doubtful. they probably receive the email at the destination then alert the chain-of-jurisdiction for investigation. count me as a technical skeptic of an 'untargeted' echelon program. phillip -----Original Message----- From: owner-cypherpunks@Algebra.COM [mailto:owner-cypherpunks@Algebra.COM]On Behalf Of Mac Norton Sent: Monday, February 05, 2001 5:12 PM To: Blank Frank Cc: cypherpunks@toad.com Subject: Re: anonymity Intercepted by the CIA? Do they regularly pre-screen POTUS's incoming international e-mail, or what? MacN
This approach might make a good test for ZeroKnowledge resistance to traffic analysis. Since chain of evidence is useless for ZKS messages (if you believe ZKS) only TA could finger the sender. Any takers?
ks
Regularly intercepting POTUS' international email is hardly "untargeted". I figure that's probably a fairly routine, if small, part of Echelon. Bear POTUS = "President Of The United States" for all who aren't up on spook jargon. On Mon, 5 Feb 2001 keyser-soze@hushmail.com wrote:
doubtful. they probably receive the email at the destination then alert the chain-of-jurisdiction for investigation. count me as a technical skeptic of an 'untargeted' echelon program. phillip
-----Original Message----- From: owner-cypherpunks@Algebra.COM [mailto:owner-cypherpunks@Algebra.COM]On Behalf Of Mac Norton Sent: Monday, February 05, 2001 5:12 PM To: Blank Frank Cc: cypherpunks@toad.com Subject: Re: anonymity
Intercepted by the CIA? Do they regularly pre-screen POTUS's incoming international e-mail, or what? MacN
This approach might make a good test for ZeroKnowledge resistance to traffic analysis. Since chain of evidence is useless for ZKS messages (if you believe ZKS) only TA could finger the sender. Any takers?
ks
This approach might make a good test for ZeroKnowledge resistance to
hmmm. Three comments about zeroknowledge's anonymous e-mail (the conclusion is 'so what'?): 1. do they understand networks? ZK seems to implement the right kind of encryption (ian goldberg is good at that, we assume this from his history, [btw has he actually performed cryptanalysis in live environments?]); I don't know who's designing the network, do you? Does zk traffic traverse public networks (via VPN or otherwise)? Do these networks collect packet data (to, say, analyse attacks)? Do they stagger packet transmissions to confuse origin and destination? Do they only broadcast real data and no masking data? And if they properly conceal data how well do they scale? With all the encryption of traffic, etc. ZK's adoption by isps, etc. etc. is a scalability question. 2. is their e-mail system really anonymous? if i were a known bad actor, le might be capturing data from my pc or my isp or my phone company directly. why bother worming through zk networks? oh, and if someone could respond to you via your anonymous zk e-mail address, isn't that an instantaneous-tag-the-sender tool for le? Gee, let's see the recipe for this...serve zk a search warrant, map zk address 'A' to e-mail address 'B' and there you have it: easier than instant jello pudding. Nice system for anonymizing traffic to companies, bad system if you're trying to get away with something you shouldn't. 3. questionable adoption of anonymous e-mail. zk is in what's known in the finance world as a 'land grab'...move as many people as possible into your turf, shutting down the competition, then upsell your customers later. but zk doesn't have the cash to market anonymous e-mail to consumers directly (most of whom don't care about this feature anyway)...and i can't think of a reasonable business justification for a company to use such a service. so i'll go out on a limb and predict now that anonymous email is going to be nearly impossible for them to sell to more than 1/2 of 1% of the world. plus would you want to receive anonymous e-mail? i prefer filtering my e-mail based on sender. though i suppose one could send a pgp key along with the message, but that's as good as an id as you can get (better than actual e-mail address i'd say). 4. ZK is a commercial entity, ergo cooperation with everyone. I'm sure they have IPO plans. They claim IBM as a partner (actually IBM is selling them stuff, but these days anyone who sells you equipment is a 'partner'...I see this every day). If a grandma in illinois is going to invest in their company when it goes public, is she going to be happy that drug dealers, stalkers and pedophiles use this network? I don't think so. I'm sure there are contingency plans for 'revealing' activity when served with a subpeona and/or a search warrant. Otherwise grandma won't invest and won't allow her pension fund to invest in the company. (see point 2 above). 5. Is ZK a spammers tool? If truly secure and anonymous, etc. etc. etc. why couldn't the spam king use it? If it is a spammers tool will ZK be blackholed? I can already imagine aol and others blocking ZK traffic to minors, and perhaps adding it to it's 'dangerous data origins' list, meaning it will appear on an anti-spam list. 6. If I was really concerned by received threats via zk, I would I would simply reject all in-bound traffic from ZK. anyway, see point 2 above again. I don't believe a commercial entity, especially a US-based one with IPO plans, can market themselves as a full anonymizing service for e-mail. Their real value, it seems to me, is enforcing privacy rights with respect to cookies. but anonymous proxies do the job just fine for this. They can't anonymize e-commerce transactions (how would you buy a book?, etc. I don't see the business value in encrypting and anonymizing e-mail in a general sense (where's the business model?) I think anonymous e-mail is best achieved through a cooperative, non-commercial program of unaffiliated individuals (with no commercial worries, and lots of jurisdictions around the world), or by simply purchasing pre-paid internet access, or if i were a wealthy bad actor find a more expensive solution. phillip -----Original Message----- From: owner-cypherpunks@Algebra.COM [mailto:owner-cypherpunks@Algebra.COM]On Behalf Of keyser-soze@hushmail.com Sent: Tuesday, February 06, 2001 2:33 AM To: Mac Norton; Blank Frank; dmolnar Cc: Cypherpunks Subject: Re: anonymity doubtful. they probably receive the email at the destination then alert the chain-of-jurisdiction for investigation. count me as a technical skeptic of an 'untargeted' echelon program. phillip -----Original Message----- From: owner-cypherpunks@Algebra.COM [mailto:owner-cypherpunks@Algebra.COM]On Behalf Of Mac Norton Sent: Monday, February 05, 2001 5:12 PM To: Blank Frank Cc: cypherpunks@toad.com Subject: Re: anonymity Intercepted by the CIA? Do they regularly pre-screen POTUS's incoming international e-mail, or what? MacN traffic analysis. Since chain of evidence is useless for ZKS messages (if you believe ZKS) only TA could finger the sender. Any takers? ks
doubtful. they probably receive the email at the destination then alert the chain-of-jurisdiction for investigation. count me as a technical skeptic of an 'untargeted' echelon program. phillip
-----Original Message----- From: owner-cypherpunks@Algebra.COM [mailto:owner-cypherpunks@Algebra.COM]On Behalf Of Mac Norton Sent: Monday, February 05, 2001 5:12 PM To: Blank Frank Cc: cypherpunks@toad.com Subject: Re: anonymity
Intercepted by the CIA? Do they regularly pre-screen POTUS's incoming international e-mail, or what? MacN
This approach might make a good test for ZeroKnowledge resistance to
i see your point. by 'targeted' in my comment, i meant looking for transmissions from a particular person. i suppose 'targeted' could also mean looking at messages sent to a particular destination. my specific comment is simply that I don't believe that either the competency or the computing power necessary to watch every financial transaction ($16T/day), fax, e-mail, phone call, ssl connection, etc. exists in the areas we might think it exists. whereas i do believe it's feasible to track traffic to/from servers (and other destinations/data origins). phillip -----Original Message----- From: owner-cypherpunks@Algebra.COM [mailto:owner-cypherpunks@Algebra.COM]On Behalf Of Ray Dillinger Sent: Tuesday, February 06, 2001 11:17 AM Cc: Cypherpunks Subject: Re: anonymity Regularly intercepting POTUS' international email is hardly "untargeted". I figure that's probably a fairly routine, if small, part of Echelon. Bear POTUS = "President Of The United States" for all who aren't up on spook jargon. On Mon, 5 Feb 2001 keyser-soze@hushmail.com wrote: traffic
analysis. Since chain of evidence is useless for ZKS messages (if you believe ZKS) only TA could finger the sender. Any takers?
ks
On Wed, 7 Feb 2001, Phillip H. Zakas wrote:
my specific comment is simply that I don't believe that either the competency or the computing power necessary to watch every financial transaction ($16T/day), fax, e-mail, phone call, ssl connection, etc. exists in the areas we might think it exists. whereas i do believe it's feasible to track traffic to/from servers (and other destinations/data origins).
It takes no significant portion of the computing power of the world to execute these transactions, asking them to dump to something like FINCEN is trivial. The amount ($16T/day) is irrelevant. The exchanges aren't done a penny at a time... The reality is that the US Gov. (and probably most other western powers) has the resources to track each and every eft or computerized data transfer for each transaction each day. They've got the computing power left over to then analyze it for traffic analysis. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
participants (4)
-
Jim Choate -
keyser-soze@hushmail.com -
Phillip H. Zakas -
Ray Dillinger