[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200308211908.08846.thomas.greene@theregister.co.uk>
From: thomas.greene at theregister.co.uk (Thomas C. Greene )
Subject: Final thoughts on 'Popular Net anonymity service back-doored'
This thread has generated a lot of comments and i'm very pleased to see them.
I'd like to wrap-up a few items if i may.
Some Register and BugTraq readers have pointed out that there is a disclaimer
on the JAP web site: "Due to recent events, we would like to be sure to
point out, that the JAP software is in development and therefore does not yet
offer maximum protection."
Perhaps the English here is poorly worded; perhaps in the original German it's
clearer -- i can't say because i don't read German. But this doesn't sound
like a warning any stronger than the standard "we're human" disclaimer. It
sounds too much like, "We've done our level best but we can't guarantee the
service because we're still ironing out the bugs." That's how i read it, and
how i think most people would.
No one in his right mind expects *foolproof* security, but we should expect
prompt disclosure. The JAP folks could have taken a page from the American
Library Association in its opposition to the Patriot Act and warned us thus:
"We can't assure your anonymity if a court order requires us to disclose user
behavior. We will comply with such orders, and we may be prevented from
warning users when we receive them. To avoid this problem, you should use
other mixes."
That would have been a decent warning imho. Instead, the JAP team and their
partners insist that the system is still trustworthy. (I imagine it *can* be
if you arrange outside mixes.) Some readers and posters to this thread have
even suggested that users who can't or won't review the source code deserve
to be harmed. Rather a mad assertion, since there are roughly 550 files in
the JAP app. And those who can't understand what they find there should not
be penalized for not being geeks, but should be able to trust the JAP team's
assertions.
The JAP Web site still claims that, "No one, not anyone from outside, not any
of the other users, not even the provider of the intermediary service can
determine which connection belongs to which user." I call that a bald-faced
lie.
Other readers have suggested that the JAP folks were under a gag order and did
their best to reveal the problem by signalling the insecurity in the source
files. I don't buy it. If they were under a gag order, then why did they post
a confession to alt.2600? And what about the confessional press release from
ICPP? Would a gag order be written to let them off the hook as soon as
someone suspected something? I doubt it. The fact that they're talking about
it now indicates that there never was a gag order. And besides, they've never
claimed that there was one; only their apologists have.
Now consider this imaginary gag order and the JAP team's liability under it.
If it existed, they could have gone to the press on condition of anonymity.
Sure, the German Feds would guess who leaked it, but no decent journo would
ever testify to that fact so it would never be established in court. The Feds
can suspect all they want; what matters is what they can prove. Without the
journo's cooperation they'd prove nothing. Maybe the Gestapo can pressure
German journos, i don't know; but going to the press outside Germany would
have been perfectly safe. Those of you who know my column can guess what i'd
say to some foreign judge who demanded my notes.
As i said in the Register article, the real issue is disclosure. Nobody
expects perfection. Honesty and prompt disclosure would be perfectly
adequate.
chrz,
t.
Powered by blists - more mailing lists