At 9:20 PM +0000 6/13/00, lcs Mixmaster Remailer wrote:
>Tim May writes:
>
>> The fact that some fine people work for ZKS should cause us to give
>> them a pass on such important issues.
>
>Of course he meant the opposite (no doubt a correction will have
>appeared in the many hours it takes for remailed messages to appear).
Yes, I meant to say "should not cause us." (A mental glitch which
happens too often...in my head I'm hearing an emphasis on "not," but
then it gets skipped in the typing process.)
>The shameful silence of cypherpunks has given ZKS a free ride on their
>lack of security for far too long.
I don't characterize it as "shameful." Nor has their been silence.
Many folks have weighed in with comments, based on what little has
been revealed.
I'd say, rather, that few on this list are trumpetting Freedom as
some kind of realization of long-term, long-held, central goals of
many on the list. Freedom appears to be what we've been
characterizing it as: a casual way of obtaining some pseudoanonymity,
providing one is not doing anything which causes ZKS to revoke the
nym token. (As they have said they will do under various, not often
discussed, situations. This willingness to revoke nyms, even if the
nym are unlinkable (supposedly, and maybe even truly) to users, is
enough to make Freedom a lightweight system.
Will they get the hundreds of thousands of users they need?
>
>Let's be specific. Within a company like ZKS there are many factions.
>Some are pushing for more privacy. Others for ease of use. Others want
>more centralized control to protect against liability. Some call
>for releasing the source, others are fearful that this will lead to
>independent versions which will undercut ZKS' business model.
>
>These debates don't take place in a vacuum. They are influenced by
>outside forces. Companies respond to the pressures they experience.
>Investors push one way, government regulators push another, potential
>business customers have their own agendas.
They located in a country where there are laws against hate speech,
where the press is subject to prior restraint, and where Holocaust
revisionism is a crime. And a country where radfems like Andrea
Dworkin and Catherine McKinnon were able to help push through laws
which the U.S. wisely rejected.
Wait until the first death threats directed at the Canadian PM go
through Freedom. Or the first bestiality pics are advertised. Or,
horrors, someone uses Freedom to explain how the Holocaust was highly
exaggerated. The RCMP and Company will be on ZKS like stink on shit.
When ZKS smiles politely and says nothing can be done, watch for the
installation of packet sniffers and any other tricks to reveal a
nym's identity (*).
(I can't speak with authority, as I don't know the details of how
Freedom works, but it seems the usual trickery would apply: delay
packets to cause users to resend items, use correlations between such
delayed packets and users to deduce probable nym/name correlations.
The stuff that has been talked about with Mixmaster-type remailers.
And the stuff which requires a lot of work to fix in mix nets, a la
Chaum, the Pfitzmanns, etc. Saying that Freedom is immune to the
collusive attacks which Chaum et. al. started studying a dozen years
ago seems...well, it seems farfetched. I would expect to see at least
as many Crypto papers attacking/probing Freedom as we have seen doing
the same with mixes before I would trust Freedom.)
>
>When cypherpunks are silent, it actually undercuts the positions of
>those within ZKS who would most support cypherpunk goals. It allows the
>other factions to say that privacy issues are not the most important,
>because even the staunchest privacy advocates, the paranoid cypherpunks,
>are accepting of the current product and willing to wait.
We have not been silent. I engaged Stefan Brands in a long debate a
few months back. I can't help it that others have not participated.
(Frankly, I don't think there are more than a dozen active posters
here anymore. Maybe the big debates on Freedom are happening over on
Perrypunks or Lewispunks, but I'm not on their lists.)
>
>The well intentioned kindness and patience which cypherpunks have
>expressed towards ZKS is undoubtedly a major contributing factor for
>why so little has been done to address the privacy lapses which Tim
>May describes. Cypherpunks have themselves to blame for allowing this
>to happen.
I've seen no one here endorsing or supporting Freedom. In fact,
except for a few waves of "*.freedom.net" posts a few months back, I
don't see anyone here using it. Which surprises me. If people here
are not using it, albeit with its casual-grade limitations, then what
hope is there that Joe Sixpack will start using it?
(Is it readily available now? Is the Mac version out yet? I know
someone was talking about using the Windows version running inside a
password-secured Windows session on a Mac--using either Virtual PC or
SoftWindows--but I haven't seen this user mentioning this in a while.
And while I have Virtual PC 3.0 w Windows 98 available for my Mac G4,
it's not something I fire up very often.)
>
>Criticizing the company is not disloyal. Turning up the heat when they
>fail to follow through on their promises is not unfriendly. Cypherpunks
>are actually helping their friends and allies within ZKS when they plainly
>state how unacceptable is the current state of the product with regard
>to privacy. Only when the company senses that cypherpunks are losing
>patience, that they are in danger of seeing articles appear in Wired
>or the Times saying that the company's dedication to privacy is being
>questioned, will they increase the priority of fixing these problems.
Agreed. But, to repeat myself one last time, I think there's more a
"yawning silence" than any sense of "loyalty" at work here. No one
from "Wired" or "The New York Times" is asking for our analysis, so
there articles say what they usually say.
I hate press releases more than most folks. A well-known
Cypherpunks-dominated company used to issue press releases in which
the press release would have commentary from the president, almost as
if a reporter was writing the story.
CORRALITOS, CA, June 13, Entropic Systems announced today that Press
Release Generator 2.0 is now available. According to company
president Tim May, "This software represents a new highwater mark for
generating press releases which give the appearance of being
newspaper stories. Reporters can simply paste the quotes provided
into stories, thus saving many minutes of background research."
It seems to be the way reporters write their stories, not counting
the first tier of journalists who can read between the lines.
So we see the blizzard of quotes from HavenCo, ZKS, C2, all with
canned quotes ready for insertion into news stories.
Our "silence" in these stories is thus understandable.
--Tim May
--
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.
