Re: Anonymizer employees need killing

2004-03-28 Thread R. A. Hettinga 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

At 1:53 PM -0600 3/28/04, bgt wrote:
>What I'm blaming Lance for is snake-oil marketing.

Don't be a putz. He's marketing it for what it is. Lance has never
made any claims of perfect anonymity.

>> And, finally, one last thing. After 5 or 6 years of it from Tim,
>> who started this list, and the original physical meetings, it's no
>> secret I've gotten really tired of the "need killing"
>> chest-puffing
>
>*I* did not say anyone needed killing,

No, I was talking about the original post in this thread, and its
resultant title.

After watching you blather on, here, though, I'm beginning to regret
what *I* said on the matter.

:-).

In the meantime, try to pry your panties out of the crack in your
ass.

Cheers,
RAH

-BEGIN PGP SIGNATURE-
Version: PGP 8.0.3

iQA/AwUBQGdc68PxH8jf3ohaEQIwsgCeISV5A+amlSjXGtkAtpFN3Uei3zIAoJj0
YKsGDGoO3pX9qPAjHR/qtprk
=TmHg
-END PGP SIGNATURE-

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Anonymizer employees need killing

2004-03-28 Thread R. A. Hettinga 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

At 1:01 AM -0600 3/28/04, bgt wrote:
>you state openly in your policy that you're not to be
>trusted!

Think about it for a second.

Anonymizer is set up to prevent *businesses*, stalkers, and
small-time crooks like spammers, from seeing your behavior on the net
and annoying you there.

What's he going to do when uncle Fed shows up with guns? Have a
shootout or something?

:-)



The point to cypherpunks as always been this, folks: Do not rely on
*people*, especially people and *laws*, to protect your anonymity
from, if you will, national technical means -- guys with guns and
rubber hoses.

That's what remailers are for, speaking of Lance, the guy who wrote
Mixmaster. *Use* them. Build them. Make 'em better.

And, if you're upset that you can't *surf* anonymously, sure as hell
don't blame Lance. Blame the state of *markets* for such
onion-routing services as Zero Knowledge's Freedom, or, even, the
lack of interest in the open source community to build an equivalent.
Meaning *buy* stuff when it comes on the market, and *use* someone's
code when it shows up on sourceforge, or wherever, report bugs, and
help *out*, instead of pissing and moaning that a single-hop
anonymity service doesn't provide perfect anonymity against national
technical means.

More important, if you, personally, can do something about it, write
code. If not, *hire* someone to write code. And, if you can't do
*that*, then quit whining at the people who are actually *doing*
something, anything, however small it is, in the right direction.
Like Lance. Especially Lance.

Certainly, if something you do pisses off the Uncle Fed, he's got the
muscle to kick your ass. Live with it. Work around it. Use what's
there to keep from getting your ass kicked. Progress is about doing
something that hasn't been done before so that you have the *freedom*
to do what you want.

For example, Julf provided a single-stop remailer with penet. Some
"church" subpoenaed him out of business. Fine. Do something else.
Just don't sit there and whine about it. These days, there are *more*
and better remailers out there (thanks to people like Lance) than a
single hop one in Finland. Could it be better? Sure. So make it
better instead of whining about it.



And, finally, one last thing. After 5 or 6 years of it from Tim, who
started this list, and the original physical meetings, it's no secret
I've gotten really tired of the "need killing" chest-puffing
bullshit. Tim was bad enough, but, at least -- and in ever-decreasing
usefulness -- he had something substantive to say.

Self-reference is a bitch, :-), but people who say other people "need
killing" need killing themselves, and, frankly, deserve everything
they get for saying so in otherwise civil discourse. Unpopular
opinion is one thing, but bad manners is a mortal offense in my
opinion. :-).



So, try to act like adults, people. Not like a bunch of 12 year old
boys who just found a loaded BAR in the garage.



Cheers,
RAH

-BEGIN PGP SIGNATURE-
Version: PGP 8.0.3

iQA/AwUBQGbpFMPxH8jf3ohaEQI2tQCg6ruUCCQ/q15O9Ps75ldDTB9tTWgAn1DD
TmCabJz2jSjv7noQeaT0Ncb+
=mX/0
-END PGP SIGNATURE-

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Anonymizer employees need killing

2004-03-28 Thread bgt 
On Mar 28, 2004, at 9:05, R. A. Hettinga wrote:

Anonymizer is set up to prevent *businesses*, stalkers, and
small-time crooks like spammers, from seeing your behavior on the net
and annoying you there.
What's he going to do when uncle Fed shows up with guns? Have a
shootout or something?
This is exactly my point.  You and I are saying essentially the same 
things.
Anonymizer cannot be trusted with your life & liberty. It is the 
equivalent of
"kid sister cryptography".  Lance, however, does not seem to view it 
this way.

And, if you're upset that you can't *surf* anonymously, sure as hell
don't blame Lance.
What I'm blaming Lance for is snake-oil marketing. When someone posted
"Anonymizer revealed the identity of a customer to the FBI", Lance 
posted
"Anonymizer would never do such a thing".  But *of course* he would,
because there's a metaphorical (if not real) gun pointed at his head.

I'm not "pissing and moaning that a single-hop anonymity service doesn't
provide perfect anonymity", I'm calling Lance and Anonymizer on their
false claims.  Lance and Anonymizer should both be upfront and honest
about exactly what level of "anonymity" Anonymizer /can/ provide.
Then I would not have anything to say on this thread.  I agree, the 
service is
certainly useful for some things, and the world is better with it than 
without
it.

And, finally, one last thing. After 5 or 6 years of it from Tim, who
started this list, and the original physical meetings, it's no secret
I've gotten really tired of the "need killing" chest-puffing
*I* did not say anyone needed killing, so I'm assuming this part of 
your rant
was targeted at someone else.

--bgt

Re: Anonymizer employees need killing

2004-03-27 Thread Lance Cottrell 
I hope at this point the retractions by the Register have been well  
circulated. Just to make it absolutely clear, we have never and never  
will sell out a customer. This is simply shoddy reporting at its worst.

A blog first reported this months ago as "an anonymizer" which was then  
picked up as "The Anonymizer" in some articles, which then printed  
corrections. In fact the company involved was Surfola which is not  
connected to us in any way shape or form (and which I had never even  
heard of before this).

Months later the Register picked up on an old uncorrected version of  
the story and printed it without any fact checking at all. This is a  
shocking breach of editorial responsibility.

I would have hoped that my years of working on free open source privacy  
tools (such as Mixmaster) before founding Anonymizer would lend my  
reputation some weight, or at least give me the benefit of the doubt  
until the matter was clarified. I am deeply troubled to see death  
threats against my employees (and I would assume myself) without anyone  
taking the trouble to even ask us to comment.

It has always been easy to contact me directly, next time I hope  
someone will do so before assuming the worst.

	-Lance

 
-
Lance M. Cottrell
President, Anonymizer Inc.

Re: Anonymizer employees need killing

2004-03-27 Thread bgt 
On Mar 27, 2004, at 23:13, Lance Cottrell wrote:
I hope at this point the retractions by the Register have been well 
circulated. Just to make it absolutely clear, we have never and never 
will sell out a customer. This is simply shoddy reporting at its 
worst.


I would have hoped that my years of working on free open source 
privacy tools (such as Mixmaster) before founding Anonymizer would 
lend my reputation some weight, or at least give me the benefit of the 
doubt until the matter was clarified. I am deeply troubled to see 
death threats against my employees (and I would assume myself) without 
anyone taking the trouble to even ask us to comment.

It has always been easy to contact me directly, next time I hope 
someone will do so before assuming the worst.
Alright then, since you're here, maybe you could answer a couple 
questions:

- If given a court order, would you be able to provide the FBI the same 
kind of information that Surfola did, which could be used to track down 
the customer in meatspace?  (From the article, we can assume it was his 
paypal email addx and/or the IP addx he was using, either one of which 
was probably sufficient).

- Assuming the answer is yes: from the customer's POV, in the end what 
does it matter whether you were given a court order or not... the 
result was the same, they were caught because they trusted your service 
(the fact that, in this case, the crime was despicable, is beside the 
point).

- Can you explain the contradictions inherent in the following excerpts 
from your user agreement?

"Usage logs are usually kept for forty-eight (48) hours for maintenance 
purposes, monitoring Spamming and monitoring abuses of netiquette. Any 
relevant portion(s) of such logs may be kept for as long as needed to 
stop the abuses."
"We maintain no information which would identify which user had sent a 
given message or visited a given site"
"Abusers of the Anonymizer can expect no anonymity. We regret the 
necessity of this policy, but without it abuse will force the shutdown 
of the Anonymizer."

Even if we leave aside the question of whether one should trust a 
service which /could/ betray you if it were run by an untrustworthy 
operator, you state openly in your policy that you're not to be 
trusted!

--bgt

Re: Anonymizer employees need killing

2004-03-26 Thread bgt 
On Mar 26, 2004, at 9:13, petard wrote:

On Fri, Mar 26, 2004 at 01:32:43AM -0500, An Metet wrote:
From http://www.theregister.co.uk/content/55/36485.html :
"To download the online picture, he used the Anonymizer.com service,
believing the companys privacy policy would protect him. Not so. Dutch
The article got it wrong. He used Surfola. They've since corrected it.
Of course, anyone trusting their lives & liberty to these commercial ip 
addx
obfuscators are incredibly stupid anyway.  Anonymizer states plainly 
that
they store usage logs "usually for 48 hours" and will use them to combat
spam or other "abuses of netiquette".  Even if they didn't state it, 
how can you
stake your life on them not doing so?

Any company that /can/ comply with a court order to reveal your 
identity,
probably won't need a court order to be convinced to do so.

 Just as a point of curiosity (because I think it's irrelevant, for the 
reason
above),  An Metet, how are you sure there was no subpoena or court order
involved?

--bgt

Re: Anonymizer employees need killing

2004-03-26 Thread Eric Tully 


From The Register:

"To download the online picture, he used the anonymising Surfola service 
(and not Anonymiser.com as we mistakenly wrote in our initial report - 
apologies to all concerned - Ed), believing the company’s privacy policy 
would protect him."



So now I don't know what to believe.  Either Anonymizer was never 
involved... or they don't want it known that they sold out so they asked 
for a retraction.

- Eric



An Metet wrote:
Anonymizer is working with the FBI on international blackmail cases - no 
subpoena required!

From http://www.theregister.co.uk/content/55/36485.html :
"To download the online picture, he used the Anonymizer.com service, 
believing the companys privacy policy would protect him. Not so. Dutch 
police worked closely with the US company and the FBI to track him down. 
He was caught red-handed last year when he withdrew the money from a cash 
machine using his copy of the credit card. 

Which just goes to show that even criminal masterminds can make simple 
mistakes. The error, experts say, could have been easily avoided if the 
blackmailer had visited an internet cafe to download the encoded picture, 
rather than using his own PC. What's more, he paid for the Anonymizer 
service through Paypal, giving his personal email address."

Fuck these sell-outs.

Re: Anonymizer employees need killing

2004-03-26 Thread petard 
On Fri, Mar 26, 2004 at 01:32:43AM -0500, An Metet wrote:
> >From http://www.theregister.co.uk/content/55/36485.html :
> 
> "To download the online picture, he used the Anonymizer.com service, 
> believing the companys privacy policy would protect him. Not so. Dutch 

The article got it wrong. He used Surfola. They've since corrected it.

Anonymizer employees need killing

2004-03-26 Thread An Metet 
Anonymizer is working with the FBI on international blackmail cases - no 
subpoena required!

>From http://www.theregister.co.uk/content/55/36485.html :

"To download the online picture, he used the Anonymizer.com service, 
believing the companys privacy policy would protect him. Not so. Dutch 
police worked closely with the US company and the FBI to track him down. 
He was caught red-handed last year when he withdrew the money from a cash 
machine using his copy of the credit card. 

Which just goes to show that even criminal masterminds can make simple 
mistakes. The error, experts say, could have been easily avoided if the 
blackmailer had visited an internet cafe to download the encoded picture, 
rather than using his own PC. What's more, he paid for the Anonymizer 
service through Paypal, giving his personal email address."


Fuck these sell-outs.