Anon wrote:
> The information that "traffic shaping" (link padding?) will be
> turned off in the initial release is especially disappointing.
> Without this technology Freedom provides little more privacy than
> anonymizer.com, or one of the hundreds of free web proxies listed at
> http://www.ijs.co.nz/proxies.htm and http://proxys4all.cgi.net/.
>
> No doubt the same cypherpunks who make excuses for ZKS's lack of open
> source because of potential protocol instability (when they are already
> issuing Release Candidate versions!) will explain why the absence of
> link padding is nothing to worry about. It will be interesting to see
> how long ZKS continues to get a free pass from cypherpunks.
I wouldn't fully agree that ZKS received a free pass from Cypherpunks, but I
readily admit that ZKS received a "presumption of security absent final
specs and evidence to the contrary" due to the fact that Ian Goldberg is
their Chief Scientist. Ian, unlike all but a few, is certainly capable of
designing a secure anon IP system and has built up the impeccable personal
credentials to not ever have given anyone even a hint of doubt that anything
with Ian's name on it is anything but secure. Therefore, Freedom received
the benefit of the doubt. This was a reasonable course of action to take at
the time.
However, I must agree with Anon that the time for doubt is over. Freedom's
present pseudonymous email system is massively insecure and subject to
compromise by even a moderately competent script-kiddy attacker. Freedom
email nyms allow for easy confirmation of the identity of a suspected nym
user. This attack does not require the powers of the NSA, but can be
accomplished by the average Bugtraq or Cypherpunks reader. At present, the
use of Freedom nym email for anything significantly more sensitive than you
would find comfortable discussing via your Hotmail account must be
discouraged. I want a secure infrastructure as much, probably more so, than
the next guy and therefore don't relish these findings. But undeniably,
given the facts, these findings are the truth.
Unfortunately, Freedom security holes do not stop there. Freedom, as a
feature, does not provide for anonymous IP. It provides for pseudonymous IP.
The exit node (AIP) knows the nym of the user making an outgoing connection.
If this user has been so unfortunate as to have set up a reply block, as the
default sign-up script will prompt him to do, he too will fall to the same
attack Freedom email nyms are subject to.
Now one may assert that the thread model for most users is not a corrupted
Freedom server, but a corrupted target host. Sure, Raytheon may first
subpoena Yahoo, but they will just as quickly subpoena the exit hop you
chose in Freedom to access Yahoo. This task completed, they will know your
Freedom nym. All that's left to do is a trivial attack against your POP
server and your identity has been revealed. Your sole prayer for maintaining
privacy is that your opponent will only resort to subpoenas, not hacks.
YMMV, but I wouldn't want to bet any significant amount of money on the
rigidity of this thin piece of straw.
Sadly, the core architecture of the Freedom IP network as presently fielded
appears to be insecure even disregarding the fatal email nym-based attacks.
Absent link padding, an attacker with access to your modem link, your ISP's
router, or you ISP's Postmaster (that is to say any attacker that bothers to
subscribe to Bugtraq or knows how to access http://www.rootshell.com) will
be able to correlate your activities to those of your Freedom nym.
At this point, it seems that the best we can hope with respect to Freedom
security is for ZKS to fix the truck-size security holes by version 1.1 and
that nobody with any sensitive information will use Freedom until that time.
--Lucky Green <[EMAIL PROTECTED]>
"Among the many misdeeds of British rule in India, history will look
upon the Act depriving a whole nation of arms as the blackest."
- Mohandas K. Gandhi, An Autobiography, pg 446
http://www.citizensofamerica.org/missing.ram
