 |
| CNN WEB SITES: |
|
| TIME INC. SITES: |
| MORE SERVICES: |
| video on demand |
| video archive |
| audio on demand |
| news email services |
| free email accounts |
| desktop headlines |
| pointcast |
| pagenet |
| DISCUSSION: |
| message boards |
| chat |
| feedback |
| SITE GUIDES: |
| help |
| contents |
| search |
| FASTER ACCESS: |
| europe |
| japan |
| WEB SERVICES: |
Hiding out on the Internet
|
August 12, 1998 by Ellen Messmer and Denise Pappalardo |
From...
|
(IDG) MONTREAL -- Hiding your identity on the 'Net isn't easy given that IP addresses and domain names give clues about who and where you are. On top of that, snoops can pore over your unencrypted data with network sniffers.
But Zero-Knowledge Systems (ZKS), a start-up based here, wants to change that with new desktop software which will enable Internet users to keep their identities secret while Web browsing, sending e-mail and participating in chat sessions.
While the Windows software could be put to criminal use, it might also attract companies that want to discretely conduct legitimate market research and competitive analysis over the 'Net, among other things.
The company previewed the software at the recent Def Con hacker convention and plans to formally introduce it in a few weeks.
|
| ||
|---|---|---|
|
IDG.net home page | |
| Network World Fusion home page | ||
| Free registration required to access Network World | ||
| Free Network World Fusion newsletters | ||
| Get Media Grok and The Industry Standard Intelligencer delivered for free | ||
| Reviews & in-depth info at IDG.net | ||
|
IDG.net's bridges & routers page | |
| IDG.net's hubs & switches page | ||
|
IDG.net's network operating systems page | |
| IDG.net's network management software page | ||
| IDG.net's personal news page | ||
| Questions about computers? Let IDG.net's editors help you | ||
|
Search IDG.net in 12 languages | ||
| Subscribe to IDG.net's free daily newsletter for network experts | ||
| News Radio | ||
|
Fusion audio primers | |
|
|
Computerworld Minute | |
ZKS also intends to announce that Canadian ISP TotalNet, as well as about a dozen other ISPs, will support the ZKS "Anonymous IP Protocol" on their servers.
ZKS, which has about 20 employees, expects to offer its software free to ISPs and for as little as $5 per month to customers to get things rolling. While an enterprise could also host ZKS software on its servers, the start-up is counting on ISP support to create "an anonymity cloud" through which users can cruise the Internet without a trace, said Austin Hill, founder and president of ZKS and former chief technology officer of TotalNet.
"If you're a Chinese dissident posting messages for freedom, for instance, nobody is going to be able to go to an ISP and say we need your help tracking him down," Hill said. "The ISPs can't be held responsible anymore for the actions of their users."
ZKS software in action
The Anonymous IP Protocol enables users to select up to any of five different pseudonyms, while ZKS desktop software encrypts outgoing traffic and wraps it in User Datagram Protocol (UDP) packets.
The first server in what has to be at least a two-hop system gets the UDP packets, strips off one layer of encryption to add another, then sends the traffic on to the next server, which strips off yet another layer of encryption and adds a new one.
How the software works
"The user can control how many hops he wants to make," Hill said. "The more hops, the more security." He acknowledged that all the encryption and decryption may degrade performance.
At the final server, the output funnel in ZKS' parlance, traffic is spit out unencrypted with an IP address untraceable by the recipient.
The process is known as onion routing, a technology that Hill said could end up as a request for comment at the Internet Engineering Task Force.
While Chinese dissidents stand to benefit from the ZKS technology, so do others, including garden-variety criminals. Some ISPs are interested in offering anonymity services but aren't entirely comfortable with complete, untraceable anonymity.
ZKS' technology appears as though it would make it next to impossible to track down senders of death threats, hate mail and other such traffic, said Michael O'Dell, vice president and chief scientist at UUNET Technologies, a WorldCom subsidiary. O'Dell said when federal marshals come looking for help in criminal cases, UUNET wants to be able to assist them.
AT&T's WorldNet division and America Online said they are looking to organizations such as the Online Privacy Alliance for guidance in developing Internet privacy policies. Existing policies basically say the ISPs won't cough up information about users unless subpoenaed to do so, but neither organization said it is ready to offer complete anonymity services.
PSINet, Concentric Network and Netcom echoed similar reservations about deploying ZKS-like technology.
For the Federal Trade Commission (FTC), which does its own detective work online to try to stop Internet-based fraud, the ZKS anonymity method could be a two-edged sword. On one hand, ZKS software may offer consumers privacy on the Internet - something the FTC has long said it wants to see. On the other hand, the software could hinder catching the bad guys.
"It could make our job harder," said David Medine, associate director for credit practices at the FTC. "But consumers should be able to choose an anonymity control."
Walter Effross, an associate law professor at the Washington College of Law at American University, said he has advised his students to use anonymity services such as those from www. anonymizer.com to do research on the World Wide Web for sensitive projects. If large numbers of Internet users end up adopting the ZKS anonymity method, business on the Internet is certain to change dramatically, Effross said. That's because Web sites often collect as much data as they can about visitors based on their IP addresses.
Lawyers no doubt would wind up raising legal objections with ISPs or others operating IP anonymity servers. "If these service providers decide to embrace anonymity like this, there's the question of whether they have contributed to criminal activity through negligence by participating," Effross said.