Re: Will ZKS's Freedom protect Canadian or American Dissidents
> And what if the Freedom node from whence the offending material > originates is in Turkey? Not illegal in Turkey, maybe illegal in > Canada... > > The parallels are obvious. > > The weakness of ZKS is its fastidiousness about "applicable laws" > when we're talking about the Internet! Somebody should send them an email an encourage them to host at havenco.com Jason
Join PhotoPoint in Saving Our National Parks
In this edition of PhotoPoint Flash, our bimonthly newsletter ~ Performance update ~ 'One For The Parks' program ~ Introducing our new Community Magazine ~ Send us your hi-res photos ~ Win a digital camera in our member survey ~ Last chance to enter the Father's Day Sweepstakes __ This issue of the PhotoPoint Flash newsletter is sponsored by NextCard. Customize your NextCard Visa with any photo! It's easy! Plus, get great rates as low as 2.9% Intro or 9.9% Fixed APR. All in under 30 seconds! Apply now at http://www.photopoint.com/redirects/nextcard.html __ Performance Update Some users of PhotoPoint.com may have experienced delays over the last few days. The problem - which has now been resolved - came from outside PhotoPoint in the form of an attempted "denial of service" attack, similar to those launched against eBay, Amazon and Yahoo! in recent months. In such attacks, unknown persons (for unknown reasons!) attempt to flood a site with frivolous service requests, solely for the purpose of slowing site performance. For those who were affected by this problem, we apologize. Rest assured, however, that even in such circumstances, your photos were never at risk. In addition, we have taken measures to identify the source of the attacks, and to prevent any future incidents. ___ Use Your Photos To Save Our National Parks America's priceless treasures are in danger. After decades of record crowds and budget cuts, the National Parks need billions of dollars in repairs and preservation. And we can help. PhotoPoint.com is proud to announce 'One For The Parks,' our powerful new email greeting campaign to encourage our government to devote 1% of the federal budget surplus to America's National Parks. Just create a free PhotoPoint personalized email greeting, using your favorite picture of the Parks or one from the PhotoPoint National Parks Gallery, and we'll send it to your Senators and President Clinton. Take advantage of this free and easy way to show your support for preserving the National Parks for our children and our children's children. Make sure your voice is heard - and your favorite National Parks photo is seen - in Washington. Send 'One For The Parks' at http://www.photopoint.com/poftp/page_five.html ___ Time's Running Out on Our Father's Day Contest Just a few days left to enter to win a scanner for Dad in the Father's Day Sweepstakes, sponsored by PhotoPoint.com and AmazingMail.com. Entries close at midnight Eastern time, Saturday, June 17th - just as Father's Day begins! To enter, just send an AmazingMail postcard, personalized with your favorite photo and greeting. For each card you send, you'll be entered to win a free Acer 640BU push-button scanner - a $129 value. Your first three AmazingMail postcards are FREE! After that, they're just 99 cents each. Send yours now and enter to win in the Father's Day Sweepstakes at http://www.photopoint.com/special/fathersday.html If you're shopping for gifts, be sure to stop by the Digital Store at PhotoPoint for gadgets galore. How about a coffee mug, notepad, or other gift, personalized with your favorite PhotoPoint photo - for Dad, a grad, or anyone you want to celebrate this summer. Pick your gifts now at http://www.photopoint.com/store/index.html ___ NEW! Great Reading at PhotoPoint.com: In Our New Community Magazine Now you can learn how to photograph bleeding hearts, bug-eyed frogs, and much more - all in PhotoPoint's new Community Magazine. We're signing up some of the best names in photography to bring you informative, inspiring, and entertaining articles. For starters, we're honored to have Peter Burian, co-author of the book 'National Geographic Photography Field Guide - Secrets to Making Great Pictures,' as managing editor of the magazine. Besides finding and commissioning great articles, Peter will also write for us on a regular basis. Read his first piece on taking high-impact travel photos. And be sure to check out the other articles on capturing the beauty of your garden in photos, tips for making sharp images, and the amazing world of digital cinematography, Hollywood-style. Great reading, waiting for you now in PhotoPoint's new Community Magazine at http://www.photopoint.com/community/magazine/index.html ___ We Want YOUR Hi-Res Photos We're always looking for great shots to use as decor on our office walls and in our marketing materials - and we can't think of any photos we'd rather use than our members' best shots. Got something you think we could use? If you have a favorite photo that you would like us to look at, send the link to mailto:[EMAIL PROTECTED]. Please, no naughty or embarrassing stuff. ___ Tell Us How to Make PhotoPoint Better - and Win! We want PhotoPoint to be everything you want it to be. Tell us what that is - and we'll enter your name in a draw to win a free digital camera. Our online member survey is quick and easy - just
Will ZKS's Freedom protect Canadian or American Dissidents
We understand how Freedom will protect the rights of Turkish or Chinese dissidents, at least until Interpol and interlocking police enforcement enter the picture. But what of Canadian dissidents who are doing precisely what their Chinese equivalents are doing/ From their Web site, this excerpt about why Freedom is needed: "How will Freedom improve free speech online? Dissidents in many regimes are persecuted for exercising their right to free speech. Lin Hai was arrested in China on March 25, 1998, and charged with "inciting to overthrow state power" for providing 30,000 Chinese email addresses to a human rights group. Emre Ersoz, a teenager, was sentenced by a Turkish court to 10 months suspended jail time for making comments about the police while participating in a daily on-line forum. Using Freedom, people like Lin Hai and Emre Ersoz can voice their concerns and beliefs without fear of retribution. Similarly, journalists and human rights workers can use Freedom to protect their communications in countries where freedom of speech and freedom of the press are not recognized. " OK, so let's consider some hypotheticals (hypos): 1. A dissident in Canada is using Freedom to coordinate an overthrow of state power. Does ZKS honor their above point, or do they pull the plug? 2. A journalist in Canada, or posting into Canada, is using the Freedom system during the highly-publicized Homolka-Teale case of some years back. Does ZKS claim that "journalists and human rights workers can use Freedom to protect their communications in countries where freedom of speech and freedom of the press are not recognized."? 3. A U.S. judge issues a gag order in a court case. Someone is using Freedom to post material covered by the gag order. In fact, many suspect the Freedom user is one of the trial attorneys. Does ZKS stand by its point about someone "making comments about the police while participating in a daily on-line forum."/ The point being the activities in both sets of cases, the ZKS examples and my examples, are illegal in their respective countries. I certainly hope ZKS does not claim that Lin Hai gets to incite the overthrow of the Chinese government using Freedom but that Joe Nym does not get to incite the overthrow of the Canadian government. And I surely hope that ZKS is not claiming that Freedom protects Emre Ersoz in Turkey but does not protect Joe Baptista in Canada during the Homolka-Teale case. And, as I emphasized in my last message, the laws of which country or countries? Canadian law, because ZKS is Canadian, or Barbadan law, because Barbados is the country of the user contract? Or U.S. law, because Canada usually capitulates to U.S. law on sensitive issues? And what if the Freedom node from whence the offending material originates is in Turkey? Not illegal in Turkey, maybe illegal in Canada... The parallels are obvious. The weakness of ZKS is its fastidiousness about "applicable laws" when we're talking about the Internet! -Tim May -- -:-:-:-:-:-:-: Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
ZKS -- This is some seriously bad stuff
I've been reading the ZKS license agreement at their Web site (www.zks.net). It sure looks like they reserve the right--and will likely use it freely, given the boilerplate--to cancel a nym on essentially the mere suspicion that some kind of "abuse" is involved. Abuse meaning: complaints, over use of the nym, too much traffic, legal concerns, pornography, etc. The legal agreement is at http://www.freedom.net/legal-useragreement.html. Here are a few excerpts (posting of which apparently would be grounds for having my nym cancelled, were I signed up): --begin excerpt-- "3.3You agree that ZKS retains the right, but not the obligation, to restrict or terminate your use of any Identity or the Freedom Network at any time, if ZKS, in its sole discretion, determines that you are in violation of this agreement, which includes the ZKS Freedom Network Policies. You agree that, if ZKS determines that you are in violation of this agreement, any restriction or termination of your use of any Identity or the Freedom Network may be effective immediately, without prior notice. You agree that ZKS will have no liability to you for any restriction or termination of your use of the Freedom Network pursuant to such violation. "3.4You agree that if ZKS terminates an Identity or your access to the Freedom Network as a result of your violation of ZKS' Freedom Network Policies, you forfeit any right to any credit or refund of any amount paid with respect to that Identity, such forfeiture being agreed to by you and ZKS as liquidated damages and not as a penalty. " --end excerpt-- (There's also a bunch of stuff about how ZKS may change the rates at any time and the only recourse of a customer is to cancel his account, no refunds possible.) As to restrictions on content ("Content" in the contract), there is much about illegal material, violations of copyright, "applicable laws" (in which country, by the way? Barbados, which is their contract country, or Canada?), etc. (By the way, if Barbados is the country for which the "applicable laws" bit applies, why have liasons with the Canadian government? And if ZKS doesn't know anything about the meatspace identity of a nym, what other laws besides Barbado law (directly) or Canadian law (practically) could conceivably apply? My hunch, not supportable by concrete evidence at this time, is that ZKS will cancel accounts based on the merest whiff of unsavoriness. It will be interesting to see what is legal in Barbados but illegal in Canada and see if they cancel.) Here's another excerpt: --begin excerpt-- 5.3 You agree not to transmit Content using your Identity or otherwise over the Freedom Network that is subject to another party's Rights through the Freedom Network without that party's express permission. Should ZKS become aware of any breach of this undertaking, such transmission: 5.3.1 may result in termination of this agreement, and 5.3.2 may result in civil or criminal liability. --end excerpt-- ZKS may then cancel a nym, and pocket the $50 or whatever that was prepaid, for what is now very common Internet behavior. We'll see how often they exercise this right of cancellation. Will they? Unclear. But it's interesting to note how much space is devoted to laying out the many circumstances that they will use for cancelling an account. Their stance on child porn: "In the case of individuals who wish to spread child pornography using a freedom account, Zero-Knowledge deals with these individuals in the same manner as any service provider would. We endeavor to shut down the account. " Advertisement posted via FreedomNet to a Usenet group: "Two young males frolic in the nude with 9-year-old female. Uncut, fun, not to be missed. Post a public key to alt.sexy.kitties." Given that Freedom doesn't know the precise content, will they cancel or not cancel? Except for the fact that their monitors will be fielding complaints constantly, I'll bet that if some bluenose complains they'll cancel. (*) "Illegal Activities" Consider this excerpt: 'How does Zero-Knowledge limit criminal abuse of Freedom? Zero-Knowledge is certainly concerned about the possibility that our technology may be used by some individuals to pursue illegal activities. For this reason we are reaching out to law enforcement agencies in an effort to educate them about our product, listen to their concerns, and, most importantly, show them how they can use our technology to 'go undercover' to combat illegal activity. Moreover, although the actual identity behind a Freedom pseudonym is not readily identifiable, the individual's activities are tied to that pseudonym, which means the offending activities can be prevented by turning off a nym if required by law enforcement. In other words, Zero-Knowledge reserves the right to delete any nyms or restrict nyms' activities for participating in criminal activity via the Freedom Network or otherwis
Updated crypto RNG paper available
I have released an updated version of my 1998 Usenix Security Symposium paper "Software Generation of Practically Strong Random Numbers", this version is more than twice as long as the original and includes a lot more information than there was room for originally. You can get it from http://www.cs.auckland.ac.nz/~pgut001/pubs/random2.pdf (broken formatting courtesy of Microsofts postscript drivers :-). The updated version looks at the requirements for a software-based generator, examines some existing ones (AC2, X9.17, PGP 2.x, PGP 5.x, /dev/random, Skip, ssh, SSLeay/OpenSSL, Capstone/Fortezza, and PIII) and points out problem areas (I notified anyone who might be affected a month or two back), and then presents an updated and extended design for what I hope is a reasonably secure and appropriately paranoid generator. Since the topic of crypto RNG's seems to come up every six months or so (the last time being last week) I hope this information is of use to people. Peter.
replacement for winkrypt
Can you recommend a replacement program for winkrypt to encrpt .jpg photos. I use windows 98 and winkrypt doesn't work with 98'
FBI wiretaps increased on Y2K pretext
FBI wiretaps increased on Y2K pretext By: Thomas C Greene in Washington Posted: 12/06/2000 at 12:40 GMT http://www.theregister.co.uk/content/1/11308.html > The US Foreign Intelligence Surveillance Act of 1978 (FISA), which restricts some >government surveillance related to terrorist investigations, was massaged >considerably during the Millennium rollover to enable quick and dirty wiretaps of US >residents who would otherwise have been beyond its authority, National Commission on >Terrorism Chairman Paul Bremer revealed during testimony before the Senate >Intelligence Committee last week. -- --Kaos-Keraunos-Kybernetos--- + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\ \|/ :aren't security. A |share them, you don't hang them on your/\|/\ <--*-->:camera won't stop a |monitor, or under your keyboard, you \/|\/ /|\ :masked killer, but |don't email them, or put them on a web \|/ + v + :will violate privacy|site, and you must change them very often. [EMAIL PROTECTED] http://www.sunder.net
Musings on the Economics of ZKS
At 4:58 PM + 6/13/00, Anonymous wrote: > > Personally, I think the market for casual-grade untraceability is >> limited. Which is not to say that the market for high-grade >> untraceabily is any better. Most people don't think much about >> security. > >You'd think the one area where there would be a market for reasonably good >untraceability is online discussion boards, particularly the financial >forums. Every week there is an article about another company suing its >online critics. And so far the yahoos and aols have just rolled over and >provided the real identities behind the flimsy protection of nicknames. But most people obviously don't _think_ they're going to be sued. In fact, there are tens of thousands of chatters in groups/boards like Raging Bull, Silicon Investor, misc.invest, and so on, and yet only a small number actually get sued. Unless and until ZKS spreads more FUD--which is probably a good marketing ploy--most users will be happy with very casual security. (And as I will be discussing below, even if ZKS were to successfully scare a lot of users into adopting their product, I question whether the _numbers_ of customers needed to make ZKS a wise investment will ever be seen. I calculate, below, that ZKS will need about 300,000 Freedom customers per year to do even moderately well. Fewer than about that number and they are burning through their cash. Way above that number and they may do very well indeed.) Silicon Investor charges money. I got in on the "free account" deal when SI started...then they claimed to have no record of me and now they want $125 a year for membership. (The level of discourse is abysmal. Most posts are one-liners, due to lack of good quoting software and due, I presume, to the "repartee" mode. Articles like mine, like this one, are longer than all but a very few SI posts. Why bother? I certainly am not going to pay SI any money.) SI is now bundling memberships with E-trade sign-ups. Even finding out how to pay them the $125 is not easy to find on their Web site. My assumption is that so few folks are shelling out $125 to joint a chat room that they are de-emphasizing this mode. (TheStreet.com is also finding that most customers won't pay for their Web site. They are structuring their business plan.) The issue they face, and Web sites face, and PGP/NAI faces, and ZKS faces, is that most people simply don't want to be bothered with paying for things they aren't convinced they'll need. And most Web sites are not needed. I said many years ago that computer security will be driven, eventually, by insurance costs. As with safes (vaults), better safes were bought because insurance premiums were lower with better safes. Insurance companies have a way of calculating costs and computing the net present value (NPV) of buying a better safe. The merchant who has never been robbed and so thinks he never _will_ be robbed is not the guy driving the development of better safes. Analogies with crypto are obvious. Joe Sixpack is not likely to pay anything for PGP and probably won't pay ZKS $50 for the privilege of having pseudonyms. Terry the Terrorist may, but only if the system is truly robust. Perry the Pedophile almost certainly will, but will get royally pissed if ZKS cancels his nym for "abuse." (I told Austin and Hammie a year and a half ago that one of the first accounts I plan to set up with ZKS will be accounts like these. Not necessarily real terrorism or real pedophile uses, but the _appearance_ of such uses. Then I'll report to the world what happens to them. Not because I want ZKS to fail, but because a nym system which cannot even be used thusly is doomed.) Hey, I have real problems figuring out how ZKS ever makes money by collecting only $50, if they get even that, for customers for life. Crunching the numbers for their burn rate, the expected ROI on the X million they've raised, numbers of customers, etc., is not something I'm going to do unless more hard numbers come my way, but the basics are clear: just the annual bond yield on, for example, $50 million, would be about $4 - 7 million, depending. And their 100 or more employees, plus office space, plus other costs, must be running above $10 million a year. (Figuring a loaded rate of at least $100K per employee. This may be lower if stock options are considered, but not by too much. And it coudl be higher, depending on office lease rates up there.) So, investors face a "delta" between what they could have done with their money and what they actually did with it of about $15 million on a ballpark figure of $50m in investments. The customers must pay fees sufficient to make up the difference. (This is a weird way of computing ROI, I'll grant you. But I'm making so many assumptions, based on ballpark estimates, that this "back way in" is the only way that makes sense right now. How many customers does ZKS need to meet even the basics of p
RE: ZKS makes the WSJ (again)
At 6:14 PM -0400 6/13/00, Declan McCullagh wrote: >At 09:23 6/13/2000 -0700, Tim May wrote: >>If ZKS crashes and burns with an investment pool of several tens of >>millions of dollars--someone told me they'd raised more than >>US$75M, but I haven't looked closely--then "educated investors" >>will likely avoid this type of market. > >At CFP, ZKS told me they had 200 employees and were growing fast, >were about to open a bay area office. Let's say they're at 250 now, >and each employee costs them $100,000 a year (hardly inconceivable, >including benefits, overhead, salary).\ This is the estimate I used as well, of course. It could be low by a factor of 2. (Loaded rate depends on benefits, taxes due, office costs, etc. Programmers in the Bay Area are averaging $70-120K in W-2 pay, so their loaded rate is probably $120-200K. Lower in Canada. Lower for other types of workers. Stock options can suppress pay somewhat. Still, "200 employees and growing fast" means they'd better be hauling in some mighty good revenues mighty soon, before they light the afterburners one last time.) > >ZKS said in Sep 99 they had raised $12 million in a first round, and >in Jan 2000 $25 million. Let's call it $40 million. >(http://www.zeroknowledge.com/media/pressrel.asp) > >Their burn rate, however, has to be something like 250 employees * >$100,000 = $25 million/year. So since they've been around for a few >years now (albeit with a smaller number of employees in 1999), >they'd probably have at most a year's worth of cash on hand. > >Offsetting that, as an income stream, would be the deals with ISPs >and a probably relatively small revenue stream from individual >subscribers. I don't see either as generating tens of millions of >dollars. In a pinch, they could raise more cash in a hurry, but that >would be at terms disfavorable to ZKS founders and first-round >investors and would mean ceding control of the company. And my rough calculations didn't include the cost of the network bandwith, nodes, etc. The kickbacks to those who host traffic of course comes out of the per-seat revenue ZKS takes in. Try as I do, I can't see how enough users will sign up to pay the overhead we're talking about here, let alone to pay back the investors (in the usual means). If deals are being worked out with ISPs, the revenues per user clearly will be lower than $50 each. For example, AOL might offer Freedom to its users for some discounted price. Unlikely that ZKS would realize anything close to $50 per seat, certainly not for all of AOL's tens of millions of customers. (I'd venture that 10% of all AOL users might be willing to pay as much as $2 a month extra for the Freedom services. Do the math. And then there's the issue of liability and subpoenas for AOL. They've shown a willingness in the past to eagerly help prosecutors, investigators, etc. Will AOL really be happy having Freedom nyms posting untraceably?) --Tim May -- -:-:-:-:-:-:-: Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
RE: ZKS makes the WSJ (again)
At 9:20 PM + 6/13/00, lcs Mixmaster Remailer wrote: >Tim May writes: > >> The fact that some fine people work for ZKS should cause us to give >> them a pass on such important issues. > >Of course he meant the opposite (no doubt a correction will have >appeared in the many hours it takes for remailed messages to appear). Yes, I meant to say "should not cause us." (A mental glitch which happens too often...in my head I'm hearing an emphasis on "not," but then it gets skipped in the typing process.) >The shameful silence of cypherpunks has given ZKS a free ride on their >lack of security for far too long. I don't characterize it as "shameful." Nor has their been silence. Many folks have weighed in with comments, based on what little has been revealed. I'd say, rather, that few on this list are trumpetting Freedom as some kind of realization of long-term, long-held, central goals of many on the list. Freedom appears to be what we've been characterizing it as: a casual way of obtaining some pseudoanonymity, providing one is not doing anything which causes ZKS to revoke the nym token. (As they have said they will do under various, not often discussed, situations. This willingness to revoke nyms, even if the nym are unlinkable (supposedly, and maybe even truly) to users, is enough to make Freedom a lightweight system. Will they get the hundreds of thousands of users they need? > >Let's be specific. Within a company like ZKS there are many factions. >Some are pushing for more privacy. Others for ease of use. Others want >more centralized control to protect against liability. Some call >for releasing the source, others are fearful that this will lead to >independent versions which will undercut ZKS' business model. > >These debates don't take place in a vacuum. They are influenced by >outside forces. Companies respond to the pressures they experience. >Investors push one way, government regulators push another, potential >business customers have their own agendas. They located in a country where there are laws against hate speech, where the press is subject to prior restraint, and where Holocaust revisionism is a crime. And a country where radfems like Andrea Dworkin and Catherine McKinnon were able to help push through laws which the U.S. wisely rejected. Wait until the first death threats directed at the Canadian PM go through Freedom. Or the first bestiality pics are advertised. Or, horrors, someone uses Freedom to explain how the Holocaust was highly exaggerated. The RCMP and Company will be on ZKS like stink on shit. When ZKS smiles politely and says nothing can be done, watch for the installation of packet sniffers and any other tricks to reveal a nym's identity (*). (I can't speak with authority, as I don't know the details of how Freedom works, but it seems the usual trickery would apply: delay packets to cause users to resend items, use correlations between such delayed packets and users to deduce probable nym/name correlations. The stuff that has been talked about with Mixmaster-type remailers. And the stuff which requires a lot of work to fix in mix nets, a la Chaum, the Pfitzmanns, etc. Saying that Freedom is immune to the collusive attacks which Chaum et. al. started studying a dozen years ago seems...well, it seems farfetched. I would expect to see at least as many Crypto papers attacking/probing Freedom as we have seen doing the same with mixes before I would trust Freedom.) > >When cypherpunks are silent, it actually undercuts the positions of >those within ZKS who would most support cypherpunk goals. It allows the >other factions to say that privacy issues are not the most important, >because even the staunchest privacy advocates, the paranoid cypherpunks, >are accepting of the current product and willing to wait. We have not been silent. I engaged Stefan Brands in a long debate a few months back. I can't help it that others have not participated. (Frankly, I don't think there are more than a dozen active posters here anymore. Maybe the big debates on Freedom are happening over on Perrypunks or Lewispunks, but I'm not on their lists.) > >The well intentioned kindness and patience which cypherpunks have >expressed towards ZKS is undoubtedly a major contributing factor for >why so little has been done to address the privacy lapses which Tim >May describes. Cypherpunks have themselves to blame for allowing this >to happen. I've seen no one here endorsing or supporting Freedom. In fact, except for a few waves of "*.freedom.net" posts a few months back, I don't see anyone here using it. Which surprises me. If people here are not using it, albeit with its casual-grade limitations, then what hope is there that Joe Sixpack will start using it? (Is it readily available now? Is the Mac version out yet? I know someone was talking about using the Windows version running inside a password-secured Windows session on a Mac--using either
RE: ZKS makes the WSJ (again)
At 09:23 6/13/2000 -0700, Tim May wrote: >If ZKS crashes and burns with an investment pool of several tens of >millions of dollars--someone told me they'd raised more than US$75M, but I >haven't looked closely--then "educated investors" will likely avoid this >type of market. At CFP, ZKS told me they had 200 employees and were growing fast, were about to open a bay area office. Let's say they're at 250 now, and each employee costs them $100,000 a year (hardly inconceivable, including benefits, overhead, salary). ZKS said in Sep 99 they had raised $12 million in a first round, and in Jan 2000 $25 million. Let's call it $40 million. (http://www.zeroknowledge.com/media/pressrel.asp) Their burn rate, however, has to be something like 250 employees * $100,000 = $25 million/year. So since they've been around for a few years now (albeit with a smaller number of employees in 1999), they'd probably have at most a year's worth of cash on hand. Offsetting that, as an income stream, would be the deals with ISPs and a probably relatively small revenue stream from individual subscribers. I don't see either as generating tens of millions of dollars. In a pinch, they could raise more cash in a hurry, but that would be at terms disfavorable to ZKS founders and first-round investors and would mean ceding control of the company. -Declan (copied to ZKS pr for authoritative response)
Re: Jolly Roger
At 11:56 AM -0700 6/13/00, Michael Motyka wrote: >Fine, the intersection and union of our moral universes are equivalent. >How do you make it part of the legal system? It's probably hopeless. I was just taking issue with your "only morally acceptable" point. One scenario might be to make a citizen's arrest of a cop who is doing something illegal as part of an entrapment. Then make a stink that he is not being prosecuted. (I vaguely recall a case in recent years where an underaged cop wannabee was part of a sting of a liquor store. When the merchant discovered he was underaged, he held the kid and made a stink when the official cops arrived and released the kid.) Of course, dealing with cops this way could be a ticket to getting a nightstick shoved someplace. Which is why some folks advocate simply dealing with such scofflaws more directly, and from afar. (I'm not advocating anyone do this, but someone who has been "set up" in an entrapment is probably favorably disposed toward dealing with the cop with a hunting rifle from afar. Is it morally acceptable? You betcha.) > >We're all a bunch of rats looking for rat chow. If there is no reward we >just don't bother. Forcing courts to throw out entrapments and bear the >legal costs of defendants may be an adequate solution. Go for it, dude. Me, I don't have time to waste on such quixotic crusades. > >On another note, I heard a rumor that there might be some new, >pro-privacy, 1st Ammendment-based law or rulings on the seizure and >admissibility of personal writings. Any truth to that? Don't know, but most such rulings tend to be wrong-headed. The First is not about some sacrosanct right to have writings kept private, it is about whether the government can ban certain writings or speech or can impose prior restraint. The proper Amendment for issues of personal writings is of course the Fourth, not the First. The Fifth _may_ be implicated, but journals and letters are usually considered to be fair game, if discovered. All the usual stuff about illegal searches, fruit of the poisoned tree, etc. On a related note, reporters should have no rights that others don't have. So-called "shield laws" and laws about "protection of sources" are bogus. Reporters and writers are not in some special class. We are all covered by the First and Fourth Amendments, and the others constitutional provisions about trials, producing evidence, testifying, self-incrimination, etc. --Tim May -- -:-:-:-:-:-:-: Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
Re: Musings on the Economics of ZKS
Tim May wrote: >Hey, I have real problems figuring out how ZKS ever makes money by >collecting only $50, if they get even that, for customers for life. It's $50 per year...or you're assuming customers cancel after the first year? Don't rule out ZKS offering other services in the future, such as a digital wallet to go with each nym. They could get a piece of each transaction. I was daydreaming about this the other day in fact (perhaps it was the fever-induced delirium due to a bad cold). Imagine bartering your services through elance.com using one of your nyms. You then get paid with digital cash to your nym's wallet. (Perhaps ZKS offers an exchange service to convert meatspace to nymspace money during the bootstrap phase). Let's say ZKS also strikes a deal with Amazon.com to accept nym money. Hell, if Bezos has his way, you'll then be able to buy anything imaginable with your nym money. The only problem you'll have is how to explain to the Feds how you're paying for all these goodies arriving at your doorstep. I think there is a sizable percentage of the world's population that would willingly remove the greedy hand of government from financial transactions if they could be convinced that there would be no way of getting caught. Once you got to a certain critical mass, then the government would be forced to change its ways (by collecting revenues through service fees rather than taxes, for example). These concepts have been discussed in cypherpunk circles for over a decade of course, but the exciting part about what's going on today is that it's not too much of a leap of faith to imagine it actually happening, with existing internet companies, and soon. --PH __ Get Your Free Email from http://www.hotml.com
Musings on the Economics of ZKS
At 4:58 PM + 6/13/00, Anonymous wrote: > > Personally, I think the market for casual-grade untraceability is >> limited. Which is not to say that the market for high-grade >> untraceabily is any better. Most people don't think much about >> security. > >You'd think the one area where there would be a market for reasonably good >untraceability is online discussion boards, particularly the financial >forums. Every week there is an article about another company suing its >online critics. And so far the yahoos and aols have just rolled over and >provided the real identities behind the flimsy protection of nicknames. But most people obviously don't _think_ they're going to be sued. In fact, there are tens of thousands of chatters in groups/boards like Raging Bull, Silicon Investor, misc.invest, and so on, and yet only a small number actually get sued. Unless and until ZKS spreads more FUD--which is probably a good marketing ploy--most users will be happy with very casual security. (And as I will be discussing below, even if ZKS were to successfully scare a lot of users into adopting their product, I question whether the _numbers_ of customers needed to make ZKS a wise investment will ever be seen. I calculate, below, that ZKS will need about 300,000 Freedom customers per year to do even moderately well. Fewer than about that number and they are burning through their cash. Way above that number and they may do very well indeed.) Silicon Investor charges money. I got in on the "free account" deal when SI started...then they claimed to have no record of me and now they want $125 a year for membership. (The level of discourse is abysmal. Most posts are one-liners, due to lack of good quoting software and due, I presume, to the "repartee" mode. Articles like mine, like this one, are longer than all but a very few SI posts. Why bother? I certainly am not going to pay SI any money.) SI is now bundling memberships with E-trade sign-ups. Even finding out how to pay them the $125 is not easy to find on their Web site. My assumption is that so few folks are shelling out $125 to joint a chat room that they are de-emphasizing this mode. (TheStreet.com is also finding that most customers won't pay for their Web site. They are structuring their business plan.) The issue they face, and Web sites face, and PGP/NAI faces, and ZKS faces, is that most people simply don't want to be bothered with paying for things they aren't convinced they'll need. And most Web sites are not needed. I said many years ago that computer security will be driven, eventually, by insurance costs. As with safes (vaults), better safes were bought because insurance premiums were lower with better safes. Insurance companies have a way of calculating costs and computing the net present value (NPV) of buying a better safe. The merchant who has never been robbed and so thinks he never _will_ be robbed is not the guy driving the development of better safes. Analogies with crypto are obvious. Joe Sixpack is not likely to pay anything for PGP and probably won't pay ZKS $50 for the privilege of having pseudonyms. Terry the Terrorist may, but only if the system is truly robust. Perry the Pedophile almost certainly will, but will get royally pissed if ZKS cancels his nym for "abuse." (I told Austin and Hammie a year and a half ago that one of the first accounts I plan to set up with ZKS will be accounts like these. Not necessarily real terrorism or real pedophile uses, but the _appearance_ of such uses. Then I'll report to the world what happens to them. Not because I want ZKS to fail, but because a nym system which cannot even be used thusly is doomed.) Hey, I have real problems figuring out how ZKS ever makes money by collecting only $50, if they get even that, for customers for life. Crunching the numbers for their burn rate, the expected ROI on the X million they've raised, numbers of customers, etc., is not something I'm going to do unless more hard numbers come my way, but the basics are clear: just the annual bond yield on, for example, $50 million, would be about $4 - 7 million, depending. And their 100 or more employees, plus office space, plus other costs, must be running above $10 million a year. (Figuring a loaded rate of at least $100K per employee. This may be lower if stock options are considered, but not by too much. And it coudl be higher, depending on office lease rates up there.) So, investors face a "delta" between what they could have done with their money and what they actually did with it of about $15 million on a ballpark figure of $50m in investments. The customers must pay fees sufficient to make up the difference. (This is a weird way of computing ROI, I'll grant you. But I'm making so many assumptions, based on ballpark estimates, that this "back way in" is the only way that makes sense right now. How many customers does ZKS need to meet even the basics of p
Re: Jolly Roger
> > Personally, I think they ought to be tracked down and dealt with more > > directly. Cops who solicit illegalities need to be dealt with directly. > > > > But that's just my opinion. > > I think it should just be considered entrapment and made unusable in > court. That would end the problem right there. > That is the only acceptable way to treat entrapment. I'm too busy now but someday, in my golden years perhaps, a reverse sting could prove good entertainment. Like DOOM in meatspace.
RE: ZKS makes the WSJ (again)
> Personally, I think the market for casual-grade untraceability is > limited. Which is not to say that the market for high-grade > untraceabily is any better. Most people don't think much about > security. You'd think the one area where there would be a market for reasonably good untraceability is online discussion boards, particularly the financial forums. Every week there is an article about another company suing its online critics. And so far the yahoos and aols have just rolled over and provided the real identities behind the flimsy protection of nicknames. In today's litigious world, anyone who publicly posts articles critical of the policies or management of a business must be aware of the dangers. A good quality anonymous message board would be highly attractive. While we're fantasizing, let's imagine that it uses some kind of crypto credential system to prevent abuse. Is this feasible?
RE: ZKS makes the WSJ (again)
At 6:18 AM -0700 6/13/00, Patrick Henry wrote: >Lucky Green spoke thusly: > >>Present-day Freedom simply isn't of any significant interest to many privacy >>conscious customers. I suspect ZKS' sales figures are reflecting that fact. > >Your point is well taken that ZKS' service does not meet the standards of the >dyed-in-the-wool cypherpunk. There is no such thing as 100% >security anyway. I suspect >that most of the compromises that ZKS made are due to commercial >realities. My point is >that they DID successfully launch a service (we'll see how long it >lasts), and they DID >succeed in getting widespread press for it. Now various people >around the globe are >reading about the service and learning about the advantages of >pseudonymity. The next >time someone wants to start a better, more secure service, there >will be many more >educated investors willing to underwrite such a venture. Perhaps not. Would-be investors who see ZKS fail will not necessarily be more willing to underwrite similar projects. If ZKS crashes and burns with an investment pool of several tens of millions of dollars--someone told me they'd raised more than US$75M, but I haven't looked closely--then "educated investors" will likely avoid this type of market. What Lucky said is basically correct. The Freedom network has numerous flaws (*) which make it even less interesting than the Cypherpunks remailers of some years back. (* Covered many times: Source code not examined. Underlying mix/anonymizing protocols not public. Single point of failure for attack by legislators, fatwah saboteurs, etc. No reliance on multiple hops, as DC Net and Crowds/Onions and Cypherpunks systems use.) The fact that some fine people work for ZKS should cause us to give them a pass on such important issues. Whether there are enough people who think some degree of untraceability is good but who are no sophisticated enough to realize that Freedom currently is not offering a "full strength" product is an interesting question. The fact that both ZKS and HavenCo have fixed, identifiable headquarters, and the fact that both have made noises about placing limits on what users do with their systems (**) is telling. (** ZKS said they will cancel the accounts of those who use Freedom to transmit/post various kinds of illegal (?) information. In Canada, this could include using Freedom to evade the laws forbidding hate speech! HavenCo has similarly talked about "information illegal in the originating country" being yanked. In both cases, the single point of failure makes government pressure likely.) Personally, I think the market for casual-grade untraceability is limited. Which is not to say that the market for high-grade untraceabily is any better. Most people don't think much about security. My hunch has long been that the people willing to pay for untraceability ("pay" in terms of paying $$, accepting certain packet delays, upgrading equipment, etc.) are those with monetary benefits in untraceability: dealers in various items, pornographers of various sorts, sellers of military secrets, political activists who face strong sanctions or death if discovered, and so on. These are the main users we in the Cypherpunks movement have discussed for so many years. How long will ZKS let "LolitaLover" use Freedom for selling pictures of children? How long will HavenCo tolerate the "Women without Veils" (***) site? (*** Someone came up with this "Women without Veils" meme some months back. Makes the case wonderfully.) For HavenCo, what exactly does "country of origin" mean? If Iranian dissidents in Belgium use HavenCo to post pictures of Rafsanjani having morphed sex with a pig, is the "country of origin" Belgium or Iran...or an ISP in the U.S.? In any case, this won't stop enraged mullahs in Teheran from issuing a fatwah against HavenCo. And so on. This is well-trod ground. Good luck to them both, but I really don't see their models as being especially interesting. If HavenCo only spent a million bucks, as "Wired" is reporting, then they're a shoestring operation and they may be able to make money by co-locating certain sensitive files, though not the "outrageous" files which will invited SEAL saboteurs and crazed Iranians. We'll see. If ZKS has really taken in $30 million, let alone $50 million or more, I really have a hard time seeing how they'll find enough paying customers. We'll see. In a couple of years this should all be clearer. It may be that both HavenCo and ZKS will tweak their business models to adjust to whatever realities emerge. I'll watch with interest. --Tim May -- -:-:-:-:-:-:-: Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon"
[wk@C4I.ORG: [ISN] Hush offers novel twist on secure e-mail]
- Forwarded message from William Knowles <[EMAIL PROTECTED]> - Content-Type: TEXT/PLAIN; charset=US-ASCII Date: Tue, 13 Jun 2000 07:33:52 -0500 Reply-To: William Knowles <[EMAIL PROTECTED]> From: William Knowles <[EMAIL PROTECTED]> Subject: [ISN] Hush offers novel twist on secure e-mail To: [EMAIL PROTECTED] http://www.zdnet.com/eweek/stories/general/0,11011,2586300,00.html By Dennis Fisher, eWEEK June 12, 2000 1:08 PM PT Hush Communications USA Inc. today released HushPOP, its latest secure e-mail product. HushPOP, which can be downloaded for free from the company's Web site, is a transparent add-on that runs behind a user's desktop e-mail client and takes a unique approach to encrypted e-mail. Like many other secure messaging programs, HushPOP uses an encryption engine to generate unique keys for each user. However, HushPOP keys are generated on each user's local machine. Once a user logs into the program with a private pass-phrase, he or she can send and receive secure e-mails just like any other message. Once a message is generated, it is sent to HushPOP's key server and then on to the recipient, who doesn't have to have HushPOP installed. Messages are encrypted with 1,024-bit security. "This is as secure as it gets," said Jon Gilliam, president of Hush Communications in Austin, Texas. "We don't have access to the users' keys, and the encryption level is well beyond what's out there now." Much of the development work on HushPOP was done in Ireland as a result of U.S. laws prohibiting export of powerful encryption software. The company has had a secure Webmail product, Hushmail.com, available for several months, and it released a private-label product for service providers on June 1. Overcoming the 'hurdle rate' Hush's technology has analysts excited about the company's prospects. "The things that they're proposing are much more exciting than what we've seen in the marketplace to date," said Joyce Graff, vice president and research director at The Gartner Group in Stamford, Conn. "At the moment, the hurdle rate is pretty high, because people have to think ahead in order to use secure e-mail. Unless you can do it at the last minute without having to set it up, people won't use it. [HushPOP] does that. You don't want to be seen as a company that's hard to do business with." Hush intends to apply its encryption technology to an increasingly broad range of products in the near future, Gilliam said. "Our technology works with all forms of digital communication -- instant messaging, IP telephony, whatever," said Gilliam, who added that an encrypted IM client is a strong possibility. Hush is at www.hushmail.com *-* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen. Alfred. M. Gray, USMC --- C4I Secure Solutions http://www.c4i.org *-* ISN is sponsored by SecurityFocus.com --- To unsubscribe email [EMAIL PROTECTED] with a message body of "SIGNOFF ISN". - End forwarded message - -- so much entropy, so little time http://inferno.tusculum.edu/~typo/
RE: ZKS makes the WSJ (again)
Lucky Green spoke thusly: >Present-day Freedom simply isn't of any significant interest to many privacy >conscious customers. I suspect ZKS' sales figures are reflecting that fact. Your point is well taken that ZKS' service does not meet the standards of the dyed-in-the-wool cypherpunk. There is no such thing as 100% security anyway. I suspect that most of the compromises that ZKS made are due to commercial realities. My point is that they DID successfully launch a service (we'll see how long it lasts), and they DID succeed in getting widespread press for it. Now various people around the globe are reading about the service and learning about the advantages of pseudonymity. The next time someone wants to start a better, more secure service, there will be many more educated investors willing to underwrite such a venture. --PH __ Get Your Free Email from http://www.hotml.com
unsubscribe cypherpunks
unsubscribe cypherpunks