunk pedigree. Company executives
signed up a passil of renowned security experts to design Freedom,
including Ian Goldberg, who first won fame by exposing security flaws in
the Netscape browser. If people like civil libertarian Goldberg and
fellow cryptographer Adam Shostack designed the system, the reasoning
went, it had to be good.
Special servers that resided on the Internet functioned as privileged
gateways for Freedom users. Instead of broadcasting their data to their
ISPs and the rest of the world, PCs with the ZKS software installed talked
only to Freedom servers through a series of specially encrypted packets.
Users could pass their web traffic through one, two or three separate
Freedom servers before landing at the website they wanted to browse. When
their requests touched down at a target site, the server there saw only
that it came from a Freedom user. Because Freedom never left any other
information that could be traced to the user, the target website had no
way of tying, say, a user's numeric IP address to the name he might leave
behind on an order form.
And since the service encrypted traffic as it passed from the user to
Freedom server and back again, would-be eavesdroppers never had a chance
to figure out what John Q. Netizen saw on the net. The Freedom network
would even run traffic through two or three such servers if a user feared
that cyber spies could somehow correlate their web requests to activities
on a given server.
The technology was almost too good to be true, and, some said, too costly
"The business was awfully expensive," said Lance Cottrell, president of
Anonymizer.com, a web-based privacy service that has survived in part
because it does not go to the same lengths -- extreme lengths, some say --
to protect its users.
The Freedom network came with performance costs, in part because it
generated many packets that served only to make snooping on subscribers
more difficult. The proportion of excess traffic declined as more users
signed up, but the system would always use much more bandwidth than the
unprotected Internet did. Many users noticed a visible slowing in their
net connections as a result.
TOO MUCH PRIVACY?. Greg Broiles, a lawyer and cryptographer who advises companies on issues of security and e-commerce, said he didn't think there would ever be enough users to justify the expense of the network. "I just don't see how
it could work," said Broiles. "It makes it hard to get out of bootstrap
The system also required users to operate a separate toolbar.
"It was more than what the market wants," Cottrell said. "We're down to
the point that you download this teeny little button, and you click it on
and you're off. That's it."
Observers said the timing of the announcement -- just weeks after
terrorist attacks in New York, Washington and Pennsylvania -- was sure to
generate conspiracy theories about law-enforcement pressure to kill
anonymity throughout the world.
But even Broiles, a long-time opponent of federal restrictions on privacy
technologies, said anyone who needed the extreme privacy protection
Freedom offered, probably has many more things to worry about.
"I don't imagine there's anyone out there especially interested in knowing
which web pages I have read," said Broiles. "But if I did, I would also
worry about whether they had broken into my house and installed an
(eavesdropping device) on my machine."
"The only people who have to worry about the NSA spending $100,000 to go
after them just aren't the people we want as customers," said
Anonymizer.com's Cottrell. "That's a pretty scary group."
Cryptome's Young wonders how much of a future anonymzing services have
left. Although some privacy-aware people like them, others simply choose
large, national ISPs on the theory that only a formal criminal
investigation will likely divulge what they have been doing. And even
then, he adds, using anonymity services poses risks to people whose best
defense may be simply to blend in.
"Using anonymizers at all raises all sorts of red flags," Young said.
"Most of us now are using things other than anonymizers. Staying on the
move, not using one system for very long, is what I tell people to do." By Will Rodger