Making Money in Digital Money

Adam Back adam at cypherspace.org
Sat Apr 26 15:21:27 PDT 2003 

On Sat, Apr 26, 2003 at 10:06:48AM -0700, Tim May wrote:
> I don't believe ZKS ended up targeting the remailer niche ("space") we 
> are interested in. In the years that Freedom nyms were being sold, how 
> many were used to post to this list? How many were used to post to 
> Usenet? A set nearly of measure zero.

I think the first mail system at ZKS was relatively unreliable, and
complex for users to understand and use (setting up a nym as with
nymserver/type I involved reply blocks, waiting for confirmation etc).
It was reply block based, but reimplemented from scratch, not based on
cyphperpunk type I code.

Some of the issues were implications of the design (as with type I
based reply blocks, some mail does not arrive; also reply blocks
always seemed fragile to me), others were probably implementation
issues.

The 2nd gen mail system we built at ZKS (my design) had a different
set of tradeoffs.  

I found a copy of the "Freedom 2.0 Mail System" white paper here:

http://osiris.978.org/~brianr/crypto-research/anon/www.freedom.net/products/whitepapers/Freedom_2_Mail_System.pdf

It was definately more reliable (the main business reason for doing
it).  Also there was no reply block pointing back at your real
identity which is the main weakness of the reply-block design: it is a
subpeona risk.  Instead it was based on a pop server which you
optionally connect to via the anonymous freedom network to achieve
sender anonymity (or deliver via mixmaster if you prefer, it's accepts
regular mail to interface with non-anonymous users), and via the
freedom network again to achieve recipient pseudonymity.

So these interactive connections are immediately forward-secret, and
therefore you have much better protection against subpeona attack.
However they are more vulnerable to all-powerful observer attacks who
could probably figure out which pseudonym was which by sending lots of
unique sized email and then watching traffic patterns flow through the
network.


So as you might expect different systems can be built which optimize
against different types of threat.  I'd argue the 2nd gen mail system
would be much better against subpoena attack, but weaker against
all-powerful passive adversaries.  The typical thing an end user with
strong desire for privacy would be concerned about (frivolous lawsuits
related to online discussion groups, defamatio, privacy against law
enforcement sting operations, etc) would be better protected; where as
national security issues where you might imagine NSA or such could
coordinate and implement the all-powerful passive adversary are less
well protected against.

> I assume _some customers_ were using Freedom...I just don't recall ever 
> receiving a message from any of them, or seeing any of them on the 
> lists and groups I frequent.

I think there were more active users of the web browsing side of
things than the pseudonymous mail for the reasons above.  The version
might have been better given time, but I think freedom network (and
mail) was discontinued relatively soon after it's deployment.

> (I still check in on www.zks.net occasionally to see what's going on. 
> Stuff about firewalls and viruses.)

Yes.  This is why I quit to do other stuff -- limited crypto stuff
left, and no distributed trust anonymity or privacy left.

ZKS still does have one anonymous networking type sytem called
websecure which they are actively selling and have subscribers of.
It's somewhat similar to anonymizer.com in that it is one hop only
anonymous traffic for web browsing only.  The differences (which make
it probably more secure I'd argue) are that it doesn't rely on html
re-writing which is a risky strategy to provide good assurance
(periodically somone finds some html extension which anonymizer.com
style html rewriting misses, until they fix it; or fuzzy parsing rules
in browsers which allow you to slip URLs past the re-writer in a way
that some browsers will fix up, but the re-writer doesn't recognize as
a URL).  Unfortunately the websecure approach is also Internet
Explorer specific, relying on a browser helper object to hook in an
SSL tunnel to the proxy (run by ZKS).

It's described here:

	http://www.freedom.net/products/websecure/index.html

the fact that it's a browser helper object doesn't hurt the appearance
-- it doesn't really look like a download, the installation is quite
rapid and seamless.

(The rest as Tim says is a suite with options of a Personal Firewall,
Anti-Virus and Parental Control.)

The suite products are primarily sold (actually "rented" as a service
for $x/month with profit share) via ISPs, preinstalled on hardware
manufactureres machines etc.  (What you get for your ongoing
subscription is virus definition updates, firewall rule updates to
cope with new applications, software updates, and the parental control
involves ongoing use of a server).

As you can see on the press release page they're quite successful at
signing up ISPs onto this model:

	http://www.zeroknowledge.com/media/pressrel.asp

with a fairly steady stream of new and fairly major ISPs.  So,
successful, but not hard-core cryptographically assured, distributed
trust/zero-trust, privacy related.

Adam

More information about the cypherpunks-legacy mailing list