EFF Says 'Stop Using Haystack' 136
tenco writes "Based on a blog post by the CRC today, EFF warns against using Haystack for circumventing censorship firewalls in Iran. Jacob Appelbaum states on twitter: 'Haystack is the worst piece of software I have ever had the displeasure of ripping apart.'"
Destroy "someone's" piece of software? (Score:5, Informative)
The EFF has withdrawn their recommendation because the developers of Haystack have basically asked people to stop using it pending their security review.
There's nothing dirty or questionable going on here. CRC has been criticized for certain things, they've taken those criticisms to heart and are attempting to deal with the problems, and in the meantime are warning people that their tool shouldn't be used until those problems are resolved. The EFF's actions reflect this, and nothing else.
Main dev quits? (Score:2, Informative)
According to some info [tumblr.com], the main developer, Daniel Colascione has quit the CRC and the Haystack project.
I am unsure if the e-mail is legit, but if it is, what will that mean? Will the existing codebase be released? No one seems to know.
As far as I can tell, the basic premise (use a variety of 'legitimate' traffic to not necessarily hide what you are doing, but increase the number of false positives to an unacceptable level) is not bad per se. Hopefully a project will get started to do just that.
Re:Ok you've got my attention (Score:5, Informative)
Reading through the tweets [shudder], it appears they submitted their findings to Haystack in private. Haystack reviewed the findings and agreed fully and shut down testing, and their board resigned, basically killing the project. Jacob Applebaum is still deciding whether or not to fully disclose his findings to the public, the reasons for which are a bit unclear, but likely trying to avoid the Iranians who have already tested the software from being found out.
From Haystack Website (Score:4, Informative)
Haystack and Tor do fundamentally different things, and actually complement each other.
Tor focuses on using onion routing to ensure that a user's communications cannot be traced back to him or her, and only focuses on evading filters as a secondary goal. Because Tor uses standard SSL protocols, it is relatively easily to detect and block, especially during periods when the authorities are willing to intercept all encrypted traffic.
On the other hand, Haystack focuses on being unblockable and innocuous while simultaneously protecting the privacy of our users. We do not employ onion routing, though our proxy system does provide a limited form of the same benefit.
To a computer, a user using Haystack appears to be engaging in normal, unencrypted web browsing, which raises far fewer suspicions than many encrypted connections. Authorities can block Haystack only by completely disabling access to the internet, which gives Haystack greater availability in crises, during which the authorities may be perfectly willing to block all obviously-encrypted traffic.
Re:Alternatives? (Score:5, Informative)
So, if he says it's a horribly written piece of software or it just doesn't do what he wants or whatever his reasons are; is he going to write something better? Because if this is the only option, why should people stop using it?
Because if it doesn't work, the users may be stoned to death.
Firewall Circumvention (Score:2, Informative)
That is a huge misinterpretation, here is the real story:
-DEVELOPER of widely used firewall CIRCUMVENTION software says "Don't use MY firewall CIRCUMVENTION software"
-EFF says that DEVELOPER says "Don't use his firewall CIRCUMVENTION software"
-SECURITY AUDITOR that started all this commotion says "Don't use his firewall CIRCUMVENTION software"
This is a huge issue, and I am glad that the EFF is spreading the word. You may not have heard of it, but Haystack is very widely used in Iran. It has been distributed through smuggled CD-R's and USB drives all over the country.
The fact that Haystack is insecure means that MILLIONS of people are at risk of being arrested.
Re:Destroy "someone's" piece of software? (Score:3, Informative)
They're giving a clear command and giving a wishy-washy explanation for it.
The program is having a security audit, yes they should advise that it won't be known how secure it is until the audit is done but that headline will cause massive damage to the software's reputation that probably won't get repaired for a long time. Even if the audit verifies that it's secure and safe.
Re:Destroy "someone's" piece of software? (Score:5, Informative)
The software is dead. The board has resigned. The primary developer says the software in use now was never meant to be secure. It was an early testing version, and should never have been distributed.
Re:Alternatives? (Score:3, Informative)
This is software that, if works as advertized, helps prevent you from being arrested by an authoritarian regime. So if it does not work as advertized, the potential consequences include being arrested by an authoritarian regime.
Given this, if you don't understand why the fact that expert review has shown that it does not work as advertized, implies you should stop using the software, please ask your parents, or the doctors at the institute where they're keeping you.
Since the article is mostly content-free (Score:5, Informative)
Here are some links:
http://neteffect.foreignpolicy.com/posts/2010/09/09/one_week_inside_the_haystack [foreignpolicy.com]
http://jilliancyork.com/2010/09/13/haystack-and-media-irresponsibility/ [jilliancyork.com]
http://calixte.tumblr.com/post/1120185415/no-more-haystack [tumblr.com] - Lead Developers resignation Letter
http://www.oblomovka.com/wp/2010/09/14/haystack-vs-how-the-internet-works/ [oblomovka.com]
Re:Ok you've got my attention (Score:5, Informative)
---- posted in verbatim for /. proof ----
Theres been a lot of alarming but rather brief statements in the past few days about Haystack [haystacknetwork.com], the anti-censorship software connected with the Iranian Green Movement. Austin Heap [austinheap.com], the co-creator of Haystack and co-founder of parent non-profit, the Censorship Research Center [censorshipresearch.org], stated that it had halted ongoing testing of Haystack in Iran; EFF made a short announcement [eff.org] urging people to stop using the client software; the Washington Post [washingtonpost.com] wrote about unnamed engineers who said that lax security in the Haystack program could hurt users in Iran.
A few smart people asked the obvious, unanswered question here: What exactly happened? With all that light and fury, there is little public info about why the worlds view of Haystack should switch from it being a step forward [newsweek.com] for activists working in repressive environments that provides completely uncensored access [haystacknetwork.com] to the internet from Iran while simultaneously protecting the users identity to being something that no-one should consider using.
Obviously, some security flaw in Haystack had become apparent, but why was the flaw not more widely documented? And why now?
As someone who knows a bit of the back story, Ill give as much information as I can. Firstly, let me say I am frustrated that I cannot provide all the details. After all, I believe the problem with Haystack all along has been due to explanations denied, either because its creators avoided them, or because those who publicized it failed to demand one. I hope I can convey why we still have one more incomplete explanation to attach to Haystacks name.
(Those whod like to read the broader context for what follows should look to the discussions on the Liberation Technology mailing list [stanford.edu]. Its an open and public mailing list, but it with moderated subscriptions and with the archives locked for subscribers only. Im hoping to get permission to publish the core of the Haystack discussion more publicly.)
First, the question that I get asked most often [twitter.com]: why make such a fuss, when the word on the street is that a year on from its original announcement, the Haystack service was almost completely nonexistant [jgc.org], restricted to only a few test users, all of whom were in continuous contact with its creators?
One of the things that the external investigators of Haystack, led by Jacob Appelbaum [appelbaum.net] and Evgeny Morozov [foreignpolicy.com], learned in the past few days is that there were more users of Haystack software than Haystacks creators knew about. Despite the lack of a public executable for examination, versions of the Haystack binary were being passed around, just like unofficial copies of Windows (or videos of Iranian political violence) get passed around. Copying: its how the Internet works.
We were also told that Haystack had a centralized, server-based model for providing the final leg of the censorship circumvention. We were assured that Haystack had a high granularity of control over usage. Surely those servers could control rogue copies, and ensure that bootleg Haystacks were exc
Don't use it in America, either (Score:5, Informative)
If you try to use this tool to browse 4chan at work, it's going to surround your browser's 4chan image http requests with nonsensical weather.com http requests. Your network admin will still see that your browser requested
Seth
Re:In other words (Score:4, Informative)
For someone in Iran where the project has been suggested as a way of avoiding state censorship it probably isn't worth the risk.
Just to be completely clear in case some readers didn't quite get your point, "the risk" may well include indefinite imprisonment or summary execution.
Ugh Haystack - previously vaporware or scam (Score:1, Informative)
While
http://neteffect.foreignpolicy.com/posts/2010/09/09/one_week_inside_the_haystack [foreignpolicy.com]
article linked above says he didn't know where it came from, people working with Anonymous Iran knew Austin Heap from the get-go. He had set up some proxies right when the difficulties started and got maximum coverage and kudos for that. He then leveraged that notoriety to start Haystack. Austin Heap is not a programmer but has degrees in marketing and is really excellent at that. He had a full website up for Haystack and was selling it before it existed.
He attended meetings with congress people to ask for these grants all before it existed as well. Many times people posted contact info for people in the security software area and asked that he have his code confidentially peer reviewed since he had already stated it would not be open source. His responses were nothing short of hostile. Any early requests for technical details so people with NGOs could at least get a feel for it's effectiveness were either turned down or answered with non-answers that were confusing, and in some cases technically clueless. So this pissing match started long ago. But Austin has ever tweeted constantly asking for help in donations, grant writing, flash drives, servers, lawyers to set up non-profits, and even developers to write it. Out of the gate he was asking all over Twitter and Anon for $$$.
It wasn't until he continued to dig in on the no peer review that many got suspicious. It smelled like well-hyped vapor-ware, perhaps with good intentions, but so heavily milked for donations likely before even a single line of code existed I do consider it an opportunistic scam at worst or well-intentioned but clueless vaporware at best.
Now it seems he wrote something strong enough to be peer reviewed, and it has issues. Color me *yawning*. I suspect he finally caved on getting it reviewed since it may not sell well without endorsements, or at least one peer review. Though, if his skills in publicity and getting donations are finally harnessed to create something that works via peer reviews maybe everyone will be happy. He can have his shiny well publicized start-up and anti-censorship users can get something that is going to work.
Comment removed (Score:3, Informative)
I am Daniel Colascione (Score:5, Informative)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am Daniel Colascione. I've placed a link to my resignation letter
below; I feel it adds another dimension to the debate on what happened
to Haystack. If anyone has questions, I'll do my best to respond here.
Let me note, also, that as part of my rejoining the project, I
insisted that we release the source under the GPLv3, and that we
engage in an open and honest dialogue with the security community. It
was too late, of course.
-----BEGIN PGP SIGNATURE-----
iEYEAREC AAYFAkyP9 SwACgkQ17c 2LVA10Vtlx ACg6iE3K x2Cbzj3Hg CRO9k6msmz
tH8An iNSdKNga 6sOQWr8wX5 tlbCDRLPP
=s34t
-----END PGP SIGNATURE-----
(Note: the Slashdot lameness filter forced me to break up the signature; please remove the whitespace before verifying.)
My resignation letter [tumblr.com].
Re:Main dev quits? (Score:5, Informative)
As I explicitly stated, I am not resigning in shame over the codebase. The program Danny, Jacob, and others rightly tore apart has no common lineage with what would have eventually become the Haystack release. As part of our short-lived attempt to open up, I described the design of that program in a lengthy post to liberation-tech [stanford.edu]. It is a generally reasonable design that could have worked. I believe the idea still has merit, and hope it is somehow pursued.
It is a shame it is conflated with the broken test program that, for better or for worse, saw a more general distribution than ever intended. (But then again, I should not be surprised.)
Re:Ok you've got my attention (Score:3, Informative)
Hey, Kangsterizer. I'm sorry if you read my blog post expecting to find substantive technical details; that does seem like a waste of time, and maybe I should have made it clearer at the start that there would not be that level of detail.
My claim, and that of others involved in this (including I believe the coder of the Haystack system, who is posting on this thread also) is that we can't give out more detailed info about the problems because we believe that would put people at risk.
I find this incredibly frustrating, because obviously people in your position are entirely right to be skeptical. I'd like you to not believe it's FUD, but I can't think of a way to convince you short of as I said, a detailed public analysis.
Assuming for the moment what I'm saying isn't an ingenious pack of lies or delusion, what do you think I should do?