*** PRIVACY ON THE INTERNET ***
* Communications privacy
* e-gold
* DigiCash ecash
* Mark Twain Bank
* CyberCash
* Links - the URLs mentioned can be found here in HTML format
* Communications privacy
There are two elements to communications privacy: The identity of the
participants and the content of the messages transmitted among them.
It is possible to preserve the content of your messages with absolute
security. You simply encrypt them. There are two good ways to do this: by
using the one-time-pad encipherment scheme, or by using the Pretty Good
Privacy program.
Prior to PGP, cryptographic keys had to be distributed over secure
channels so that both parties could send encrypted traffic over insecure
channels. Governments solved that problem by dispatching key couriers with
satchels handcuffed to their wrists. Governments could afford to send guys
like these to their embassies overseas. But the great masses of ordinary
people would never have access to practical cryptography if keys had to be
distributed this way. No matter how cheap and powerful personal computers
might someday become, you just can't send the keys electronically without
the risk of interception.
The breakthrough came with the mathematics of public key cryptography.
This allows people to communicate securely and conveniently with people
they've never met, with no prior exchange of keys over secure channels. No
more special key couriers with black bags. This, coupled with the trappings
of the information age, means the great masses of people can at last use
cryptography.
I have created a program, CIPHER.EXE (runs under MS-DOS), which is a
simple implementation of the one-time-pad process. This program is (so far)
perfectly legal and is freely available from me: dbking@ricochet.net
The Pretty Good Privacy program was invented by Philip Zimmermann in June
1991. How secure is it? In 1997 these three attacks were made:
250 computers cooperated to break a 40-bit key in 4 hours.
3500 computers broke a 48-bit key in 13 days.
Several thousand computers linked on the Internet broke a 56-bit key in
140 days.
As you can see, the difficulty increases exponentially, not linearly,
with increasing key length.
As of February, 1998 the legally-exportable (from the United States) key
size is 56 bits. Keys larger than that size are considered by the American
Government to be dangerous weapons, even though the citizens of many other
countries are using them. The latest version of PGP (using a key-length of
1024 bits) is available from Norway at: www.pgpi.com/download
It may or may not be legal for American citizens to use this program. The
PGP home page: www.ifi.uio.no/pgp has more information about the legal
ramifications of the program.
There is a trade-off between PGP and CIPHER:
PGP is much more convenient to use than CIPHER. The one-time-pad process
requires each message to have a unique key, which must be at least as long
as the message, and these keys must be in the possession of all
participants. This key-handling can be a hassle, as I explained above.
As you saw above, PGP encipherments can be broken. (I will leave it to
you as an exercise to calculate how many centuries it would take to break a
1024-bit key.) The one-time-pad process is absolutely unbreakable.
For the vast majority of Internet users there is no such thing as true
anonymity. Every privacy and financial service I examined is quite clear in
its assertions that "We will release account information if we are served a
subpoena by law enforcement officials." The e-gold service is really
emphatic about this (see below). The only thing people WON'T tell about you
is what they CAN'T tell about you. And the only thing they can't tell is
what they don't know. I hope somebody will tell me that I am wrong, and that
there IS a good way to ensure anonymity.
Everything you send to or receive from the Internet is transmitted, via a
telephone cable, through your Internet Service Provider. That phone cable is
a finger that points directly at you, and the government has unlimited
access to it through its control over the phone company. Thus whatever
information your ISP has about you is available to the government. Unless
you can bypass this scheme, you have no true anonymity. (But don't feel bad,
you CAN bypass it. I will explain below.)
You can obtain partial anonymity by using proxy servers. A proxy server
is a middleman between your ISP and the websites you visit.
To use a proxy server for e-mail, you send your message to the proxy
server, where all the identifying data is stripped off your message and the
proxy server's data is installed in its place. The message is then sent on
to its destination. The recipient sends his reply to the proxy server, which
routes the message on to you. The recipient has no way of knowing at what
address the message originated, but the proxy server DOES know this.
The same procedure is used to enable you to access a webpage anonymously.
You query the proxy server, which strips off all references to your identity
before forwarding your request to the website. The website knows only that
the proxy server came to get the page.
The mixmaster process routes your message through several proxy server
remailers, thus making it impossible for anyone to trace it. A mixmaster
message is structured as a nested set of encrypted envelopes. Instructions
for processing are hidden inside each envelope, which is specifically
encrypted to a specific remailer. Each remailer removes his layer of
encryption and its accompanying instructions, and takes the requested
actions, sending the remainder of the package on to the next remailer. Thus,
only the first remailer knows where the message originated, and only the
last remailer knows the ultimate recipient.
Of course, none of these proxy schemes provides any security between your
computer and your ISP or between your ISP and the proxy server. They are
rather like having auto insurance that does not go into effect until you are
at least 100 miles from your home.
Much better anonymity can be obtained through the use of a Ricochet
cellular modem. If you choose to purchase a modem ($300) rather than rent it
($10/month), the only information Ricochet will ask for is a name and
address where it can send its monthly bills ($30/month for unlimited
Internet access). A fictitious name at a mail drop will do just fine. Thus
even if the government uses a court order to access the Ricochet radio
network, it cannot identify you or locate you. The modem can be used in any
of the areas that have been equipped with relays for the Ricochet network.
As of early 1998 they are: Seattle, San Francisco, Washington DC, and
several small towns in Wyoming and Nebraska. I do not know if Ricochet has
any competitors.
Aside from privacy considerations, Ricochet's radio system has the
benefit of being a much more speedy and secure link to the Internet than is
the phone system. Ricochet does not use local phone lines - the modems'
radio signals are relayed to a local collector which uplinks to a satellite
system which is then connected to a main trunk phone line. I have been using
a Ricochet modem (with a laptop computer) for several months and find it
vastly superior to an ordinary phone modem. It's small and battery-powered -
this portability is quite handy.
The Ricochet home page is: www.ricochet.net
* e-gold
www.e-gold.com
E-gold is a monetary transfer system, operated by Gold & Silver Reserve,
Inc. which enables the use of precious metals as money. Transfer orders are
expressed in amounts of gold, silver, and other metals.
The recipient of each e-metal payment is assessed a 1% fee, in metal.
You must provide them with your Name, Social Security#, Postal address,
e-mail address, Phone#, and your Mother's maiden name.
Its policy on privacy is:
"G&SR complies with US legislation and regulations which require
virtually every monetary transaction to have a paper trail which must be
made accessible to government officials acting in accordance with law. All
transactions within the e-gold system generate a permanent record so it is
possible to trace the entire lineage of any metal back to the point where
value entered the system. If you send us a payment which requires the filing
of information with the government, but refuse to adequately document your
identity, we will not accept it."
Don't think too harshly about this policy. G&SR, just like any ordinary
banking institution, is compelled by law to do this. Only if they were to
spread their metals storage around among several countries, and move their
business headquarters out of the USA, would they be able to provide secure
financial services.
Secure e-gold accounts could be provided if they were, like mixmaster,
doubly encrypted. Only the bank would have the key to the inner envelope,
containing the individual account data, and only the account holder would
have the key to the outer envelope. Thus, the bank would not have to know
anything about the account holder. It would merely deal with whoever could
open the outer envelope.
* DigiCash alias ecash
digicash.com
This company operates thru the Mark Twain Bank, where each participant
must have an account.
No physical money is involved in the actual transfer system. The
transfers consist of strings of digits, each corresponding to a different
digital coin. Each coin has a denomination, or value, and purses of digital
coins are managed automatically by the ecash software.
Having received a payment request from Bob, Alice's ecash software
chooses coins with the desired total value from the purse on her hard disk.
Then it removes these coins and sends them over the network to Bob. Bob's
software automatically sends them on to the bank.
To ensure that each coin is used only once, the bank records the serial
number of each coin in its spent coin database. If the coin's serial number
is already recorded, the bank has detected someone trying to spend the coin
more than once and informs Bob that it is a worthless copy.
* Mark Twain Bank
marktwain.com
Requires: Name, Birthdate, Social Security#, Driver's license#, Street
address, Phone#, e-mail address.
* CyberCash
cybercash.com
This company enables merchants to process credit cards online.
* Links
Proxy Servers
Anonymizer
Nymserver
Mixmaster
Datafellows
Cyberpass
Infonex
Obscura
c2
Private Idaho
Private Idaho is a utility for Windows. It simplifies using privacy
tools such as e-mail PGP, anonymous remailers, etc.
Privacy information
Remailer information
remailer info
Information about cookies
Anti-spam information
The PGP Home Page
Download the latest version of PGP from Norway
Financial
E-Gold
DigiCash
Mark Twain Bank
CyberCash
The Ricochet cellular modem
Back to the Table of Contents