On Sun, 18 Oct 2009, Jacob Todd wrote:

...

http://www.theregister.co.uk/2009/10/16/kaspersky_rebukes_net_anonymity/ " In Kaspersky's world, services such asB PsiphonB andB The Onion Router (Tor)B - which are legitimately used by Chinese dissidents and Google users alike to shield personally identifiable information - would no longer be legal. Or at least they'd have to be redesigned from the ground up to give police the ability to surveil them. That's not the kind of world many law-abiding citizens would feel comfortable inhabiting.

As far as any authority is concerned , one bit of SSL traffic is indistinguishable from any other bit of SSL traffic. So while current anonymity models may not be workable in 5 or 10 years, if people are generating strongly encrypted traffic to arbitrary hosts, _some_ models will be workable. Multinational, corporate interests will not allow information security (SSL, VPNs) to just go away. Further, if TPTB have "broken" SSL, they aren't going to tip their hand to the rest of the world to blow the nym you access twitter with. I am pessimistic about the march of freedom and the limits of state power, but these are now basic to all commerce and infrastructure worldwide. The cats out of the bag, I'm afraid.

...

He's talking about supporting a police state, where the "law" can watch everything you do.

http://www.zdnetasia.com/insight/security/0,39044829,62058697,00.htm " [Q:] Are you saying that people often don't understand the complexities of the work security researchers are involved in? Consumers, businesses and even governments? [A:] Governments do understand because they are more and more in touch with these problems. Enterprises, big enterprises, some of them have dedicated teams of security experts and they really understand what's going on. Consumers generally have no clue, but they don't need to understand.

He's lobbying. He sees the money that cisco, et. al, have made building the great firewall and he wants a piece of the action.

...

I'd like to change the design of the Internet by introducing regulation--Internet passports, Internet police and international agreement--about following Internet standards. And if some countries don't agree with or don't pay attention to the agreement, just cut them off.

Let's say this is successful ... it will simply lead to a parallel, mostly wireless network that is even more decentralized than the current Internet. How much does it cost these days to link 10mbps across 10 km ? In a few years, with "n" hardware flooding the market, how much will it cost to link 100mbps across 50 km ?

...

Something worth noting, today's A/V solutions do not scan inside virtual machines and would not be able to detect Tor easily. Use encryption with the VM and it'll be impossible for any A/V product to scan the data inside. If you use an external anonymity device like januspa or a linux router + Tor, then you would not feel the affects of bad A/V software against your anonymity.

Personally, I will be encouraging everyone I know to stay as far away from this company and their products simply out of principle at this point. I had no problem with Kaspersky until I read this. If Kaspersky is going to treat non malicious software as malware, then we might as well treat their software with the same regard.

Will there really be any intersection between end users using reactionary, clueless, least-common-denominator snake oil like this, and users of Tor ?