At 14:47 -0800 7/10/00, [EMAIL PROTECTED] wrote:
>could somebody on cypherpunks please explain to me what the whole
>point behind companies like Privada and ZKS really is?
I'm going to give you the benefit of the doubt and assume your just
ignorant and looking for an education, not obnoxious and trying to be
a pain in the butt.
>As far as I understand, these companies use fancy, proprietary "encryption"
>to make sure nobody out there in the big, bad Internet world can
>find out my (a) geographic location, (b) IP address or (c) operating system.
First of all the encryption is not proprietary- the algorithms (at
least in the case of ZKS, I've never heard of Privada) are publicly
known, and considered strong by most, if not all, cryptographers.
Additionally the protocols are known and have been debated
extensively on this list. They may not be perfect but they are
certainly not worth of being called proprietary.
>Since when does scrambling my IP address have anything to do w/
>my privacy? IP addresses are almost never personally identifying,
>since (a) most corporate users are coming from behind a firewall,
>(b) most consumers have a dynamic DHCP address anyway and (c) in
>a worst case scenario, I can always switch my IP address..
And in all three cases you are by any attacker willing to devote
sufficient resources to the task. Let's take them one at a time-
First be aware that virtually all organizations keep extensive
records of who a given user was on a given IP address. That means-
a) All you have to do for most organizations is ask, then threaten to
sue and the corporation will politely roll over.
b)That's a bit of a broad generalization. Even so, name your
favorite ISP and their as likely to roll over as the corporations in
a.
c) Indeed, if your being pranked on the phone all you have to do is
change your phone number, if your being stalked all you have to do is
move, if your being chased by an ax wielding maniac all you have to
do is run...
>I've worked in customer analytics at various, significant e-commerce
>Web operations, and the worst thing companies do w/ this info is
>use it to debug their site operations across the zillion different
>Browser/OS variants out there in the market place. No human has
>ever received an ounce of spam b/c some corporate bad-guy was able
>to figure out thier browser/OS combination. At best, it seems, Privada/ZKS
>are guarenteeing us a future of buggier Web sites..
I like to think that good browsers that conform to public standards
would do a lot more for buggy websites than knowing what operating
system I choose to use. And your write, I'm not overly concerned
about the evil threat posed by corporate behemoths- some of us are
still concerned that big brother is watching.
>Furthermore, each company seems to require me to fill out a mongo
>form of personal info like name, address, email, credit card, etc,
>etc, etc before I can even fire up their software!!!
>
>THIS is the information about me that REALLY IS personally identifying,
>it's the info that EVERY e-commerce Web operation is DYING to get,
>and here they are asking me for it before I can even use there software,
>
>and then I have to PAY to use their software, even though my personal
>information is worth a gold mine to Internet marketers (who can
>pay upwards of $300 to acquire a new customer), and as far as I'm
>concerned ZKS and Privada and whoever else should be PAYING ME to
>see my personal info, for exactly that reason -
>
>both companies seem to make the point that you don't have to trust
>them as a third party, and yet the first thing they ask for is my credit
>card number -
What do you think privacy means? Privacy doesn't mean all
information about is secret- it mean YOU have control over your
information and how and why it's used. As to the "fact" that IP
addresses are useless to web marketeers is quite simply wrong. IP
address can easily be used to trace a users path across the entire
web, watching and recording most, if not all, the websites one visits.
>an economy based on "nyms" is a pipe dream. No human has ever purchased
>a car, or purchased a home, or taken out a loan, or started a business,
>or gotten a job by using an anonymous "nym". Any significant economic
>transaction, in both the real world and the virtual, requires accountability,
Oh? Why? Don't tell me that because that's the way it works today-
tell me why it has to work this way. You can't pay cash for a car?
As to the rest and the economic's of anonymous business to other,
more wiser members of this list, but the jist is that all these
things are entirely possible anonymously.
>and accountability is only engendered through identity, not anonymity.
>(the anarchists, I'm sure, will cringe, but it IS a sobering fact
>of this reality that we all live in)
>
>it seems a more appropriate use of cryptography to enhance privacy
>would be to make sure that any transaction I partake in is REALLY
>done by me.. identity theft is the worst privacy violation in this world,
> not IP logging...
Why is it possible to steal an identity? It seems to me that what
is being stolen during identity theft is not ones identity but
instead all the various trappings that have been tacked on by various
other organizations. There is no sceme can device for replacing
peoples identities with tokens (that's really what one is proposing
when when talks about "proving" who you are) that don't result in
catastrophic consequences if that token is ever lost or stolen (yes,
cryptography can reduce the risks of theft and loss by increasing the
difficulty of an unauthorized person using that token, but
fundamentally the problem remains). The real solution is to increase
the number of identity tokens and make there uses more specific.
Taken to the furthest extreme and the result is an economy based on
nym's. Remember that capitalism was a pipe dream until someone
figured out that it was a better way to run an economy than the
alternatives.
>privacy IS NOT synonymous w/ anonymity (again, the anarchists will
>cringe, but it's another sobering fact of reality), but rather with
>controlling the personal information that the world DOES come to know about
>you..
And how do you propose to control the information you've already
released? OH, I know! Lets pass a law. Some us on this list,
however, believe that more than enough laws have been made and so
would prefer a technological, rather than governmental solution.
The technical solution is pretty simple- each person has lots of nym,
each nym only having enough personal information to serve it's
designated purpose. One controls one's information by choosing which
nym to give out.
>Can ZKS/Privada disclose to me the personally identifying information
>Web sites (and other corporations, organizations, etc) have collected
>about me? Can I find out for what purposes this information is being
>used? Can I make sure it is only being used for the reason I disclosed,
>and not for other reasons I didn't approve? Can I make sure this
>information is accurate and consistent? Can I delete my personal
>info from a corporate database if I find they have been misuing it??
No, and once again I suggest to you that your taking the wrong
approach to the problem. Why not control the information you give
them in the future? If they choose to abuse it, simply dispose of
the nym. Simple, straight forward, and a hell of a lot less
intrusive that forcing every corporation to open their databases for
inspection.
>Can ZKS/Privada stop the phone calls at 7am from my credit card
>company, who just "wants to make sure the personal info they have
>about me is correct, oh, and my the way, can we interest you in
>a balance transfer from your Discover card while we have you on the line?"?
No. Might I suggest you consider switching to a different credit
card company- one with a bit more respect for your time and energy?
>I'm a newbie to the whole field of encryption, so please enlighten
>me if I'm missing something about "zerk-knowledge" proofs...
If I might offer a suggestion, this would be a good time to lurk for
a few months and see if you can learn a few things before you start
asking questions. You'd be amazed what you can learn (a couple of
these guys have truly stunning cake recipes, just post a message with
the subject "Please help me make a bomb" <G>).
--
Kevin "The Cubbie" Elliott
<mailto:[EMAIL PROTECTED]> ICQ#23758827
_______________________________________________________________________________
"As nightfall does not come at once, neither does oppression. In both
instances, there is a twilight when everything remains seemingly
unchanged. And it is in such twilight that we all must be most aware
of change in the air--however slight--lest we become unwitting
victims of the darkness."
-- Justice William O. Douglas
