--Hushpart_boundary_iWCDbgAikNCcbLlDAWpLjBKeDnioBxsF Content-type: text/plain WOW - well I have to start out this post with a REALLY STRONG sense of vindication!! DAMN it feels good to be right!! 4 months ago (circa July) I made (using a differnet hushmail nym - forgot the password to that one so I had to make a new one..) a number of posts to this list of the subject of: (1) why ZKS doesn't really protect privacy in the first place, (2) why privacy is a MAJOR ecnomic issue, and (3) why, (b/c of (2)) the real market for privacy is on the business side of the equation, not in wimpy pieces of consumer client software like Freedom.. At the time I equated privacy with the Code of Fair Information Practices (CFIP), and explained at a NUMBER of businesses would be MORE THAN WILLING to put these principles into practice at their enterprise b/c of the massive REVENUE potential this could create.. At the time, I was pretty much totally dismissed.. every point I made was ridiculed as being short-sighted or a pipe dream and, esp concerning the fact that businesses would be willing to put in place CFIP, I was told that I was f***ing out of my mind and that that made no sense whatsoever.. How DELICIOUS to watch (in FOUR SHORT MONTHS) ZKS TRY to turn around their whole business to basically the same principles that I outlined in those earlier postings!! Enough w/ the revenge, though -- let's proceed to dismantle Tim May's inept, knuckle-dragger arguments on these issues..
This is a recurring theme, and one we've talked about many times.
Fact is, most people don't think they need security. Most people don't even think they need backups. Until their hard disk crashes. And so on. It's a tough sell in either case.
This is why the market for crypto and security and anonymity has tended to be at the "margins" of society: porn, warez, freedom fighting, etc. Such has it always been, such shall it always be. Targetting the mainstream is a tough sell.
No, completely wrong, as usual. The REAL market for crypto and security has ALWAYS BEEN and WILL ALWAYS BE in the financial services sector. These people have absolutely enormous amounts of money at stake, and in so far as cryptography and security can reduce the risk of bad loans, of theft, of a gazillion other risks that financial services companies face, these companies will continue to operate at the forefront of global cryptography technology.. Anonymity has NO MARKET in this world outside of free speech.. (I'm sure I'll be ridiculed for this again too, but in 4 short months something else will happen to vindicate me.. I'll let you guys know when it does..)
(The most widely-deployed bits of crypto are in places where huge deals were cut with browser makers, e.g., SSL,Verisign, etc. The customer is only vaguely aware that such things are happening. No sale to Joe Average is needed. Probably this is the way Web proxies will ultimately be sold.)
Good security should be so seamless the user doesn't even know it's there. SSL satisfies this design requirement. So does Verisign. Freedom doesn't. Freedom sux.. it's like, it's always there and I can't uninstall that hideous piece of software off my machine fast enough..
ZKS was just one of many companies attempting to sell privacy tools to "Joe Average," and his little daughter Suzy Average (pictured in ZKS Freedom ads...). Well, Joe doesn't do much with his home computer except check some sites and maybe download a few porn images from Danni's Hotbox when Suzy has gone to bed and the wife is passed out on the sofa.
_Could_ ZKS Freedom help Joe a little? Maybe, but it's not something even on his radar screen to worry about. His bigger concern is having Suzy or the wifey find the paltry pieces of porn he purloined.
Privacy can and is an enormously powerful tool for global consumers, and like Garfinkel says, maybe it will take years to realize this economic reality, but it will be realized, sooner or later.. just not in the form that Tim May thinks..
Or he's at work and his boss has just announced that several employees have been fired for using the company's networks for checking sports scores, downloading porn, usng Napster, etc.
These are Joe Average's _real_ concerns about privacy. Cute ads about little girls needing their privacy probably won't sell ZKS Freedom to Joe Average.
I agree - I've always found the ZKS ad campaign to be rather distasteful in fact.. (the bar codes on people.. esp since the Internet doens't really operate by bar coding people and even if it did, ZKS wouldn't be able to do anything about it.. it's called FALSE ADVERTISING.. the FTC might have a thing or two to say about that..)
ZKS may do better by bundling Freedom with Danni's Hard Drive accounts! "Your porn is downloaded to you in "Plain, Brown Wrapper" format, disguised to look like a marketing report containing the key words you specify. Your boss will think it's business, your wife will be bored."
(No, I'm not suggesting this as any kind of real product. The market is just too small, and downloading porn or Napster songs at work is a lose for many good reasons. The proper solution is even more straightforward: only fools download porn at company sites, and they deserve to be fired. And if Joe Average doesn't have his own _personal_ computer at home, they're cheap enough. No reason Little Suzy should be doing her homework on the machine he has his porn on. And even if he does, encrypted partitions are trivial to set up. Plus, removable CD-RWs and Zips. "Zip--for when you don't want your porn discovered by your wife!")
The second major use for privacy tools is preventing the "dossier society" effect, where one's words in alt.sex.gerbils are archived for all time and are seen by prospective employers, Senate confirmation panels, etc. This is a likely market for ZKS Freedom. Ah, except that utterly free and easy to use services like MyDeja and MyYahoo and suchlike are dominant in this application area ("space").
Everything up to here is basically the ravings of a madman, so I'll leave it alone..
It is routine to see "aardvaark42@mydeja.com" posts in nearly all newsgroups. While these are not cryptographically robust, it's unlikely these will ever be linked to true names. Especially as they may be set up on the fly, through proxies, etc.
That's a good point and that's basically what I've always said about "nyms".. you don't really need ZKS for a nym (Hushmail works fine for me), and even when you DO get one, the only thing it's good for is free speech, never for privacy. (Ever notice how privacy discussions are always framed in the context of commerce? Like what are the privacy policies of that bank or HMO? Or what is Amazon doing w/ my purchasing profile? AND YES, there are privacy threats from government, but you're never going to be able to *make money* by battling the government (like ZKS was trying to).. since we're talking about a business here (ZKS), I'll keep the discussion limited to commerce..)
Still, some fraction of people will pay for Freedom-type nyms. Probably not $50 a year, as that is a significant fraction of their entire ISP bill. But not a lot of people. And they won't pay much.
The real market for robust security and privacy tools is, as always, elsewhere.
Financial services..
The _interesting_ market has always been for those who are--demonstrably!--willing to pay big bucks to get on a plane to fly to the Cayman Islands or Luxembourg to open an offshore account. For those who are actively interested in untraceable VISA cards. For those selling arms. For those trafficking in illegal thoughts.
In short, for crypto anarchy.
No, this market is actually really really boring. It's too tiny and the opportunity for recurring revenue streams is too small and ... no.. I won't rip it apart any further..
Not for fluff.
Will the new ZKS business model work? Maybe. But as Simson Garfinkel points out in the article Declan wrote, this may take years to develop. Until then, tough sledding.
MojoNation seems to be a lower burn-rate run at the real low hanging fruit.
It's (vaguely) the right approach to privacy (going after the enterprise), and I'm sure ZKS has been pursuing for some time now (probably since I made those postings back in July). But in terms of being delivering privacy tools to the enterprise, they're already behind companies like Privada and PrivacyRight. I mean, granted I slammed Privada earlier for their weenie knock-off of Freedom, but at least they've been pursuing the enterprise market for some time now in earnest.. and as for PrivacyRight, it seems they've already made substantial inroads into the health care and financial services markets that ZKS claims it wants to pursue.. So what is ZKS really selling to enterprises? Is it anonymity software like Freedom? No business will ever buy this.. is it fancy, schmancy cryptography software? Again, I've sold security products to enterprises for years, and every CIO in America knows that security is not isomorphic to cryptography. No hacker in the world bothers trying to crack 40-bit encryption when he knows there are users on the enterprise network dumb enough to have username "Tim" and password "May".. this is a much easier way to subvert the network.. Security starts with good cryptography, but encompasses a great deal more (lots of policy, for one). Privacy starts w/ good security, but also encompasses a great deal more than plain, old vanilla security.. For this reason, if all ZKS is selling is cryptography, then good luck! you're already way behind the times.. And if ZKS is selling consulting hours, then thanks, but I think I'll take my budget to a place where they already have the whole privacy picture in focus (like PriceWaterhouse Cooper or Ernst & Young), not to a place where they just brag about cryptography all day long.. --Hushpart_boundary_iWCDbgAikNCcbLlDAWpLjBKeDnioBxsF-- IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages. Get your FREE, totally secure email address at http://www.hushmail.com.