Last December, when Canadian startup Zero-Knowledge Systems, Inc. began selling a service that allows Internet users to choose fictitious names for such activities as sending e-mail, visiting Web sites or joining newsgroups, I was not at all impressed.
At the time, I said, “No matter which way one looks at it, this disastrous so-called service serves little purpose other than to open the door for cowardly and even mentally deranged individuals to pepper victims with harassment, libelous attacks and other unethical behavior.”
However, after last week’s state and federal actions against DoubleClick and several health Web sites for alleged privacy violations, I feel compelled to do something I never thought I would do: make a complete about face.
Because of these incidents, I now recognize the need for the service that Zero-Knowledge is providing, and I encourage other startups to seize upon the same idea.
For $49.95 (US$), Zero-Knowledge users can download Freedom 1.0 software that lets them pick up to five pseudonyms (nyms) and scrambles their messages and Web connections for one year.
The nyms are actually digital tokens that expire in one year, allowing the user to have one identity for five years or five for one year. Zero-Knowledge says it will soon revisit its pricing model to consider the idea of a special renewal price. At the moment, a user with five identities must pay $49.95 to renew those identities.
When a user selects a nym, Freedom creates a private route to connect that user to the Internet. Each route is comprised of one to three servers that receive the Web requests and pass them on to the intended Web site. When the Web site responds, it sends the results back through the route to the user’s browser. The private route protects the user’s true connection to the Internet, as the Web server only knows the IP address of the final server in the route.
At present, Zero-Knowledge says that 50 Freedom servers provide the routing service. It adds, however, that there are another 250 in various stages of development by ISPs.
The system lets users exchange e-mail, access newsgroups, use Internet chat (IRC), surf the Web and link to host computers with Telnet. It does not, however, allow users to use the FTP protocol to download and upload files. While the system works for most home users that run Windows 95 or 98, it does not work for AOL users or on most LANs that operate behind firewalls.
Ask, But We Can’t Tell
While some industry observers maintain that the service can be used to shield the identity of criminals and people who send abusive e-mail, Zero-Knowledge argues that it is simply protecting the privacy of Web surfers.
The company adds that it will cooperate with law enforcement agencies to disable accounts that are being used for criminal activity. It also says that it will not allow its service to be used for spam.
The company takes its name because it does not have the ability to link users’ real identities to their pseudonyms, even if ordered by a court. Company president Austin Hill says the company’s best defense is that “we don’t know.”
Keeping Purchases Anonymous as Well
Meanwhile, Zero-Knowledge, which recently raised $25 million in venture capital, says it has now acquired the ability to develop specialized cash certificates that allow users to make purchases while only disclosing minimal data. For example, the new cash certificate might reveal the age of a movie ticket buyer in order to comply with a law, but not reveal anything else about the individual.
The company acquired the capability by hiring Dr. Stefan Brands, a cryptographer who specializes in privacy, PKI, digital identity authentication systems and electronic cash. Zero-Knowledge also gained exclusive rights to a collection of five current and a suite of pending privacy patents, controlled by Brands, that are associated with the development of electronic cash systems.
Zero-Knowledge said that such digital cash can be stored on handheld computers or smart cards and would enable users to buy online or offline.
However, in order for Zero-Knowledge’s new anonymous money to really catch on, many analysts say that it must first get the backing of financial institutions and e-tailers that now favor profiling their customers. In the past, furthermore, companies that push electronic cash have not fared very well.
Ultimately, while it is not clear whether the idea of electronic cash will catch on, one thing is clear: The recent publicity about privacy violations will guarantee that many consumers — like myself — will be taking a second look at Zero-Knowledge’s privacy service.