On Wed, Nov 22, 2000 at 01:00:47AM -0500, Adam Back wrote:
There hasn't been as much comment (apart from Wei's comments, and some offlist comments from Lucky) as one might expect about technology choices and protocol design despite the open white papers. I'm hoping the new clearer, more detailed white papers coming with 2.0 will help stimulate such discussion.
I think the traffic analysis stuff is important, but it's lower down on my list of threats. My impression is, that for the average Internet user, the most likely privacy invasions they face are: 1. Personal information given to ISP is revealed to litigant or law enforcement, based on identification of the subscriber's IP address, URL, or email address. 2. Personal information given to web-based conferencing system is revealed to litigant or law enforcement, based on the user's system ID; or enough information is released to allow violation (1). 3. Personal information given to instant messaging system is revealed to litigant or law enforcement, based on the user's system ID; or enough information is released to allow violation (1). 4. Personal information given to one entity is shared with another entity contrary to statute or contract. 5. Activity at several different websites is aggregated to form profile of interests or purchasing patterns, which is sold or combined with information from violation of (4). 6. Operator of a machine sharing a network with client machine uses packet sniffer to trap/analyze/store client's cleartext data. 7. Operator of machine which handles user's data (like mailserver, router, etc) uses system access to trap/analyze/store client's cleartext data. 8. User's system retains state regarding online activities (web browsing data stored in cache, 'recent sites' lists; incoming and outgoing emails stored) which is revealed through unanticipated use of user's system by another person. Different end users will give each of those modalities a different likelihood of occurrence, and weight them differently by the damage potential - but I think they're all much more likely than more esoteric attacks like network-based traffic analysis. I would be pretty excited about a system which fixed all or many of the above exposures, even if it were vulnerable to more sophisticated attacks - there are apparently a few people on the cpunks list who merit full-time surveillance, but I think most of us (and most of the people we're likely to recommend privacy systems to) need better protection and support for security against basic attacks before we need even meager protection against sophisticated attacks.
These two things mean that there are more people using freedom 1.x browsing than freedom 1.x mail. So you aren't going to see an accurate portrayal of user base from email alone.
That's a good point. I haven't been able to think of a good way to measure the adoption rate of Freedom 1.x "in the wild" - my next best guess was to comb over my own webserver's logfiles, to see if the Freedom proxies introduce any evidence of their presence. Is that possible?
Some negative experience with it's workings? Could you elaborate?
I experienced (twice) a failure in my Windows 98 network stack after installing the Freedom client - it apparently replaced/modified/removed some DLL component which was important to 32-bit Winsock connections, which meant that Eudora and web browsers stopped working. I wasn't able to get a good answer from tech support, apparently because of the problems with the 1.x reply blocks. Last time I mentioned this I got a nice note from someone in the Freedom support department who promised to help me if I end up running Windows again; after the second installation got trashed, I gave up on Windows, and am in no hurry to go back. In both cases, I was unable after considerable effort to recreate a working network stack, and ended up reinstalling Windows and all of my apps. I don't know if it was my peculiar configuration (which wasn't wildly peculiar, but I did run a lot of software, including the Norton Win32 firewall thing) or Windows lameness or [..], so I'm not ready to say that Freedom is broken - but I know that it exceeded my personal time alloted to monkeying with it, and I didn't do well enough with it to feel good about recommending it to people who are less technically inclined than I am.
My gut feel is that email would be a popular app for pseudonymity. Opinions solicited of course, but I personally was usually more interested in pseudonymous or anonymous mail. It does actually matter if you use the web to look up things you're writing about and you're trying to be strongly anonymous, but typically I haven't been that paranoid.
Same here - it's actually not so hard to get some measure of web anonymity, if you're willing to the free ones like LPWA. Still, web anonymizers are going to be more interesting as more people get fixed IP addresses for their DSL or cable modems. I didn't give web tracking a lot of thought before, because my dialup IP's were at least weakly nondeterministic and not very correlated; but people with fixed IP's have more to worry about.
This isn't a re-framing, it's phase II, and it's been planned since day one. Austin has been talking about being a privacy broker between users and companies for years, it was part of the grand plan for "total world domination" since the early days. Probably some have heard him speak about it at conferences over the last couple of years.
I've heard him say some about this, but didn't link it to the privacy consulting, exactly - what I wonder about with this is where ZKS' loyalties will appear to be. Consumers probably want to see their privacy software vendor as "on their side"; but commercial interests working on data collection are probably going to want to work with people who will help them advance their own goals, sometimes at the price of others' privacy. The closest parallel I can see is to environmental groups, who have in some cases endorsed certain corporations or certain practices as "green" or "environmentally friendly", and who have subsequently lost stature among some of their members and peers as having "sold out". I don't know if it will work well to be perceived as serving two masters - even if the corporate interests pay lip service to "protecting our customers' privacy".
The section of the FAQ that covers the questions you're asking is:
http://www.freedom.net/faq/index.html?r=6#11
The short answer is no, no, and very.
Well, that sounds good - and I appreciate the pointer to the FAQ - but I am not sure the answer is so easy. Let's say that I believe that a Freedom user has defamed me, and I sue them, and my attorney issues a subpoena to Freedom to get their reply block(s); and then my attorney subpoenas the operators of the machines which hold the keys which decrypt the reply blocks .. don't they get my email address? The "Freedom 1.0 Security Issues and Analysis" whitepaper at http://www.freedom.net/info/freedompapers/Freedom-Security.pdf seems to agree that this attack works, in sections 2 and 4.5. Are there plans to fix this? I gather that 2.x will eliminate reply blocks - will it also eliminate this vulnerability? The legal analysis behind that security analysis deserves some updating - in particular, a warrant isn't necessary to get at information held by others, just a subpoena, and all it takes to get a subpoena is filing a lawsuit, as has been demonstrated by any number of aggrieved companies ridiculed on the Yahoo message boards.
I'd just like to make these two comment commitments which I'll reveal later when certain projects are announced to demonstrate that they were planned for some time.
b26ecfce97bc6c090585a254a297ba5143280cce commit a47d3b46da014002b34d02c3a0524a3209c3c6ae commit2
Well, that's something to look forward to. -- Greg Broiles gbroiles@netbox.com PO Box 897 Oakland CA 94604