"zeroknowledge"

[t byfield]

> From: kelley <kcwalker at syr.edu>
> Subject: "zeroknowledge"
> 
> query from another list:
> 
> Does anyone know anything about the 'zeroknowledge' privacy software being
> launched today?

yup. the company is named 'zero knowledge,' and the software
is called 'freedom'; it comes in two flavors--client (which
you use) and server (which is installed at various ISPs).

the people behind it are considered to be quite reputable in 
cryptography circles, which is a good start. i don't know if 
they've publicly released the source code of the system, which 
is considered to be de rigeur for something to be trustworthy; 
i haven't heard that they've done so, but they may well have.

the basic idea is this: (1) you install it on your confuser;
(2) it encrypts all your outbound traffic; (3) it directs
all your outbound traffic to a freedom server; (4) several
such servers juggle your traffic between them; (5) at some
point, one of the servers decrypts your traffic or some sub-
set of it, and sends it on its merry way; (6) whatever regu-
lar server you're dealing with answers that freedom server;
(7) which recrypts your traffic and juggles it with other
freedom servers; (8) until one of them decrypts it and sends 
it back to you. or something like that.

if enough people use it, the resulting jumble should defy
most forms of analysis--traffic analysis, network sniffing,
etc. its flaw, presumably, is high latency (lag time) while
all these servers are juggling your traffic all over the
net--but i don't know, i've never used it. 

ZK has cooked up a fairly elaborate set of business rela-
tionships such that people who maintain freedom servers
are, i believe, paid to do so. i'm not sure how the econ-
omics of it is supposed to work.

cheers,
t