RealTime IT News

Zero Knowledge Systems: Hacking a Path to Net Privacy

There's no better example that one person's hack is another's privacy shelter than the fracas this past April between Intel Corp (INTC) and Zero Knowledge Systems.

Back then, ZeroK was an unknown Montreal start-up specializing in the development of Internet privacy software which had the temerity to announce that Intel's method of hiding the Pentium-III's infamous serial number was totally bogus and could be bypassed by any number of methods without the user's permission or knowledge.

Masterminded by crypto-cyberpunk Ian Goldberg who's broken more encryption keys than most Mafia enforcers have knee caps, the bypass was an Active-X applet that could secretly turn the serial number back on even if the PC owner had used Intel's utility to turn it off.

Goldberg, a Ph.D. candidate at the University of California at Berkeley is known for his part in cracking the 40-bit DES code in the RSA Challenge in three and a half hours; breaking the Netscape encryption system SSL; and breaking the cryptography in the GSM cellular phone standard. But when ZeroK announced the gaping hole in Intel's claims and posted the applet on its site, the embarrassed chip giant melted down. Intel declared the company a hacker site which was distributing malicious Trojan Horse code and immediately sicced Symantec and other virus software vendors on to the little company which quickly found itself branded as an online criminal.

"It's a typical 'shoot the messenger' approach," said ZeroK Founder and President Austin Hill who also pointed out that the company posted the applet only after it was clear that Intel did not intend to close the privacy gap.

Over the next couple of springtime weeks, Zero Knowledge Systems exchanged some pretty sharp public comments with Intel and Symantec that made the big guys look like back alley bullies ganging up on the class geek. And while the P-III chip still has privacy holes big enough to fly the Hindenburg through, ZeroK landed $12 million in venture capital on Sept. 30. thanks, in part, by the high profile it got from the controversy.

"The fracas did a lot of good raising both the issues and their profile," said Mike Santer, partner with Platinum Venture Partners which led the company's first round of venture along with Aragon Ventures and Strategic Acquisition Ventures. "Some big companies underestimate what happens when it looks like they are stomping the little guy."

ZeroK's new investment will allow it to roll-out its Freedom Network later this year. Users download free software form the company and then create pseudonyms (they call them "nyms") which cost $10 per year each. The software works alongside the user's existing browser, e-mail, chat, telnet or USENET software to encrypt the message into multiple layers of encryption and re-direct it through ZeroK's own server network.

According to the ZeroK Web site, "It's as if you were putting a scrambled letter into three or more envelopes, each with a different forwarding and return address. By creating one or more pseudonyms to use for different types of online activity - for instance, one for discussing health issues and a different one for job searching - you can prevent the two from being linked together and traced back to you in the real world. No one, not even Zero-Knowledge, will be able to connect your nyms to your true identity.

User cookies are stored on the user's computer in a "Cookie Jar" with a separate Jar for each nym.

According to ZeroK, "The fact that we don't store the cookies on our servers is one of the many distinctions between us and companies like Privada; we don't ask for, or hold, any of our users' personal information or cookies. Privada, Digitalme, Lumeria, Passport, Privacybank all act as gatekeepers for their users' information. You have to trust them with your privacy, whereas we don't ever ask for people's personal information. If they want to give it out, that's their business."

"I don't think this will upset user profiling," Santer said, "But it will allow the user to control their own privacy. Users have no faith in companies that promise to keep information private. This allows the user to determine the level of private they want."

For a long time, people have believed the fallacy that "on the Internet, no one knows you're a dog." But it seems that Zero Knowledge Systems has given some teeth to the notion that you can be a dog if you want to and nobody has a right to know otherwise. Woof!


ALL NEW! internet.com's HotWatch a monthly e-mail subscription for $99, featuring Internet Stock Report's top 10 noteworthy Internet stocks for the month. Each month you will receive in-depth analysis on the top 10 Internet stocks to watch with the information you need to assess the fast-paced nature of Internet stocks. Staying on top of market changes in the Internet Stock market is what counts. For $99 per year, you receive 12 timely issues sent to you by e-mail. Don't wait, our next issue will be out before you know it with a whole new perspective on the market. Sign up today at: e-newsletters