On Thursday, August 30, 2001, at 11:07 AM, Adam Shostack wrote:
On Thu, Aug 30, 2001 at 10:02:54AM -0700, Tim May wrote: | Alas, the marketing of such "dissident-grade untraceability" is | difficult. Partly because anything that is dissident-grade is also | pedophile-grade, money launderer-grade, freedom fighter-grade, | terrorist-grade, etc.
I think a larger problem is that we don't know how to build it. Once we build it, we may be able to market it. But when you look at building something for dissidents, you realize that you have very high stealth requirements, since using such software is likely to subject its users to rubber-hose, and harsher forms of attack.
A quibble, but I would separate the stego aspect from the untraceability aspect. It is true that in certain regime--China, Afghanistan, Iran, Iraq, Saudi Arabia, etc.--sending and receiving encrypted packets will be ipso facto proof of guilt or at least grounds for hauling in for torture. Even stego in the ad banners, sound files, images, etc. will be problematic. This is the stego, or stealth, topic we all know about. (Aimee and Ray, cover your ears.) In regimes where something akin to the First Amendment provides unassailable protection against sending and receiving bits in a form not necessarily readable by snoops, providing untraceability is enough. Ignoring the stego/stealth side for this discussion, I certainly hope you at ZKS know how to build a dissident-grade untraceability system. If not, hard to see why 200 employees were hired and $60 million or so was raised. If ZKS colonizes the ghetto of "stopping Pillsbury from using cookies to track cookie preferences," then they will never make much money at all. In my opinion. Just too close to the low value of the graph. --Tim May