internet legal insurance provider (Re: ZKS makes the WSJ (again))
Anonymous writes: > You'd think the one area where there would be a market for > reasonably good untraceability is online discussion boards, > particularly the financial forums. Every week there is an article > about another company suing its online critics. And so far the > yahoos and aols have just rolled over and provided the real > identities behind the flimsy protection of nicknames. ZKS nyms may be value for money as legal insurance alone :-) The value for money depends upon the probability of being sued, and the cost of defence if one is sued, compared to the cost of the insurance ($50/year). The probability of being sued depends on the poster, and the forums. What does it cost these days in the US to defend oneself against a bullshit defamation suit? > A good quality anonymous message board would be highly attractive. What do you need specialised message boards for? Just use the existing message boards anonymously. (Are yahoo et al asking for strong proof of identity?) It's more useful to be able to participate in existing messaging boards, as they have the preexisting critical mass of users. > While we're fantasizing, let's imagine that it uses some kind of > crypto credential system to prevent abuse. Is this feasible? I'm not personally sure that abuse prevention is a big deal. What does abuse mean in an online discussion forum? Surely all these forums already deal with "abuse" -- some delete messages as they see fit, or ignore it if they want to avoid the risk of being seen as editing the material and losing common carrier status, or only remove messages upon receipt of a court order from a court they recognise. Ecash might be nice to stop volume type abuses (post too much, and fill up the discussion forum). Distributing ratings such as NoCEm [1] are a good way to make it easier to skip junk you aren't interested in. Adam [1] NoCeM http://www.cm.org/
RE: ZKS makes the WSJ (again)
At 6:14 PM -0400 6/13/00, Declan McCullagh wrote: >At 09:23 6/13/2000 -0700, Tim May wrote: >>If ZKS crashes and burns with an investment pool of several tens of >>millions of dollars--someone told me they'd raised more than >>US$75M, but I haven't looked closely--then "educated investors" >>will likely avoid this type of market. > >At CFP, ZKS told me they had 200 employees and were growing fast, >were about to open a bay area office. Let's say they're at 250 now, >and each employee costs them $100,000 a year (hardly inconceivable, >including benefits, overhead, salary).\ This is the estimate I used as well, of course. It could be low by a factor of 2. (Loaded rate depends on benefits, taxes due, office costs, etc. Programmers in the Bay Area are averaging $70-120K in W-2 pay, so their loaded rate is probably $120-200K. Lower in Canada. Lower for other types of workers. Stock options can suppress pay somewhat. Still, "200 employees and growing fast" means they'd better be hauling in some mighty good revenues mighty soon, before they light the afterburners one last time.) > >ZKS said in Sep 99 they had raised $12 million in a first round, and >in Jan 2000 $25 million. Let's call it $40 million. >(http://www.zeroknowledge.com/media/pressrel.asp) > >Their burn rate, however, has to be something like 250 employees * >$100,000 = $25 million/year. So since they've been around for a few >years now (albeit with a smaller number of employees in 1999), >they'd probably have at most a year's worth of cash on hand. > >Offsetting that, as an income stream, would be the deals with ISPs >and a probably relatively small revenue stream from individual >subscribers. I don't see either as generating tens of millions of >dollars. In a pinch, they could raise more cash in a hurry, but that >would be at terms disfavorable to ZKS founders and first-round >investors and would mean ceding control of the company. And my rough calculations didn't include the cost of the network bandwith, nodes, etc. The kickbacks to those who host traffic of course comes out of the per-seat revenue ZKS takes in. Try as I do, I can't see how enough users will sign up to pay the overhead we're talking about here, let alone to pay back the investors (in the usual means). If deals are being worked out with ISPs, the revenues per user clearly will be lower than $50 each. For example, AOL might offer Freedom to its users for some discounted price. Unlikely that ZKS would realize anything close to $50 per seat, certainly not for all of AOL's tens of millions of customers. (I'd venture that 10% of all AOL users might be willing to pay as much as $2 a month extra for the Freedom services. Do the math. And then there's the issue of liability and subpoenas for AOL. They've shown a willingness in the past to eagerly help prosecutors, investigators, etc. Will AOL really be happy having Freedom nyms posting untraceably?) --Tim May -- -:-:-:-:-:-:-: Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
RE: ZKS makes the WSJ (again)
At 9:20 PM + 6/13/00, lcs Mixmaster Remailer wrote: >Tim May writes: > >> The fact that some fine people work for ZKS should cause us to give >> them a pass on such important issues. > >Of course he meant the opposite (no doubt a correction will have >appeared in the many hours it takes for remailed messages to appear). Yes, I meant to say "should not cause us." (A mental glitch which happens too often...in my head I'm hearing an emphasis on "not," but then it gets skipped in the typing process.) >The shameful silence of cypherpunks has given ZKS a free ride on their >lack of security for far too long. I don't characterize it as "shameful." Nor has their been silence. Many folks have weighed in with comments, based on what little has been revealed. I'd say, rather, that few on this list are trumpetting Freedom as some kind of realization of long-term, long-held, central goals of many on the list. Freedom appears to be what we've been characterizing it as: a casual way of obtaining some pseudoanonymity, providing one is not doing anything which causes ZKS to revoke the nym token. (As they have said they will do under various, not often discussed, situations. This willingness to revoke nyms, even if the nym are unlinkable (supposedly, and maybe even truly) to users, is enough to make Freedom a lightweight system. Will they get the hundreds of thousands of users they need? > >Let's be specific. Within a company like ZKS there are many factions. >Some are pushing for more privacy. Others for ease of use. Others want >more centralized control to protect against liability. Some call >for releasing the source, others are fearful that this will lead to >independent versions which will undercut ZKS' business model. > >These debates don't take place in a vacuum. They are influenced by >outside forces. Companies respond to the pressures they experience. >Investors push one way, government regulators push another, potential >business customers have their own agendas. They located in a country where there are laws against hate speech, where the press is subject to prior restraint, and where Holocaust revisionism is a crime. And a country where radfems like Andrea Dworkin and Catherine McKinnon were able to help push through laws which the U.S. wisely rejected. Wait until the first death threats directed at the Canadian PM go through Freedom. Or the first bestiality pics are advertised. Or, horrors, someone uses Freedom to explain how the Holocaust was highly exaggerated. The RCMP and Company will be on ZKS like stink on shit. When ZKS smiles politely and says nothing can be done, watch for the installation of packet sniffers and any other tricks to reveal a nym's identity (*). (I can't speak with authority, as I don't know the details of how Freedom works, but it seems the usual trickery would apply: delay packets to cause users to resend items, use correlations between such delayed packets and users to deduce probable nym/name correlations. The stuff that has been talked about with Mixmaster-type remailers. And the stuff which requires a lot of work to fix in mix nets, a la Chaum, the Pfitzmanns, etc. Saying that Freedom is immune to the collusive attacks which Chaum et. al. started studying a dozen years ago seems...well, it seems farfetched. I would expect to see at least as many Crypto papers attacking/probing Freedom as we have seen doing the same with mixes before I would trust Freedom.) > >When cypherpunks are silent, it actually undercuts the positions of >those within ZKS who would most support cypherpunk goals. It allows the >other factions to say that privacy issues are not the most important, >because even the staunchest privacy advocates, the paranoid cypherpunks, >are accepting of the current product and willing to wait. We have not been silent. I engaged Stefan Brands in a long debate a few months back. I can't help it that others have not participated. (Frankly, I don't think there are more than a dozen active posters here anymore. Maybe the big debates on Freedom are happening over on Perrypunks or Lewispunks, but I'm not on their lists.) > >The well intentioned kindness and patience which cypherpunks have >expressed towards ZKS is undoubtedly a major contributing factor for >why so little has been done to address the privacy lapses which Tim >May describes. Cypherpunks have themselves to blame for allowing this >to happen. I've seen no one here endorsing or supporting Freedom. In fact, except for a few waves of "*.freedom.net" posts a few months back, I don't see anyone here using it. Which surprises me. If people here are not using it, albeit with its casual-grade limitations, then what hope is there that Joe Sixpack will start using it? (Is it readily available now? Is the Mac version out yet? I know someone was talking about using the Windows version running inside a password-secured Windows session on a Mac--using either
RE: ZKS makes the WSJ (again)
At 09:23 6/13/2000 -0700, Tim May wrote: >If ZKS crashes and burns with an investment pool of several tens of >millions of dollars--someone told me they'd raised more than US$75M, but I >haven't looked closely--then "educated investors" will likely avoid this >type of market. At CFP, ZKS told me they had 200 employees and were growing fast, were about to open a bay area office. Let's say they're at 250 now, and each employee costs them $100,000 a year (hardly inconceivable, including benefits, overhead, salary). ZKS said in Sep 99 they had raised $12 million in a first round, and in Jan 2000 $25 million. Let's call it $40 million. (http://www.zeroknowledge.com/media/pressrel.asp) Their burn rate, however, has to be something like 250 employees * $100,000 = $25 million/year. So since they've been around for a few years now (albeit with a smaller number of employees in 1999), they'd probably have at most a year's worth of cash on hand. Offsetting that, as an income stream, would be the deals with ISPs and a probably relatively small revenue stream from individual subscribers. I don't see either as generating tens of millions of dollars. In a pinch, they could raise more cash in a hurry, but that would be at terms disfavorable to ZKS founders and first-round investors and would mean ceding control of the company. -Declan (copied to ZKS pr for authoritative response)
RE: ZKS makes the WSJ (again)
> Personally, I think the market for casual-grade untraceability is > limited. Which is not to say that the market for high-grade > untraceabily is any better. Most people don't think much about > security. You'd think the one area where there would be a market for reasonably good untraceability is online discussion boards, particularly the financial forums. Every week there is an article about another company suing its online critics. And so far the yahoos and aols have just rolled over and provided the real identities behind the flimsy protection of nicknames. In today's litigious world, anyone who publicly posts articles critical of the policies or management of a business must be aware of the dangers. A good quality anonymous message board would be highly attractive. While we're fantasizing, let's imagine that it uses some kind of crypto credential system to prevent abuse. Is this feasible?
RE: ZKS makes the WSJ (again)
At 6:18 AM -0700 6/13/00, Patrick Henry wrote: >Lucky Green spoke thusly: > >>Present-day Freedom simply isn't of any significant interest to many privacy >>conscious customers. I suspect ZKS' sales figures are reflecting that fact. > >Your point is well taken that ZKS' service does not meet the standards of the >dyed-in-the-wool cypherpunk. There is no such thing as 100% >security anyway. I suspect >that most of the compromises that ZKS made are due to commercial >realities. My point is >that they DID successfully launch a service (we'll see how long it >lasts), and they DID >succeed in getting widespread press for it. Now various people >around the globe are >reading about the service and learning about the advantages of >pseudonymity. The next >time someone wants to start a better, more secure service, there >will be many more >educated investors willing to underwrite such a venture. Perhaps not. Would-be investors who see ZKS fail will not necessarily be more willing to underwrite similar projects. If ZKS crashes and burns with an investment pool of several tens of millions of dollars--someone told me they'd raised more than US$75M, but I haven't looked closely--then "educated investors" will likely avoid this type of market. What Lucky said is basically correct. The Freedom network has numerous flaws (*) which make it even less interesting than the Cypherpunks remailers of some years back. (* Covered many times: Source code not examined. Underlying mix/anonymizing protocols not public. Single point of failure for attack by legislators, fatwah saboteurs, etc. No reliance on multiple hops, as DC Net and Crowds/Onions and Cypherpunks systems use.) The fact that some fine people work for ZKS should cause us to give them a pass on such important issues. Whether there are enough people who think some degree of untraceability is good but who are no sophisticated enough to realize that Freedom currently is not offering a "full strength" product is an interesting question. The fact that both ZKS and HavenCo have fixed, identifiable headquarters, and the fact that both have made noises about placing limits on what users do with their systems (**) is telling. (** ZKS said they will cancel the accounts of those who use Freedom to transmit/post various kinds of illegal (?) information. In Canada, this could include using Freedom to evade the laws forbidding hate speech! HavenCo has similarly talked about "information illegal in the originating country" being yanked. In both cases, the single point of failure makes government pressure likely.) Personally, I think the market for casual-grade untraceability is limited. Which is not to say that the market for high-grade untraceabily is any better. Most people don't think much about security. My hunch has long been that the people willing to pay for untraceability ("pay" in terms of paying $$, accepting certain packet delays, upgrading equipment, etc.) are those with monetary benefits in untraceability: dealers in various items, pornographers of various sorts, sellers of military secrets, political activists who face strong sanctions or death if discovered, and so on. These are the main users we in the Cypherpunks movement have discussed for so many years. How long will ZKS let "LolitaLover" use Freedom for selling pictures of children? How long will HavenCo tolerate the "Women without Veils" (***) site? (*** Someone came up with this "Women without Veils" meme some months back. Makes the case wonderfully.) For HavenCo, what exactly does "country of origin" mean? If Iranian dissidents in Belgium use HavenCo to post pictures of Rafsanjani having morphed sex with a pig, is the "country of origin" Belgium or Iran...or an ISP in the U.S.? In any case, this won't stop enraged mullahs in Teheran from issuing a fatwah against HavenCo. And so on. This is well-trod ground. Good luck to them both, but I really don't see their models as being especially interesting. If HavenCo only spent a million bucks, as "Wired" is reporting, then they're a shoestring operation and they may be able to make money by co-locating certain sensitive files, though not the "outrageous" files which will invited SEAL saboteurs and crazed Iranians. We'll see. If ZKS has really taken in $30 million, let alone $50 million or more, I really have a hard time seeing how they'll find enough paying customers. We'll see. In a couple of years this should all be clearer. It may be that both HavenCo and ZKS will tweak their business models to adjust to whatever realities emerge. I'll watch with interest. --Tim May -- -:-:-:-:-:-:-: Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon"
RE: ZKS makes the WSJ (again)
Lucky Green spoke thusly: >Present-day Freedom simply isn't of any significant interest to many privacy >conscious customers. I suspect ZKS' sales figures are reflecting that fact. Your point is well taken that ZKS' service does not meet the standards of the dyed-in-the-wool cypherpunk. There is no such thing as 100% security anyway. I suspect that most of the compromises that ZKS made are due to commercial realities. My point is that they DID successfully launch a service (we'll see how long it lasts), and they DID succeed in getting widespread press for it. Now various people around the globe are reading about the service and learning about the advantages of pseudonymity. The next time someone wants to start a better, more secure service, there will be many more educated investors willing to underwrite such a venture. --PH __ Get Your Free Email from http://www.hotml.com