This approach might make a good test for ZeroKnowledge resistance to
hmmm. Three comments about zeroknowledge's anonymous e-mail (the conclusion is 'so what'?): 1. do they understand networks? ZK seems to implement the right kind of encryption (ian goldberg is good at that, we assume this from his history, [btw has he actually performed cryptanalysis in live environments?]); I don't know who's designing the network, do you? Does zk traffic traverse public networks (via VPN or otherwise)? Do these networks collect packet data (to, say, analyse attacks)? Do they stagger packet transmissions to confuse origin and destination? Do they only broadcast real data and no masking data? And if they properly conceal data how well do they scale? With all the encryption of traffic, etc. ZK's adoption by isps, etc. etc. is a scalability question. 2. is their e-mail system really anonymous? if i were a known bad actor, le might be capturing data from my pc or my isp or my phone company directly. why bother worming through zk networks? oh, and if someone could respond to you via your anonymous zk e-mail address, isn't that an instantaneous-tag-the-sender tool for le? Gee, let's see the recipe for this...serve zk a search warrant, map zk address 'A' to e-mail address 'B' and there you have it: easier than instant jello pudding. Nice system for anonymizing traffic to companies, bad system if you're trying to get away with something you shouldn't. 3. questionable adoption of anonymous e-mail. zk is in what's known in the finance world as a 'land grab'...move as many people as possible into your turf, shutting down the competition, then upsell your customers later. but zk doesn't have the cash to market anonymous e-mail to consumers directly (most of whom don't care about this feature anyway)...and i can't think of a reasonable business justification for a company to use such a service. so i'll go out on a limb and predict now that anonymous email is going to be nearly impossible for them to sell to more than 1/2 of 1% of the world. plus would you want to receive anonymous e-mail? i prefer filtering my e-mail based on sender. though i suppose one could send a pgp key along with the message, but that's as good as an id as you can get (better than actual e-mail address i'd say). 4. ZK is a commercial entity, ergo cooperation with everyone. I'm sure they have IPO plans. They claim IBM as a partner (actually IBM is selling them stuff, but these days anyone who sells you equipment is a 'partner'...I see this every day). If a grandma in illinois is going to invest in their company when it goes public, is she going to be happy that drug dealers, stalkers and pedophiles use this network? I don't think so. I'm sure there are contingency plans for 'revealing' activity when served with a subpeona and/or a search warrant. Otherwise grandma won't invest and won't allow her pension fund to invest in the company. (see point 2 above). 5. Is ZK a spammers tool? If truly secure and anonymous, etc. etc. etc. why couldn't the spam king use it? If it is a spammers tool will ZK be blackholed? I can already imagine aol and others blocking ZK traffic to minors, and perhaps adding it to it's 'dangerous data origins' list, meaning it will appear on an anti-spam list. 6. If I was really concerned by received threats via zk, I would I would simply reject all in-bound traffic from ZK. anyway, see point 2 above again. I don't believe a commercial entity, especially a US-based one with IPO plans, can market themselves as a full anonymizing service for e-mail. Their real value, it seems to me, is enforcing privacy rights with respect to cookies. but anonymous proxies do the job just fine for this. They can't anonymize e-commerce transactions (how would you buy a book?, etc. I don't see the business value in encrypting and anonymizing e-mail in a general sense (where's the business model?) I think anonymous e-mail is best achieved through a cooperative, non-commercial program of unaffiliated individuals (with no commercial worries, and lots of jurisdictions around the world), or by simply purchasing pre-paid internet access, or if i were a wealthy bad actor find a more expensive solution. phillip -----Original Message----- From: owner-cypherpunks@Algebra.COM [mailto:owner-cypherpunks@Algebra.COM]On Behalf Of keyser-soze@hushmail.com Sent: Tuesday, February 06, 2001 2:33 AM To: Mac Norton; Blank Frank; dmolnar Cc: Cypherpunks Subject: Re: anonymity doubtful. they probably receive the email at the destination then alert the chain-of-jurisdiction for investigation. count me as a technical skeptic of an 'untargeted' echelon program. phillip -----Original Message----- From: owner-cypherpunks@Algebra.COM [mailto:owner-cypherpunks@Algebra.COM]On Behalf Of Mac Norton Sent: Monday, February 05, 2001 5:12 PM To: Blank Frank Cc: cypherpunks@toad.com Subject: Re: anonymity Intercepted by the CIA? Do they regularly pre-screen POTUS's incoming international e-mail, or what? MacN traffic analysis. Since chain of evidence is useless for ZKS messages (if you believe ZKS) only TA could finger the sender. Any takers? ks