Reinventing Digital Identity

• Design Goals

• Product Overview

• Technology & Cryptography Overview

• Question & Answer

Design Philosophy

• Authenticated, secure communicationsare GOOD.

• Government & 3rd-party Certificate Authorities that force ‘True Identity’ certificates are BAD.

• Pseudonymous certificates are GOOD.

Design Goals

• Persistent, cryptographically-assured pseudonyms.

• Full strength cryptography with no key escrow. Nobody knows your true identity.

• Completely pseudonymous system architecture for total privacy protection.

Design Problems

• Distributed anonymous system for technical security.

• Distributed anonymous system for protection against legal/legislative attacks.

• Technical requirements for total anonymity requires Anonymous IP protocol.

Introducing…

Freedom Server

• Freedom Servers are Anonymous Internet Proxies

• The Freedom server network carries all Anonymous IP traffic.

• Distributed without charge to Freedom Network operators.

• Freedom network operators are part of a revenue sharing program.

Freedom Server Features

• Support Internet Freedom

• Protect users’ privacy• Market your Internet

services as ‘Privacy enhanced’

• Value-added for ISP customers

• Reduce liability and abuse handling associated with users’ actions

• EARN REVENUEEARN REVENUE$ !$ !

Freedom Server: Technical Details

• Freedom Server currently operates on Solaris 2.6 & Linux 2.1

• Suggested bandwidth requirement:256Kbps (~1/5 of a T1) minimum.

• Configurable bandwidth-shapingmanages the Freedom network’s bandwidth usage.

“Freedom” (the Client)

Freedom allows for completely anonymous:• E-mail (bi-directional pseudonymous e-mail is supported)• Usenet News (Pseudonymous news reading and posting)• Web browsing (Completely pseudonymous web browsing)• IRC (Anonymous IRC chat, DCC is not supported in this version)• Anonymous SSH Login• Anonymous Telnet & DNS

“Freedom” Client (con’t)

• Client creates multiple pseudonyms in the form of ‘pseudonym@freedom.net’.

• Client allows users to associate any action with a specific pseudonym.– E-mail to ‘info@apple.com’ is always sent as

‘pseudonym@freedom.net’

– When browsing ‘www.private.com’ use 4 hops and make my pseudonym be located on Grand Caymans.

– When posting to ‘alt.china.dissident’ post as ‘pseudonym@freedom.net’.

“Freedom” Client (con’t)

• Encryption and pseudonym handling is fully transparent to Users.

• Client will initially be available for Windows & Linux in Q1/99

• Macintosh client available Q2/99.

• Testing begins in December, if you register at the website now!

Mail

Technology & CryptographyOverview

• Review of Anonymous IP

• Review of Digital Identity

• Review of System Cryptography

The Anonymous Cloud1. Client sets up anonymous route and negotiates keys with servers.

2. The first server removes one layer of encryption.

3. The next server removes a layer of encryption.

4. The final hop removes the last layer of encryption and forwards the traffic to the final destination. Traffic returning through the tunnel has data encrypted in reverse with the client removing all the layers of encryption.

Anonymous IP

• Dynamic anonymous route creation through multiply-encrypted server hops.

• Route selection is fully configurable,or selected automatically.

• All Anonymous IP servers have padded links to each other with cover traffic to protect against traffic analysis.

Pseudonymous Digital Identity

• Your Digital Identity is comprised of the following elements:

– Pseudonym (Name + PGP DSS sig.)– Public Key (PGP DH v5.5.5-compatible)– Multiple Reply Blocks– Vital Statistics

Review of System Cryptography

• Freedom Servers & Clients are exportable to all countries in the world except the seven terrorist nations named in the Wassenaar Arrangements.

• The system uses no key escrow or key recovery techniques!

• Freedom is for Everyone, regardless of their government (features backbone attack-resistance).

Review of System Cryptography

• Freedom uses the SSLeay cryptography libraries with Blowfish for symmetric encryption and DSS/DH for public key encryption.

• Freedom’s architecture & cryptography will be independently audited by Counterpane Systems (Bruce Schneier).

General Product Info

• Client software is available in two versions: “Light” (free) & “Pro” (~$50-65, plus <$10 annual fee per pseudonym).

• Light version includes E-mail, Usenet and low-priority web browsing. Also includes one (1) numeric pseudonym.

• Pro version adds IRC, Telnet, SSH andfive (5) user-defined pseudonyms.

For More Information, visit...

http://www.freedom.net http://www.freedom.net