Anonymizer employees need killing

bgt bgt at chrootlabs.org
Sat Mar 27 23:01:41 PST 2004 

On Mar 27, 2004, at 23:13, Lance Cottrell wrote:
> I hope at this point the retractions by the Register have been well 
> circulated. Just to make it absolutely clear, we have never and never 
> will sell out a customer. This is simply shoddy reporting at its 
> worst.
>
<snip>
> I would have hoped that my years of working on free open source 
> privacy tools (such as Mixmaster) before founding Anonymizer would 
> lend my reputation some weight, or at least give me the benefit of the 
> doubt until the matter was clarified. I am deeply troubled to see 
> death threats against my employees (and I would assume myself) without 
> anyone taking the trouble to even ask us to comment.
>
> It has always been easy to contact me directly, next time I hope 
> someone will do so before assuming the worst.

Alright then, since you're here, maybe you could answer a couple 
questions:

- If given a court order, would you be able to provide the FBI the same 
kind of information that Surfola did, which could be used to track down 
the customer in meatspace?  (From the article, we can assume it was his 
paypal email addx and/or the IP addx he was using, either one of which 
was probably sufficient).

- Assuming the answer is yes: from the customer's POV, in the end what 
does it matter whether you were given a court order or not... the 
result was the same, they were caught because they trusted your service 
(the fact that, in this case, the crime was despicable, is beside the 
point).

- Can you explain the contradictions inherent in the following excerpts 
from your user agreement?

"Usage logs are usually kept for forty-eight (48) hours for maintenance 
purposes, monitoring Spamming and monitoring abuses of netiquette. Any 
relevant portion(s) of such logs may be kept for as long as needed to 
stop the abuses."
"We maintain no information which would identify which user had sent a 
given message or visited a given site"
"Abusers of the Anonymizer can expect no anonymity. We regret the 
necessity of this policy, but without it abuse will force the shutdown 
of the Anonymizer."

Even if we leave aside the question of whether one should trust a 
service which /could/ betray you if it were run by an untrustworthy 
operator, you state openly in your policy that you're not to be 
trusted!

--bgt

More information about the cypherpunks-legacy mailing list