"zeroknowledge"

t byfield tbyfield at panix.com
Mon Oct 4 22:44:12 PDT 1999



> From: kelley <kcwalker at syr.edu>
> Subject: "zeroknowledge"
>
> query from another list:
>
> Does anyone know anything about the 'zeroknowledge' privacy software being
> launched today?

yup. the company is named 'zero knowledge,' and the software is called 'freedom'; it comes in two flavors--client (which you use) and server (which is installed at various ISPs).

the people behind it are considered to be quite reputable in cryptography circles, which is a good start. i don't know if they've publicly released the source code of the system, which is considered to be de rigeur for something to be trustworthy; i haven't heard that they've done so, but they may well have.

the basic idea is this: (1) you install it on your confuser; (2) it encrypts all your outbound traffic; (3) it directs all your outbound traffic to a freedom server; (4) several such servers juggle your traffic between them; (5) at some point, one of the servers decrypts your traffic or some sub- set of it, and sends it on its merry way; (6) whatever regu- lar server you're dealing with answers that freedom server; (7) which recrypts your traffic and juggles it with other freedom servers; (8) until one of them decrypts it and sends it back to you. or something like that.

if enough people use it, the resulting jumble should defy most forms of analysis--traffic analysis, network sniffing, etc. its flaw, presumably, is high latency (lag time) while all these servers are juggling your traffic all over the net--but i don't know, i've never used it.

ZK has cooked up a fairly elaborate set of business rela- tionships such that people who maintain freedom servers are, i believe, paid to do so. i'm not sure how the econ- omics of it is supposed to work.

cheers, t



More information about the lbo-talk mailing list