\chapter{Related Works}
\section{PGP Key Servers}
Pretty Good Privacy is a general-use public-key cryptography tool.  It
provides for encrypted and signed communication.  Users exchange their
public keys by means of widely-publicized servers:

\begin{quotation}
Public Key Servers exist for the purpose of making your public key
available in a common database where everybody can have access to it
for the purpose of encrypting messages to you. While a number of key
servers exist, it is only necessary to send your key to one of them.
The key server will take care of the job of sending your key to all
other known servers.\cite{pgpfaq}
\end{quotation}

Each public key on the key servers is signed by people who can verify,
by some means, that the person whose name is attached to a key
actually controls the associated secret key.

Users who download a public key from the servers set two parameters
within their own installation of PGP:
\begin{itemize}
\item Confidence that this key represents the user whose name is
attached.
\item Confidence that this person exercises good judgment in signing
other people's keys.
\end{itemize}

By means of these two values, a network of trust is established.  PGP
serves as an effective means of communication, and has established a
good infrastructure for safely exchanging keys.  It fails due to user
interface problems: most notably, each key to be accepted as an
introducer requires informed attention on the part of the user.  As a
result, it has not become widespread enough to be generally useful.

\section{Netscape Certificate Authorities}
Many commercial web sites wish to ensure that visitors can communicate
with them securely.  Some also want to strongly verify the identities
of their visitors.  Certificate Authorities (CAs) exist in a
multi-rooted hierarchy.  A handful of top-level authorities certify
most commercial sites; such sites are then able to establish session
keys with their users.  Some such sites issue personal certificates to
their users.

The flaw here is that users are locked into trusting the established
CAs.  A user can't decide that he trusts his friends to certify
things, but not VeriSign.

\section{AOL Instant Messenger}
AIM\cite{aolim} is a popular messaging client.  In order to avoid
harassment, users are allowed to file a complaint about those who have
sent them messages.  Users who accumulate a certain number of
complaints per unit time are automatically disconnected from the
service.  The problem here is that \emph{every} AIM user is therefore
trusting \emph{every} other AIM user to act as a censor.  AIM has had
numerous problems with this complaint feature being used to deny
service to various targets.

\section{The Eternity Service}
Ross Anderson's Eternity Service\cite{eternity} is the
motivation for this project. It includes a wonderful vision of how the
world might work in the future, in terms of data havens. On the other
hand, it relies on a stable digital cash scheme, which is certainly
not available today. Furthermore, it has a stronger correlation between
ability to store data into the system and amount of real-world
capital available. While our proposal does have a loose correlation
between available resources and amount of influence over the servnet,
it is not nearly so direct.

\section{Napster}
The Napster service\cite{napster} is a company based around connecting
people who are offering MP3 files to people who want to download them.
While they provide no real anonymity and disclaim all legal liability,
a very important thing to note about the Napster service is that it is
highly successful. Thousands of people use Napster daily to exchange
music; if there were greater security (and comparable ease of use), I
suspect that many thousands more would participate. Napster presents a
very clear argument that the Internet community wants a service like
Free Haven.

The response to the Metallica suit\cite{metallica} --- in particular,
the continued use of Napster for trading of illegal MP3 files ---
indicates that the Internet community is willing to continue use of
this service even knowing that it could have negative legal
consequences.

\section{Gnutella}
Gnutella\cite{gnutella} is a peer-to-peer Napster clone.  It was
developed by an employee of AOL, then shut down by that company.
Development is proceeding in the hands of open-source contributors.
Gnutella depends on the ``Small Worlds'' model to maintain a connected
network.

\subsection{Small Worlds Model}

Social networks display two characteristics which initially may appear
to be contradictory.  First, social connections display clustering,
whereby friends are likely to share the same group of friends.  Second,
they exhibit what has been termed by Stanley Milgram as the ``small
worlds effect'' \cite{milgram}.  Namely, any two people can establish
contact by going through only a short chain of intermediate
acquaintances.  Milgram proposed that all people in the world are
separated by six intermediaries on average;  this effect is better
known as ``Six Degrees of Separation'' or the ``Kevin Bacon Game.''


\subsection{Flaws}
According to the new developers' web site \cite{gnutella}:

\begin{quotation}
Gnutella puts a stop to all those shenanigans. When you send a query
to the GnutellaNet, there is not much in it that can link that query
to you. I'm not saying it's totally impossible to figure out who's
searching for what, but it's pretty unlikely, and each time your query
is passed, the possibility of discovering who originated that query is
reduced exponentially. More on that in the next section.

In short, there is no safer way to search without being watched.

A big however, however. To speed things up, downloads are not
anonymous. Well, we have to make compromises. But again, nobody's
keeping logs, and nobody's trying to profile you.
\end{quotation}

They're having some problems maintaining anonymity, however.  While
Gnutella suggests trusting all of your ``friends'' to not log your
queries, sites such as the Gnutella Wall of Shame\cite{gnushame},
which attempts to entrap child pornographers using the Gnutella
service, suggest otherwise.  The direct file-transfer portion of the
Gnutella service has been demonstrated to not adequately protect the
anonymity of servers or readers.  The failure is reducible to one of
trust: the Gnutella service requires users to trust their neighbors,
but provides no means of ensuring that trust is kept.

\section{Freenet}
Freenet is a project akin to Free Haven, but focused on availability,
not anonymity.  If even a few nodes in the system are corrupted, the
entire service becomes untrustworthy for purposes of anonymity.
However, Freenet's tendency to widely duplicate popular information
makes it difficult to remove data.

The near-total lack of anonymity in Freenet raises the possibility of
traditional search-and-seizure attacks, and calls their reliability
into question.

\section{Zero Knowledge Systems}
Users of Zero Knowledge Systems'\cite{zks} ``Freedom Network'' are
currently forced to trust ZKS Inc.  ZKS sells pseudonyms; right now,
it uses the standard credit card system.  If subjected to a warrant,
ZKS would be forced to reveal the owner of a given pseudonym.  ZKS
claims plans to fix this problem by switching to an anonymous e-cash
system.  From a trust-system point of view, this transfers the problem
to trusting the maintainers of the e-cash system.

It also raises the point that there currently is no widely available
e-cash infrastructure.

\section{Internet Relay Chat}
The IRC network establishes trust based on a very simple model: IP
addresses.  A common technique among crackers on IRC is to flood the
host of a victim, temporarily knocking him off the network.  While the
victim is thus distracted, the cracker spoofs packets from the victim
to an IRC server, giving privileges to himself and removing them from
the victim.  When the victim returns to the network, he is now
unprivileged, and is subject to further attacks by the now-privileged
cracker.

Clearly, non-cryptographic trust models are not useful against modern
adversaries.

\section{Mobile Agents for Network Trust}
MANET\cite{manet} is a DARPA project to produce ``a
compromise-tolerant structure for information gathering.''  The
motivation is to create a system whereby untrusted networks can
cooperate to fight against ``mobile adversaries'': adversaries who
move from one network to another.  The MANET project attempts to avoid
the problem of corrupted servers by requiring several servers to weigh
in on a subject with direct evidence before action is taken.  This
approach is, even in the eyes of the MANET authors, somewhat na\"ive.
MANET relies on correct execution of mobile code 

\section{Publius}
The Publius system\cite{publius} has an implicit trust model entirely
divorced from reality: there is a static set of servers, all of which
are widely and publicly known.  Documents are staticly stored on
several of these servers, having been split using Shamir's Secret
Sharing Algorithm.  If one of these servers is corrupted, it is
assumed it will be replaced.

It's possible to turn Publius into an informal but workable system
with a very small amount of work: if the servers are all publicly
known, then an informal trust network can be put into place.  Create a
discussion forum, called perhaps \texttt{alt.anonymous.publius}.
Sites which wish to become servers advertise here; if users discover
that a server has been corrupted, they can denounce it in that forum.
Of course, this system provides no formality or assurances whatsoever.