Is it time to kill the JAP backdoor cretins and their families?
Adam Shostack
adam at homeport.org
Mon Aug 25 20:47:53 PDT 2003
On Mon, Aug 25, 2003 at 08:27:20PM -0700, Len Sassaman wrote:
| However, even when setting aside the issue that our understanding of the
| math involved may be flawed, JAP quickly becomes less appealing choice
| once the other factors are considered.
|
| University / government funded research relies on grants for its
| existence. This makes the operators beholden to the source of grant funds.
| It also eliminates an economic incentive to put users first.
|
| Private companies offering privacy/anonymity services are faced with a
| direct correlation between revenue and delivery of such services. Should a
| company like Anonymizer violate its stated privacy policy and misrepresent
| its level of security, as JAP did, the results would be devastating to the
| viability of the company. The JAP group, on the other hand, is facing
| nothing more than a little bad PR and the loss of some users. (Many of
| those 30,000 probably are unaware of the silent compromise of JAP
| security).
Much as we'd like reputational issues to rule, I think your final
parenthetical is important. I would be willing to bet that Lance
*could* take FBI money to rat out users without it reaching the
userbase. I'd also be willing to bet that Lance *wouldn't,* but that
bet would obviously be smaller.
So, to the question of, is a private company better than a research
lab? Probably. But could a privacte company comprimise its users
without imploding? Probably. The right system is probably something
like Tarzan, running low-latency traffic inside the file trading
cloud.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
More information about the cypherpunks-legacy
mailing list