CDR: ZKS: Flawed model for centralization and rates

[Tim May]

At 10:14 AM -0500 11/2/00, Adam Shostack wrote:
>On Wed, Nov 01, 2000 at 07:08:06PM -0500, Tim May wrote:
>
>| By the way, I've been curious about this "we spend time and energy
>| maintaining relations with law enforcement" point for a while. In
>| numerous comments I've seen this mentioned.
>|
>| Why do you spend any of your valuable time talking to law enforcement/
>
>	Because if we don't, then they get confused about what we're
>trying to accomplish, they forget that privacy has lots of valuable
>uses which are not the collapse of governments and tax revenue, and
>try to ban what we're doing.  And then they go talk to Parliment to
>get laws passed.  We see that as a bad thing.

Indeed. But it sort of undermines the argument we heard a few years 
back that the main reason ZKS was locating in Canada was because of 
Canada's greater freedom in crypto matters!

Many of us thought this was jive, of course, as Canada was only 
nominally more free in certain areas involving crypto export...and 
this largely because it was choosing to go a different way than its 
usual puppetmaster to the south. Once the Canadian government decided 
that unfettered strong crypto was dangerous, it would likely move 
swiftly and without the 200+ years of First and Fourth Amendment 
cases to deter the outlawing of strong crypto. While Canada has not 
banned strong crypto, EU countries seem to be moving in that 
direction. And if strong crypto is not affected by law in Canada, 
just what does "try to ban" mean?

I wonder if Jim McCoy and his associates working on Mojo Nation are 
being called on by legislators and cops? My guess is not.

Maybe there's still time for ZKS to pull up stakes and move to the 
Caribbean. Or to cypherspace.

>
>
>Feel free, if you know what the market wants.  I'm curious
>if you'll be running a node yourself?

Not in the near future. I have only a 28.8 dial-up connection out 
where I live, in the Santa Cruz Mountains. Too far from the CO 
(Central Office) for DSL, though this may change next summer. No 
cable modem service. I looked into DirectTV/DirectPC/Gideon satellite 
service, but this still requires a dial-up line for half of the 
session, which rules out 2-way serving of pages or Freedom traffic.

If I had fast Internet service, I might even be willing to buy one of 
the ZKS-packaged Windows or Linux machines. As you all know, I favor 
Macs. OS X looks like a good platform, as it is of course based on 
Mach/BSD/etc.

(BTW, I suggest you look at current Mac OS support plans in this light.)

Some friends of mine have installed the Freedom server. One of them 
tells me that since ZKS is unaware of the traffic flowing, as per the 
basic design goals, that he is working on running other traffic and 
still being paid for it. (I'll ask him tonight what exactly he means 
by this...)

>	Actually, I'm unconvinced that even pipenet style padding is
>sufficient.  Looking at the work on traffic analysis thats been done,
>we're in about 1970.  We have one time pads (dc-nets), and some other
>stuff, but we don't have a DES to analyze.  We have an adversary who
>has spent a long time learning how to do this well.

I don't disagree with this. I'm not saying much more robust systems 
are not needed.

What I'm saying is that there's a "disconnect" between which types of 
nyms are allowed by ZKS, in terms of the T&C and the blather about 
cancelling nyms for abuse, and the threat model. Little girls surfing 
to the Barney site are not going to face sophisticated correlation 
attacks.

As Lucky said, there's an interesting issue of whether ZKS has missed 
its market. Not strong enough, or not "allowed," for the most extreme 
users of pseudonymity, but too strong and too expensive for the vast 
bulk of the target audience.

I have other problems with the rate model which I hope to discuss 
soon in more detail. Basically, charging $50 a year for "all you can 
eat" is a crude model as compared to pay-per-use services. And this 
poor rate model arises because, naturally enough, ZKS wishes to make 
money. Great, but it's still a crummy rate model.

Paid remailers solve the problem in more than one way. First, no 
prepaid nyms are needed. Only digital cash (for the tokens or 
"stamps") is needed. Second, those who use the services more, pay 
more. Third, rate competition for remailing. Fourth, no centralized 
infrastructure is needed. Fifth, no point of attack. Sixth, no need 
to "jawbone" with lawmakers in Latvia, Germany, Canada, California, 
Zambia, or wherever. Seventh, robustness is in the hands of those who 
distribute remailers. Eighth, a low-cost expansion  curve. No need 
for a centralized company with high burn rates. Incremental addition 
of boxes.

(Not sure if N of the remailers have been compromised? Add more hops. 
Hop stuff through your own controlled remailers. Use temporary 
fire-and-forget remailers hosted on other machines. Expand the 
universe of nodes. More chains, more hops.)

I can't help thinking that a tiny fraction of what ZKS has spent 
could have ironed out the relatively small problems with paid 
remailers, with making Mixmaster clients more robust, etc.

The key ingredient to incentivize remailer box operators has always 
been digital cash. Digital cash means the "buy five nyms and then use 
the system as much as you want" model is not needed. It means no 
centralized nexus is needed.

Mojo Nation looks to be headed in this direction.

(I assume everyone knows that Mojo can be spent on remailings?)

--Tim May

-- 
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
"Cyphernomicon"             | black markets, collapse of governments.