At this point, I'd rate the system in place as pretty good against
privacy problems at the level of, say, the recent DoubleClick debacle.
I understand that their system doesn't work and play well through a real
firewall, because their PC-resident code pretends to be one.
As was mentioned, the white paper lists a series of weaknesses and
limitations of the current implementation.
All that said, I sent them money just to stir the pot.
hal@finney.org wrote:
>
> KPJ <kpj@sics.se> writes:
> > Assumption: You refer to Freedom software by Zero-Knowledge Systems, Inc.
> >
> > And now: Questions, questions...
> >
> > [0] Zero-Knowledge Systems Inc. seems to be Canada based.
> > Does the Canadian government allow it to sell "sophisticated
> > cryptography" to non-US countries? If not, the Freedom software
> > would become less interesting, wouldn't you say?
>
> I believe that Canada is pretty liberal about crypto exports. And of
> course the US has recently relaxed their regulations as well. So at this
> point the export restrictions are becoming much less of an issue.
>
> > [1] Can one trust their Freedom Network[tm]?
>
> I know several of the people involved with this project. They are
> committed cypherpunks from way back, and technically very strong.
> The company has been good about providing white papers explaining the
> technology, and they even have a whole paper full of nothing but attacks.
> The system isn't perfect, and some of the features aren't done yet,
> but once it is fully operational it should be very strong.
>
> > [2] How can one be sure that ZKSI does not collect the data one sends
> > through their software, unless one gets the program source?
>
> They have made indications about going to some kind of open source
> model, or at least releasing the source for review. Supposedly they
> have a Linux project going as well (currently it is only for Win 95/98).
> This should help add confidence to the system.
>
> Hal
This archive was generated by hypermail 2b29 : Thu Jul 27 2000 - 14:03:35 MDT