p2p, anonymity and security

[bmcculley at rcn.com]

---- Original message ----

>From: Derek Martin <invalid at pizzashack.org>  

>As you point out yourself, there's virtually no way to 
>guarantee your anonimity using these networks.  It would only 
>work if you were using some sort of anonimizing service.  
>Anonymizer will do this for web content, but I don't think it 
>will do it for file sharing networks.
>In any event, these kinds of services (if they exist) are no 
>less obligated to respond to subpoenas than you are... 
>depending on jurisdiction issues.

I haven't kept up with the current status of this field, but I
remember when there was an outfit named Zero Knowledge Systems
establishing something called "Freedom Net" to anonymize net
access.  As I recall they were going to insert an anonymous
proxy chain creating an encrypted VPN from your desktop to
some randomly selected portal, disguising your traffic in the
mix of all other traffic.  Not sure but thought it was going
to be all your IP traffic not just port 80.  However that all
could have changed since they started, it's been years.

Interesting point about it, when they first announced their
plans I gave the issues of anonymity some thought and decided
that such a service as they offered could be made completely
anonymous except from the operator of the anonymizing system!

That's part of the interplay between trust and anonymity,
similar to the balance between privacy and security, that make
for some very interesting philosophical challenges.

BTW, the advisory board for ZKS is quite a collection of
luminaries, I've met a couple of them and know others by
reputation and they are all most impressive and reputable. 
However, regarding jurisdiction, they are based in Montreal
with offices in US, UK and OZ, so I would expect subpoenas
would be served and honored without undue difficulty.

-Bruce McCulley
freelance CISSP