At 6:18 AM -0700 6/13/00, Patrick Henry wrote:
>Lucky Green spoke thusly:
>
>>Present-day Freedom simply isn't of any significant interest to many privacy
>>conscious customers. I suspect ZKS' sales figures are reflecting that fact.
>
>Your point is well taken that ZKS' service does not meet the standards of the
>dyed-in-the-wool cypherpunk. There is no such thing as 100%
>security anyway. I suspect
>that most of the compromises that ZKS made are due to commercial
>realities. My point is
>that they DID successfully launch a service (we'll see how long it
>lasts), and they DID
>succeed in getting widespread press for it. Now various people
>around the globe are
>reading about the service and learning about the advantages of
>pseudonymity. The next
>time someone wants to start a better, more secure service, there
>will be many more
>educated investors willing to underwrite such a venture.
Perhaps not. Would-be investors who see ZKS fail will not necessarily
be more willing to underwrite similar projects.
If ZKS crashes and burns with an investment pool of several tens of
millions of dollars--someone told me they'd raised more than US$75M,
but I haven't looked closely--then "educated investors" will likely
avoid this type of market.
What Lucky said is basically correct. The Freedom network has
numerous flaws (*) which make it even less interesting than the
Cypherpunks remailers of some years back.
(* Covered many times: Source code not examined. Underlying
mix/anonymizing protocols not public. Single point of failure for
attack by legislators, fatwah saboteurs, etc. No reliance on multiple
hops, as DC Net and Crowds/Onions and Cypherpunks systems use.)
The fact that some fine people work for ZKS should cause us to give
them a pass on such important issues.
Whether there are enough people who think some degree of
untraceability is good but who are no sophisticated enough to realize
that Freedom currently is not offering a "full strength" product is
an interesting question.
The fact that both ZKS and HavenCo have fixed, identifiable
headquarters, and the fact that both have made noises about placing
limits on what users do with their systems (**) is telling.
(** ZKS said they will cancel the accounts of those who use Freedom
to transmit/post various kinds of illegal (?) information. In Canada,
this could include using Freedom to evade the laws forbidding hate
speech! HavenCo has similarly talked about "information illegal in
the originating country" being yanked. In both cases, the single
point of failure makes government pressure likely.)
Personally, I think the market for casual-grade untraceability is
limited. Which is not to say that the market for high-grade
untraceabily is any better. Most people don't think much about
security.
My hunch has long been that the people willing to pay for
untraceability ("pay" in terms of paying $$, accepting certain packet
delays, upgrading equipment, etc.) are those with monetary benefits
in untraceability: dealers in various items, pornographers of various
sorts, sellers of military secrets, political activists who face
strong sanctions or death if discovered, and so on.
These are the main users we in the Cypherpunks movement have
discussed for so many years.
How long will ZKS let "LolitaLover" use Freedom for selling pictures
of children? How long will HavenCo tolerate the "Women without Veils"
(***) site?
(*** Someone came up with this "Women without Veils" meme some months
back. Makes the case wonderfully.)
For HavenCo, what exactly does "country of origin" mean? If Iranian
dissidents in Belgium use HavenCo to post pictures of Rafsanjani
having morphed sex with a pig, is the "country of origin" Belgium or
Iran...or an ISP in the U.S.? In any case, this won't stop enraged
mullahs in Teheran from issuing a fatwah against HavenCo.
And so on. This is well-trod ground.
Good luck to them both, but I really don't see their models as being
especially interesting. If HavenCo only spent a million bucks, as
"Wired" is reporting, then they're a shoestring operation and they
may be able to make money by co-locating certain sensitive files,
though not the "outrageous" files which will invited SEAL saboteurs
and crazed Iranians. We'll see.
If ZKS has really taken in $30 million, let alone $50 million or
more, I really have a hard time seeing how they'll find enough paying
customers. We'll see.
In a couple of years this should all be clearer. It may be that both
HavenCo and ZKS will tweak their business models to adjust to
whatever realities emerge. I'll watch with interest.
--Tim May
--
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.
