Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
What Kinds of Online Privacy do you want?

By Meridun in MLP
Mon Sep 25, 2000 at 09:10:08 PM EST
Tags: Internet (all tags)
Internet

I'm a programmer for a company called MyPrivatePlanet that is developing a suite of online privacy enhancing services, including an anonymous online purchasing service. A more complete explanation of what we're developing follows below, but I'm curious what everyone here would want available in such a service.


Current plans include offering an anonymous credit card through the service (including anonymous identity) that is not tracable by the merchant to the shopper, since it is issued through the company. This is mostly done.

Additionally, we will offer anonymous browsing and anonymous email forwarding to ensure that the user can't be tracked by the merchant sites through those methods either. There is some consideration about making the anonymous email forwarding PGP-compatible, but that's still on the drawing board.

Are we missing anything here? What do YOU want in such a service? We plan to go live with everything in January, so I'd really like some input.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o MyPrivateP lanet
o Also by Meridun


Display: Sort:
What Kinds of Online Privacy do you want? | 45 comments (38 topical, 7 editorial, 0 hidden)
Technical Difficulties (4.90 / 11) (#1)
by BinerDog on Mon Sep 25, 2000 at 03:13:18 PM EST

The problem with this is very similar to the problem with the company a while back that offered IP stripping services whose name I cannot remember. Th ecompany running the tripping servers would still have access to the data.

The people who would be willing to pay for this service are going to be a bit paranoid about their identity or records (say Bill Clinton getting a membership at a pr0n site). Those people will be no happier knowing yourcompany will have that information. To be truly effective you need to be able to be audited to verify that you (the company) has no stored record.

Of course, for things such as credit card transactions this gets EXTREMELY difficult as not keeping a record of credit card transactions is, well, if not illegal, at least dumb as bricks.If you intend to issue the credit card such that the card is in a made-up name in your database and you bill the real person: your database is A) crackable via a variety of slow but eventually successful techniques, B)sepina-able, C) still a written trail to the paranoid (ie, so "Hot and Young" can no longer blackmail you when you run for Attorney General, your company can).

To make this truly secure and anonymous you need it to be double-blind. You cannot know what transactions your clients are making, but as they are your clients you need to be able to interact with them.

You may be able to work something out via private/public key encryption where the normal role is reversed - the encrypting key is made public so you can post data to someone's account, and the decrypting key is held only by the client (not you). All client records woul dneed ot be encrypted via the encryption key as they enter your system. (this still leaves you open to packet sniffing, but if you pgp the data between your system and client and send out random information to random addresses regularly this can be avoided, MAYBE. Actually, no, statistically it would still be possible to track down a regular user, but I diverge...) Th eproblem here comes from when you need to bill your client. If you leave amounts of purchases etc unencrypted it is still possible to track purchase patterns by watching where data moves and how much money is spent.

As described above the client has too much power because he/she is the only one capable of discovering how much he/she owes, and if the client defaults on payments that same client CANNOT be identified. If there was a way to hide the values of individual transactions and who the transaction was made with from the card issueing company (the one described above) while allowing that same company to know the balance at any given time, but not be able to track changes in balance there may be a solution. It would fall into writing a very interestig piece of code to do the transactions and then getting the code auditted. (Wow, code auditting, whata concept. I need to start codeaudit.com and make my millions, but back on topic) so that clients could be sure their information wasn't being tracked by your comapny.

This is a cool problem. Let me think on it some more and post again. In the mean time, hopefully my semi-incoherent ramblings will spark someone elses and before I get back the solution may be found.


-- The Entity Formerly Known as Frums (Cuz someone nabbed my name on K5) (I want it back :ţ)
Re: Technical Difficulties (4.66 / 3) (#12)
by Eimi on Mon Sep 25, 2000 at 04:39:21 PM EST

I think the problem is with the concept of an anonymous credit card. The entire concept of credit is that establishing an identity to be credit worthy is difficult, and that a person who racks up a bill can be found. I don't think there really is a way to make a truly anonymous credit card. What could be done, though, is an anonymous debit card. Identity is basically a public key/private key pair. When you put money onto the card, you receive a receipt signed with the company's private key, verifying that that much cash was added. Any time you want to use the card, what you give is a private-key encrypted statement authorizing the transfer of funds. If there is a descrepancy in the records, you can't deny any charge, nor can the company deny any credit. I don't know practically how well it would work, but it seems to solve most of the problems. So the company issuing the card would NEVER know your identity, and it simply wouldn't matter to them.

[ Parent ]
Re: Technical Difficulties (3.50 / 2) (#18)
by Meridun on Mon Sep 25, 2000 at 05:42:10 PM EST

This is exactly what I've been hoping to hear. Good, solid suggestions.....

Very interesting ideas regarding the double-blind for the financial transactions. I don't know if the auditors from PriceWaterhouse (auditing firm) would like our company not knowing who made what transaction, although it would certainly be secure.

We're trying to work within the current credit card infrastructure, since I doubt many merchants will install an addition whose sole purpose is to remove their abilities to track customers that purchase items. Therefore, the methods we use have to be 1) simple enough not to require major changes to the existing system and 2) not reliant on the active cooperation of merchants. We actually have most of that nailed down.

What I'm currently working on is better ways to segregate and encrypt the information that our company maintains. This would be so that, even if someone were to gain access to the database, they would be confonted with information that they couldn't use. This might include formula-based relation linking, strong encryption of contact info, keeping different tables on different servers, etc. Any suggestions here?

[ Parent ]

I like the idea... (3.50 / 6) (#2)
by squirrel on Mon Sep 25, 2000 at 03:26:12 PM EST

...especially in the wake of Amazon.com and other companies who now are quite willing to sell your personal information if they need to raise some extra cash. I like the idea of putting my trust in a single company to keep my info private, rather than having to sort through each and every privacy agreement on each and every online store.

I think if the question is "Do you want to see support for this feature...?" the answer is always "Yes". My privacy is worth a little money but it's not worth giving up Internet functionality. Of course, I would also want to see some seriously iron-clad proof that this particular company deserves all my trust.

squirrel

Re: I like the idea... (4.00 / 2) (#15)
by Meridun on Mon Sep 25, 2000 at 04:54:46 PM EST

This is almost a separate discussion topic by itself, but what would you consider iron-clad proof?

I trust the company, since I have very detailed knowledge of the people and technology involved. However, given my immense cynicism regarding many companies like TrustE, does anyone have a good idea regarding what sorts of things would show the honorable intentions of a company regarding privacy (especially when privacy is the company's business)?

[ Parent ]

Re: I like the idea... (3.00 / 1) (#29)
by squirrel on Tue Sep 26, 2000 at 06:45:20 AM EST

This is almost a separate discussion topic by itself, but what would you consider iron-clad proof?

Well, for starters I would want a short, clear statement of the company's privacy policy. IANAL, but a good privacy statement written in simple and direct language would help put me at ease. I would want a company like this to be a fee-based or subscription-based service. I'm willing to pay, so make money off ME, not off my info. And I probably wouldn't sign up for any privacy service until I had read some positive third-party evaluations of their business practice.

And, of course, security is a must. Companies like this must be El Dorado for "crackerz".

squirrel

[ Parent ]
I hate it when (2.33 / 6) (#45)
by Anonymous 6522 on Sat Jan 20, 2001 at 11:01:28 PM EST

they sell my name to other companies so that I get more junk mail

[ Parent ]
shipping address? (3.42 / 7) (#4)
by Frédéric on Mon Sep 25, 2000 at 03:33:09 PM EST

a lot of ecommerce site deliver ONLY to the address of the card holder, that means if a buy something it'll go to the MyPrivatePlanet address?!?
--
Non interference is the prime directive.
Re: shipping address? (3.00 / 2) (#11)
by Meridun on Mon Sep 25, 2000 at 04:37:30 PM EST

Hmmm.... One of the known issues that we had to deal with is that the card holder's billing address is often used as additional authentication against the number and exp date. We figured out a way around that (I'm under an NDA, otherwise I'd go well into that)

I don't think I've heard of a site that only delievered to the billing address, but I guess that it would be possible. I know that we're looking into anonymous shipping methods, which might take care of that, but this is certainly an issue.

Do you have any examples that I can check out to see how they work and how we could accomodate them?

[ Parent ]

This is silly! (3.37 / 8) (#6)
by MeanGene on Mon Sep 25, 2000 at 03:55:17 PM EST

As other people have told you before, they'd rather not have a dotcom in charge of their behavioral profile.

Who's your target market? People who really care about their privacy can always buy stuff with good old cash...


Re: This is silly! (3.66 / 3) (#10)
by Meridun on Mon Sep 25, 2000 at 04:26:48 PM EST

Well, I'm just a programmer here, so I try to focus more on the code and logistics and let the marketing folks worry about the target audience. That's why I'm asking for technical suggestions for features.

However, I believe that the target audience is for people who want to buy something over the internet and who don't wish to be tracked. I agree that cash is a wonderful anonymous method of payment, but I don't think that I could buy a monitor from Buy.com and mail them an envelope of cash to pay for it. Besides, my return address would be on it anyway, so that is self-defeating.



[ Parent ]

Re: This is silly! (3.50 / 2) (#25)
by bugeyedbill on Mon Sep 25, 2000 at 10:38:35 PM EST

Who's your target market? People who really care about their privacy can always buy stuff with good old cash...

Actually, I'm not even sure about that, after all cash is coded, and a single dollar bill, at least theoretically, can be traced to your bank account and matched up with your spending habits. The only true way to be anonymous is good old barter, your hen lays eggs, my cow gives milk, I give you milk for your eggs.

[ Parent ]

Who will control you? (3.00 / 4) (#13)
by maketo on Mon Sep 25, 2000 at 04:45:31 PM EST

Why should I trust your company? And the millions of others that will soon offer the same service? Keeper to keep me from the keeper to keep me from the keeper....Nah.
agents, bugs, nanites....see the connection?
Re: Who will control you? (3.66 / 3) (#17)
by Meridun on Mon Sep 25, 2000 at 05:23:40 PM EST

I think that the Jargon File has an entry regarding computer security that basically states that one valid philosophy revolves around the idea of putting all your eggs in one basket, after making sure that you have a really strong basket

Essentially, the decision is whether you trust one company specializing in privacy more than you trust each company you shop at or visit with your information. That is a trust issue, which is itself a discussion (I trust them; but what is the best way to demonstrate honesty to people you will never meet... I'm glad I just write the code :)



[ Parent ]

Re: Who will control you? (4.66 / 3) (#30)
by CodeWright on Tue Sep 26, 2000 at 07:44:30 AM EST

Essentially, the decision is whether you trust one company specializing in privacy more than you trust each company you shop at or visit with your information.

MyPrivatePlanet purports to provide a service which a "normal" shop doesn't -- anonymous transactions. In that case, the "buyer" of the anonymity service needs to be reassured that their anonymity won't be "sold" at a later date (ie, that MyPrivatePlanet doesn't get sued into the ground, with the winners taking the spoils -- ie, the "hidden data", and then nailing ole' Billy Boy to the ground for visiting "sweetyoungthing.com").

The only way that a "buyer" of the anonymity service can be reasonably certain that his "hidden" data won't be the spoils of a later bankruptcy "fire sale" or court settlement is if there is no "hidden" data for MyPrivatePlanet to be coerced into parting with.

You should really look into some of the work that has been done on double-blind transactions, pseudonymity, digital anonymous currency, etc.

At the very least, one would hope that MyPrivatePlanet's physical servers would be in a facility reminiscent of HavenCo's, if not actually there.

An important selling point in that context would be the guaranteed destruction of records on the event of physical plant compromise within a given timeframe (ie, if someone tries to enter your premises in an unauthorized fashion, thermite slags the server room -- note, this makes it a very high priority to company management to have good physical security, since a single compromise torches the server room).

If those types of things are not part of the "Suite" being sold by MyPrivatePlanet, then you guys better change your marketing campaign to advertise "pseudonymity" rather than "anonymity".

Links:

Books:

  • Bruce Sterling's Distraction has interesting mention of global VPN "trust-networks" which would also be of interest in this context...
  • of course, Neal Stephenson's Cryptonomicon is immediately relevant as well...



--
A: Because it destroys the flow of conversation.
Q: Why is top posting dumb? --clover_kicker

[ Parent ]
Anyone remember anon.penet.fi? (4.00 / 4) (#14)
by eann on Mon Sep 25, 2000 at 04:50:33 PM EST

It's a great idea, and I'd probably consider using the service. The big nagging problem I have is the same thing that brought down anon.penet.fi many years ago. The Finnish government and/or the people who ran the service decided it was in their best interest to cooperate with a U.S. government investigation (FBI, IIRC), thus effectively putting themselves out of business. They knew it, too, and shut down voluntarily when they made the decision.

Inside the U.S., your information will always be threatened. In addition to whatever threats to physical security may exist, you always have the possibility of court order. There are, I'd wager, very few places on Earth that wouldn't cooperate with one, if it came from sufficiently high up in the judicial system. SeaLand, maybe, but who really wants to press the issue with the British government of whether that artificial island is, in fact, sovereign?

Our scientific power has outrun our spiritual power. We have guided missiles and misguided men. —MLK

$email =~ s/0/o/; # The K5 cabal is out to get you.


Re: Anyone remember anon.penet.fi? (3.50 / 2) (#16)
by Meridun on Mon Sep 25, 2000 at 05:08:35 PM EST

You have a point, which I actually raised when first confronted with the project. The answer is that your purchases will be anonymous with respect to the merchants. If presented with a subpoena, any financial institution must release records pertaining to the target of the investigation. I believe that this is currently stated on the site, and that the service should not be used for illegal activities.

What I'm more interested in, with regards to the topic, is what can be done to more effectively secure and anonymize an internet user against commercial interests with regards to financial transactions. Are there means of tracking users that have not been addressed with the anonymous browsing, credit card, and email forwarding? How paranoid should we be about companies tracking us?

[ Parent ]

Re: Anyone remember anon.penet.fi? (4.50 / 2) (#19)
by bugeyedbill on Mon Sep 25, 2000 at 05:56:38 PM EST

If presented with a subpoena, any financial institution must release records pertaining to the target of the investigation. I believe that this is currently stated on the site, and that the service should not be used for illegal activities

I hate to say this, but what good is it then? "illegal activities" is anything they define it to be, and hence, they can get your info anyway as govt basically the other side of the business coin. All that need be done is a snap of their fingers, a small threat to the business bottom line (or enhancement of it) to get instant cooperation from these for-profit anonymizing services. How the hell are we going to trust some business crops up out of the blue and says, OK trust us to make you anonymous.

[ Parent ]

Re: Anyone remember anon.penet.fi? (3.00 / 1) (#20)
by Meridun on Mon Sep 25, 2000 at 06:14:08 PM EST

There are quite a few "legitimate" uses that would offer benefits from this. If I were to order prescription drugs online, I would definately not wish my health insurance company to have immediate knowledge of it, unless I claimed them on the policy. Additionally, they might decide that they wanted see if I ordered unhealthy foods from some online grocery store and use that to increase my premiums.

My fiance ordered flowers several months ago online to have delivered to a funeral out of state. The flower delivery company sold her email address (which was required for the transaction) to other companies that are now spamming her. She was mad as hell when she figured that out and I don't blame her.

So, no, this will not act as a shield against illegal activities. And I certainly agree that some activities are illegal that shouldn't be. But there are certainly enough perfectly legal activities that one might wish to keep away from corporate spying and tracking.

[ Parent ]

Re: Anyone remember anon.penet.fi? (5.00 / 1) (#32)
by CodeWright on Tue Sep 26, 2000 at 07:54:37 AM EST

Legality is everything and nothing.

If MyPrivatePlanet is in any way successful, the data that they will have succesfully "mediated" away from those who were formerly able to gather it will be the tangible result of their success.

However, those people (companies) who previously relied on that data could do a cost/benefit analysis and decide that it would be cheaper to lobby for a change to the regulatory environment (ie, buy a law), that would act in their favor. All they would have to do then is approach MyPrivatePlanet with a court-order/cease-and-desist/warrent (whatever form the successfully bought law takes), and the "mediated" data would be lost by MyPrivatePlanet (not to mention, their market).

Of course, this will always happen.

So the trick is to put as many barriers between the wolves and your door as possible -- with enough barriers, the cost for an opponent company to change the regulatory environment exceeds what they could hope to gain by retaining control of the data mediation.

One of the best mechanisms for blocking hostile legal action is "regulatory arbitrage". In other words, find a regulatory environment that is friendly to your endeavor, and then make that your "official" (and data) location (even if most employees, etc work in another jurisdiction).

If MyPrivatePlanet put their data in another country (like, say, a European country with privacy laws, or a banking privacy country, etc), then they could successfully defend themselves from regulatory change (ie, legal extortion).

Without that kind of preventative "dike-building", I doubt that the bulk of MyPrivatePlanet's potential users would take them seriously.



--
A: Because it destroys the flow of conversation.
Q: Why is top posting dumb? --clover_kicker

[ Parent ]
Re: Anyone remember anon.penet.fi? (3.00 / 1) (#27)
by Nickus on Tue Sep 26, 2000 at 02:34:51 AM EST

The didn't cooperate with the FBI or CIA directly. It was the Scientology that made the Finnish police investigate the whole thing. The person who was in charge of anon.penet.fi couldn't do anything but hand over the records. And he shut down the service himself afterwards.

Due to budget cuts, light at end of tunnel will be out. --Unknown
[ Parent ]
Re: Anyone remember anon.penet.fi? (none / 0) (#38)
by David Gerard on Tue Sep 26, 2000 at 06:17:09 PM EST

Not quite - he did drag it through court for a couple of years before being forced to give up the address matching the anon ID in question ...

... and it turned out to be a forwarding address from another anonymous remailer ;-)

It eventually stayed shut down because of spammers abusing the service.

Full information is at http://www.penet.fi/ .

[ Parent ]

Couple points (4.00 / 4) (#23)
by mynnyme on Mon Sep 25, 2000 at 10:11:48 PM EST

I have a couple points about this:

1) American Express is about to offer one time use "disposable" credit cards. How is this different from the "anonymous" credit card you plan to offer? Since the merchant will know yout shipping address anyways to get the merchandise, there is no difference between an anon card and a one-time use card.

2) Taking into account 1), you will need to come up with a way to anonymize the shipping address. Only thing I can come up with is remailing, e.g., merchant ships merchandise to you, and you forward it to me. Now the problem is, I would rather get a P.O BOX, fake name and a one time card, which will make me untracable (well, not my purchase patterns, but my identity), rather than having a third party knowledge of the transaction. How can your service offer more?


Re: Couple points (3.00 / 1) (#35)
by Meridun on Tue Sep 26, 2000 at 10:59:48 AM EST

American Express does have some similarities with their program. However, I believe that you must be a member (which involves a $35 /yr fee, last I checked) and the site must take American Express. I believe that we will be using VISA, but I can't swear to that at this point in time.

As for the remailing issue, we will be offering such a service. You may decide that you'd rather use a PO Box, as you suggested. That's your choice, and it is one of personal preference, but I believe that the anonymous credit card would still have great value in such a transaction.

[ Parent ]

If you want people to use it (3.00 / 2) (#24)
by Dacta on Mon Sep 25, 2000 at 10:32:44 PM EST

you need to explain exactly what happens to information they supply to you, what goes to the merchants, what happens if they cancel their order, etc.

I'm not saying you need to open source your software, but you do need to be very open about your work practices. Don't make stupid claims, and be upfront about things like having to hand over the customers information if a court order is obtained.



Physical Location Masking. (4.00 / 3) (#26)
by delver on Tue Sep 26, 2000 at 02:31:25 AM EST

Seems like everyone agrees that although the idea is good, the problem lies with the intermediate company having the information. Although this would offer temporary (and even perhaps long-term) anominity, your records would still be open to attack or court-mandated opening. Simply encrypting or confusing the data doesn't really solve the problem. Your only defense against prying eyes is ignorance. The only way I can see this being possible is if you setup a way for your company not to know who I (the customer) really am. Difficult in the extreme. But here is a thought. Lets say you have some way to have a local physical pickup point for all your stuff. Like a post office (but not run by the govt. of course). I can walk into this location, open an account under whatever alias I desire, deposit some amount of money into the account (in the form of cash or a disposable credit card). I can then use that account to purchase items on the internet using the debit account that corresponds to my account with you guys. The item I puchase goes to the pickup location I have my account at. I go back to the location, verify my identity with a username & password I got when I opened the account (add whatever security measures you want here). I then get my item. Anybody trying to track the package goes to the point of purchase and then to you guys. But you don't know who I am. So all that can be found out is that I picked up a package at your location. Not ideal, but somewhat more secure than some other alternatives. This is all of course considering the fact that the original purchase was safe from IP tracking or some other form of digital snooping unrelated to your orginization. BTW, if you use this idea, and make a killing on it, I'd appreciate a generous stock package. Actually, if this really worked, I'd be hapy just to have the option of privacy available to me.

Re: Physical Location Masking. (3.00 / 1) (#34)
by mynnyme on Tue Sep 26, 2000 at 10:49:24 AM EST

Like I said above, why wouldn't you just get your own *local* P.O. BOX instead? It would be just the same. Your true identity will not be revealed. Your purchase patterns CAN be tracked under both scenarios, however (but not linked to you). Either by your P.O. BOX number, or any other identification from MyPrivacy.

[ Parent ]
Doesnt work (none / 0) (#40)
by yuri82 on Wed Sep 27, 2000 at 02:55:37 AM EST

If say the fbi is after you, they will be there waiting for you when you come get the package. Sure, you are anonymous, but you are still not safe from the government.

[ Parent ]
Preventing subpoenas... (4.40 / 5) (#28)
by drrobin on Tue Sep 26, 2000 at 06:09:43 AM EST

I've seen a lot of concern over what happens if data is subpoena'd by a court order. What if you just didn't have the data?

My idea is that you keep a temporary strong-encrypted record of what the customer is trying to buy. Once the purchase is cleared, you remove the record and scrub the data off your harddrives. This way, you can assure users that your record of their purchases will only exist until their payment is recieved. No subpoena woes.

As for the database of customer info itself, it should be public/private key encrypted. You would have the public key. The bank would have the private key. That way, you don't know who a customer is once their in your database, ever. When a purchase must be made, you call up the bank and tell them that user XYZ is making a purchase, and will they please decrypt the user info you are sending them to find XYZ's name and address. You never know it.



Re: Preventing subpoenas... (1.00 / 1) (#44)
by csmacd on Fri Oct 06, 2000 at 05:14:39 PM EST

The trip-ups I see with removing customer data after payment is received are returns and cancelled payments.

For example, I order a widget from you. You can allow me to pay you when I get the item (via escrow or whatever), but what if I cancel payment? How do you find me? Another spin is I send payment with order, get my widget, you delete the records. I want to return widget (broke, wrong color, etc). How do you know I'm a customer that ordered a widget? Without some kind of order information, an unscrupulous person could claim to be a customer, then return expensive items to you that were stolen. You're out cash, and are an unwitting money laundering accessory.

OTOH, for products with a finite useful life (vegetables, for instance) this might work - keep the records around for the useful life of the product, then delete.

[ Parent ]
Private Location? (3.66 / 3) (#31)
by mebreathing on Tue Sep 26, 2000 at 07:51:42 AM EST

What about keeping one's location private? Visual Traceroute is one example of tools that can pinpoint your general location from just your IP. If you're going to accomplish truly anonymous online shopping, you'll have to serve as a proxy for all interaction between vendor and consumer. This includes package remailing and net proxy service.

Re: Private Location? (3.50 / 2) (#33)
by Meridun on Tue Sep 26, 2000 at 10:46:22 AM EST

Good point. My job here is database and software design for the anonymous payment system, but there will be a net proxy and package remailing available upon launch of the service. Feel free to check out the site for more info.



[ Parent ]

Re: Private Location? (3.50 / 2) (#36)
by CodeWright on Tue Sep 26, 2000 at 11:22:55 AM EST

Given that you have said that you are responsible for design & coding, you might want to dissociate your net persona from your real one (too late), because future social engineers might use that info to try to get information about the system architecture from you and thus use it to MyPrivatePlanet's disadvantage.

You should also be sure to -demand- a third-party code audit of all the systems you design and implement -- you don't want to be holding the legal bag in the (inevitable) event that MyPrivatePlanet is compromised. Once audited, the auditors are responsible, not you. :)



--
A: Because it destroys the flow of conversation.
Q: Why is top posting dumb? --clover_kicker

[ Parent ]
I want enough information to assess your security (2.00 / 1) (#37)
by Paul Crowley on Tue Sep 26, 2000 at 05:52:02 PM EST

Your web pages don't go into a lot of detail on what sort of anonymous protocols or procedures you're using. If you don't already have one, you need a security person in touch with the community on board, and you need to write some sort of description of what you're doing, like a technical report, that will allow the community to assess it.

Consider legal as well as technical attacks.

Without it, I don't know if you'll succeed in providing the security you hope to.

I don't mean to harsh you - you sound like the Good Guys! I just want to help with the security stuff - it's hard to get it right first time around.
--
Paul Crowley aka ciphergoth. Crypto and sex politics. Diary.
You know what? I think they are with the fbi... (3.50 / 2) (#39)
by yuri82 on Wed Sep 27, 2000 at 02:39:10 AM EST

If you dig conspiracy theories, this could be one. They realized the carnivore idea wasnt gonna cut it so they figured: why go after them when we can bring them to us? (them meaning hackers). Hey, all of those l337 hax0rs might trust this service..... but then again, I'm just being silly...

Please, no market research (3.00 / 1) (#41)
by Skeevy on Wed Sep 27, 2000 at 01:42:31 PM EST

What I really don't want is for dotcom companies to do their market research on public-forum discussion sites like kuro5hin.

Sure, it's probably harmless and well-intentioned, but what if employees from companies like The Great Satan were to do their market research here? Would it make the front page? Would readers tolerate it?

Find another forum for this sort of stuff, please.



pravacy from which end of the chain? (none / 0) (#42)
by parry on Thu Sep 28, 2000 at 02:33:36 PM EST

The site is totally vague as to what excatly they are offering. What are they offering, and who are they?

With carnivore in the US, and the tapping of everyones email and monitoring of all their webbrowsing at the ISP level in countries like Russia, Britain and China which don't have a regard for the sanctity of human rights, such a service is no use unless it offers end to end encryption to protect peoples human rights as well as their privacy.

Problems (5.00 / 1) (#43)
by Kaa on Tue Oct 03, 2000 at 02:27:04 PM EST

Well, I don't think it's such a good idea. I'll try to explain why.

Anonymous email and browsing where the company knows what I am doing and is willing to disclose it in response to a subpoena is not good enough. Anyone paranoid enough to want such a service will be paranoid enough not to accept this. Besides, there are better alternatives (e.g. Freedom) available. For simple cases (like an online retailer needing an email address that is later spammed) just get a throwaway email address -- it takes all of two minutes to do it.

Anonymous buying... hmm -- that seems to be raison d'etre of the service. Well, I don't think it offers much. The service does not really provide anonymity of purchases: the company knows what happened, and, importantly, the bank that issued my credit card, also knows all my purchases. What is gained is just that the online retailer does not know whom he sold the widget to (although if you don't provide a real address to the retailer and re-ship the product through an intermediary... this will get messy. If you do provide a real address, what's the point?)

All in all, I'd be much more wary of a central location knowing all my purchases online than I would be of tens of merchants at which I shop semi-randomly. For example, I buy my books from buy.com, and Amazon, and Fatbrain, and probably somebody else. To get a good idea what kind of books I like they'll all have to cooperate -- not bloody likely. The only visible advantage seems to be spam reduction, but there are other techniques for dealing with it that work well and are free (e.g. a throwaway mail account).

So, no, I don't think this offers anything of value.

Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.


What Kinds of Online Privacy do you want? | 45 comments (38 topical, 7 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest © 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!