The Privacy/Untraceability Sweet Spot - tools vs. services

Tue Sep 4 13:25:07 PDT 2001

At 07:50 PM 08/31/2001 +0200, Nomen Nescio wrote:
>But the more sophisticated technologies are not self-contained tools.
>They require a supported and maintained infrastructure to operate.
>Anonymous posters are painfully aware of how inadequate the current
>remailer system is.  A truly reliable and effective anonymity technology
>will be more like a service than a tool.  This means that the operators
>choose to whom they will market and sell their services.

It's a tough call.  The services model has some obvious advantages -
- business model, if they can develop one successfully,
         to fund enough servers, clients, jurisdictions, and ISPs
         to overcome the inertia, hassle, and dropout factor that
         make it hard to create and sustain a scalable secure system.
         ZKS doesn't appear to have succeeded, but perhaps an expensive
         system for more paranoid users or profitable applications
         (e.g. tax avoidance through jurisdictional arbitrage
         or tax evasion through money laundering) can win.
- potentially higher software and service quality.
- less subject to changing fads, e.g. a Napster failed - will Gnutella?

But it has some serious drawbacks -
- you have to trust the service, unless you can be sure it's designed
         with no way for the operators to trace the users,
         including subtle methods like making sure Usual Suspects
         get connected to compromised remailers.
- centralization makes them attackable - Not everything's as
         centrally controllable as Julf's remailer was,
         but not everybody's as honest as he is about shutting down
         rather than continue service when vulnerable,
         and some governments are much more aggressive than Finland
         at attacking systems.
- business models can fail - Napster Inc., ZKS aren't doing so well.
- specialized markets may produce too small a user community,
         making it possible for eavesdroppers to watch the whole system.
         If there are only 100 players, you can pretty much tell
         who's using it, even if you don't know specifically who's
         talking to whom.  For some target markets, this is ok,
         for instance if you're primarily trying to keep the communications
         patterns private from the other players in your market,
         rather than from outsiders, but for others it fails badly.

For tool-based approaches, the ideal is to at least piggyback on some
existing service, e.g. Apache, or Gnutella/Napster/etc., or ICQ/Jabber/AIM,
so there are a large number of players and lots of cover traffic,
making the system relatively sustainable and tracing difficult.