*** PRIVACY ON THE INTERNET ***
* Communications privacy
* e-gold
* DigiCash ecash
* CyberCash
* Links - the URLs mentioned can be found here in HTML format
* Communications privacy
There are two elements to communications privacy: The identity of the
participants and the content of the messages transmitted among them.
It is possible to preserve the content of your messages with absolute
security. You simply encrypt them. There are two good ways to do this: by
using the one-time-pad encipherment scheme, or by using the Pretty Good
Privacy program.
Prior to PGP, cryptographic keys had to be distributed over secure
channels so that both parties could send encrypted traffic over insecure
channels. Governments solved that problem by dispatching key couriers with
satchels handcuffed to their wrists. Governments could afford to send guys
like these to their embassies overseas. But the great masses of ordinary
people would never have access to practical cryptography if keys had to be
distributed this way. No matter how cheap and powerful personal computers
might someday become, you just can't send the keys electronically without
the risk of interception.
The breakthrough came with the mathematics of public key cryptography.
This allows people to communicate securely and conveniently with no prior
exchange of keys. No more special key couriers with black bags. This,
coupled with the technology of the information age, means the great masses
of people can at last use cryptography.
I have created a program, CIPHER.EXE (it runs under MS-DOS), which is a
simple implementation of the one-time-pad process. This program is (so far)
perfectly legal and you can download the ZIP file here:
CIPHER.ZIP 35Kbytes
The Pretty Good Privacy program was invented by Philip Zimmermann in June
1991. How secure is it? In 1997 these three attacks were made:
250 computers cooperated to break a 40-bit key in 4 hours.
3500 computers broke a 48-bit key in 13 days.
Several thousand computers linked on the Internet broke a 56-bit key in
140 days.
As you can see, the difficulty increases exponentially, not linearly,
with increasing key length.
As of February, 1998 the legally-exportable (from the United States) key
size is 56 bits. Keys larger than that size are considered by the American
Government to be dangerous weapons, even though the citizens of many other
countries are using them. The latest version of PGP (using a key-length of
1024 bits) is available from Norway at: www.pgpi.com/download
It may or may not be legal for American citizens to use this program.
There is a trade-off between PGP and CIPHER:
PGP is much more convenient to use than CIPHER. The one-time-pad process
requires each message to have a unique key, which must be at least as long
as the message, and these keys must be in the possession of all
participants. This key-handling can be a hassle, as I explained above.
As you saw above, PGP encipherments can be broken. (I will leave it to
you as an exercise to calculate how many centuries it would take to break a
1024-bit key.) The one-time-pad process is absolutely unbreakable.
For the vast majority of Internet users there is no such thing as true
anonymity. Every privacy and financial service I examined is quite clear in
its assertions that "We will release account information if we are served a
subpoena by law enforcement officials." The e-gold service is really
emphatic about this (see below). The only thing people WON'T tell about you
is what they CAN'T tell about you. And the only thing they can't tell is
what they don't know. I hope somebody will tell me that I am wrong, and that
there IS a good way to ensure anonymity.
Everything you send to or receive from the Internet is transmitted, via a
telephone cable, through your Internet Service Provider. That phone cable is
a finger that points directly at you, and the government has unlimited
access to it through its control over the phone company. Thus whatever
information your ISP has about you is available to the government. Unless
you can bypass this scheme, you have no true anonymity. (But don't feel bad,
you CAN bypass it. I will explain below.)
You can obtain partial anonymity by using proxy servers. A proxy server
is a middleman between your ISP and the websites you visit.
To use a proxy server for e-mail, you send your message to the proxy
server, where all the identifying data is stripped off your message and the
proxy server's data is installed in its place. The message is then sent on
to its destination. The recipient sends his reply to the proxy server, which
routes the message on to you. The recipient has no way of knowing at what
address the message originated, but the proxy server DOES know this.
The same procedure is used to enable you to access a webpage anonymously.
You query the proxy server, which strips off all references to your identity
before forwarding your request to the website. The website knows only that
the proxy server came to get the page.
Of course, none of these proxy schemes provides any security between your
computer and your ISP or between your ISP and the proxy server. They are
rather like having auto insurance that does not go into effect until you are
at least 100 miles from your home.
* e-gold
www.e-gold.com
E-gold is a monetary transfer system, operated by Gold & Silver Reserve,
Inc. which enables the use of precious metals as money. Transfer orders are
expressed in amounts of gold, silver, and other metals.
The recipient of each e-metal payment is assessed a 1% fee, in metal.
You must provide them with your Name, Social Security#, Postal address,
e-mail address, Phone#, and your Mother's maiden name.
Its policy on privacy is:
"G&SR complies with US legislation and regulations which require
virtually every monetary transaction to have a paper trail which must be
made accessible to government officials acting in accordance with law. All
transactions within the e-gold system generate a permanent record so it is
possible to trace the entire lineage of any metal back to the point where
value entered the system. If you send us a payment which requires the filing
of information with the government, but refuse to adequately document your
identity, we will not accept it."
Don't think too harshly about this policy. G&SR, just like any ordinary
banking institution, is compelled by law to do this. Only if they were to
spread their metals storage around among several countries, and move their
business headquarters out of the USA, would they be able to provide secure
financial services.
Secure e-gold accounts could be provided if they were, like mixmaster,
doubly encrypted. Only the bank would have the key to the inner envelope,
containing the individual account data, and only the account holder would
have the key to the outer envelope. Thus, the bank would not have to know
anything about the account holder. It would merely deal with whoever could
open the outer envelope.
In October, 2003, I logged-on to the e-gold website and registered to
open an account. The program took my personal data and informed me that my
account information would be sent to me via email. I never heard from them
again.
Here is the address of another, similar, money-transfer operation:
www.goldmoney.com
It has a nice-looking website, but I have not examined it any further.
* DigiCash alias ecash
digicash.com
DigiCash went bankrupt in early 1999. Here is its description anyway, so
you can see the sort of idea that does NOT work in the American economy.
This company operates thru the Mark Twain Bank (also defunct), where each
participant must have an account.
No physical money is involved in the actual transfer system. The
transfers consist of strings of digits, each corresponding to a different
digital coin. Each coin has a denomination, or value, and purses of digital
coins are managed automatically by the ecash software.
Having received a payment request from Bob, Alice's ecash software
chooses coins with the desired total value from the purse on her hard disk.
Then it removes these coins and sends them over the network to Bob. Bob's
software automatically sends them on to the bank.
To ensure that each coin is used only once, the bank records the serial
number of each coin in its spent coin database. If the coin's serial number
is already recorded, the bank has detected someone trying to spend the coin
more than once and informs Bob that it is a worthless copy.
* CyberCash
cybercash.com
This company enables merchants to process credit cards online.
* Links
Proxy Servers
freedom.net
Anonymizer
Datafellows
Infonex
Private Idaho
Private Idaho is a utility for Windows. It simplifies using privacy
tools such as e-mail PGP, anonymous remailers, etc.
Privacy information
Remailer information
Information about cookies
Download the latest version of PGP from Norway
Financial
E-Gold
CyberCash
Back to MyBook