Forgot your password?
typodupeerror
Security Your Rights Online

EFF Says 'Stop Using Haystack' 136

Posted by CmdrTaco
from the where-will-i-get-my-needles-now dept.
tenco writes "Based on a blog post by the CRC today, EFF warns against using Haystack for circumventing censorship firewalls in Iran. Jacob Appelbaum states on twitter: 'Haystack is the worst piece of software I have ever had the displeasure of ripping apart.'"
This discussion has been archived. No new comments can be posted.

EFF Says 'Stop Using Haystack'

Comments Filter:
  • by The MAZZTer (911996) <megazzt@NoSPAM.gmail.com> on Tuesday September 14, 2010 @09:48AM (#33573066) Homepage
    Now did Mr. Appelbaum post a detailed review somewhere that isn't limited to 140 characters? I would like to read it. The linked blog posts don't satiate me.
    • Re: (Score:2, Insightful)

      Yes, where is the meat actually... Not in the linked "articles". So there is a problem? Sure, very possible, but I'd like some explanations.
      • Re: (Score:1, Funny)

        by Anonymous Coward

        It's been censored.

        • by x2A (858210)

          Well in true Haystack style, they should give us the real reason, and 999 fake decoy reasons!

          • by lgw (121541)

            It's like finding a needle in a haystack - so you mean he used a magnet?

      • by Anonymous Coward on Tuesday September 14, 2010 @10:16AM (#33573492)

        Reading through the tweets [shudder], it appears they submitted their findings to Haystack in private. Haystack reviewed the findings and agreed fully and shut down testing, and their board resigned, basically killing the project. Jacob Applebaum is still deciding whether or not to fully disclose his findings to the public, the reasons for which are a bit unclear, but likely trying to avoid the Iranians who have already tested the software from being found out.

    • by Sycraft-fu (314770) on Tuesday September 14, 2010 @10:17AM (#33573522)

      I'm not sure why you'd get so hostile towards Twitter posts. I mean seriously, what kind of reasonable idea can't be expressed in 140 charac

    • Hmm his twitter account has some more tidbits that shine some light. It will do for now I guess.
    • by doomy (7461) on Tuesday September 14, 2010 @10:52AM (#33574022) Homepage Journal
      Here is a better explanation [oblomovka.com] of what happened by Danny O'Brien (http://twitter.com/mala)

      ---- posted in verbatim for /. proof ----

      Theres been a lot of alarming but rather brief statements in the past few days about Haystack [haystacknetwork.com], the anti-censorship software connected with the Iranian Green Movement. Austin Heap [austinheap.com], the co-creator of Haystack and co-founder of parent non-profit, the Censorship Research Center [censorshipresearch.org], stated that it had halted ongoing testing of Haystack in Iran; EFF made a short announcement [eff.org] urging people to stop using the client software; the Washington Post [washingtonpost.com] wrote about unnamed engineers who said that lax security in the Haystack program could hurt users in Iran.

      A few smart people asked the obvious, unanswered question here: What exactly happened? With all that light and fury, there is little public info about why the worlds view of Haystack should switch from it being a step forward [newsweek.com] for activists working in repressive environments that provides completely uncensored access [haystacknetwork.com] to the internet from Iran while simultaneously protecting the users identity to being something that no-one should consider using.

      Obviously, some security flaw in Haystack had become apparent, but why was the flaw not more widely documented? And why now?

      As someone who knows a bit of the back story, Ill give as much information as I can. Firstly, let me say I am frustrated that I cannot provide all the details. After all, I believe the problem with Haystack all along has been due to explanations denied, either because its creators avoided them, or because those who publicized it failed to demand one. I hope I can convey why we still have one more incomplete explanation to attach to Haystacks name.

      (Those whod like to read the broader context for what follows should look to the discussions on the Liberation Technology mailing list [stanford.edu]. Its an open and public mailing list, but it with moderated subscriptions and with the archives locked for subscribers only. Im hoping to get permission to publish the core of the Haystack discussion more publicly.)

      First, the question that I get asked most often [twitter.com]: why make such a fuss, when the word on the street is that a year on from its original announcement, the Haystack service was almost completely nonexistant [jgc.org], restricted to only a few test users, all of whom were in continuous contact with its creators?

      One of the things that the external investigators of Haystack, led by Jacob Appelbaum [appelbaum.net] and Evgeny Morozov [foreignpolicy.com], learned in the past few days is that there were more users of Haystack software than Haystacks creators knew about. Despite the lack of a public executable for examination, versions of the Haystack binary were being passed around, just like unofficial copies of Windows (or videos of Iranian political violence) get passed around. Copying: its how the Internet works.

      We were also told that Haystack had a centralized, server-based model for providing the final leg of the censorship circumvention. We were assured that Haystack had a high granularity of control over usage. Surely those servers could control rogue copies, and ensure that bootleg Haystacks were exc

      • This post added nothing. Here's the fking key sentence resuming all this text (which i have read and wasted my time on):

        "I cant tell you the details; youll have to take it on my word that everyone who learns about them is shocked by their extent."

        There you go, it's empty. Nothing is said about the presumed design vulnerability. Nothing. Zero.

        Not caring about people references, it sounds like pure FUD to me and the truth is probably elsewhere. With Mulder's sister most likely.

        • Re: (Score:3, Informative)

          by ntk (974) *

          Hey, Kangsterizer. I'm sorry if you read my blog post expecting to find substantive technical details; that does seem like a waste of time, and maybe I should have made it clearer at the start that there would not be that level of detail.

          My claim, and that of others involved in this (including I believe the coder of the Haystack system, who is posting on this thread also) is that we can't give out more detailed info about the problems because we believe that would put people at risk.

          I find this incredibly

          • post the details as anonymous coward and i wont tell anybody ;))

            i'm pretty much all for open disclosure. hidden problems are usually ending up worse than open problems.

            a solution "in the middle" is just to give a warning a week or so in advance, then release the details. gives enough time for people to protect themselves etc.

            In our case I highly suspect that people will not stop using haystack until the service is _truly_ down even after you release details however.

            i do believe that authority will eventuall

            • by ntk (974) *

              Okay, that's pretty much what we're thinking -- warn now, release details as soon as we can. Right now I'm talking to people to establish how widespread the message is, and also to get some idea of the actual, non-technical risk of "being a Haystack user". One of the problems is that there may be non-trivial amount of retrospective risk.

              The service is actually down; that's what Austin claimed he did on Friday.

      • by Burz (138833)

        Perhaps Haystack was poorly designed, but I can think of one factor that could eventually trump the anonymity of any such network: The prevalence of malware on Windows. A botnet controlled for the purpose could probably compromise/decode a lot of what's going on in these networks. That's why I recommend people use non-Windows systems if they want Tor, I2P, etc. to remain useful.

      • by blincoln (592401)

        Someone get the CDC on the phone. The disease that's been killing honeybees has jumped species to the apostrophe.

    • by tenco (773732)
      Yeah, I know. One of the reasons I submitted this was, that maybe someone more into this project would care to comment. Turns out that there are already some blogposts (posted by some karma whores below ;)) I missed. Maybe there's a way to get these as an update into my submission, CmdrTaco?
  • In other words (Score:3, Insightful)

    by Pojut (1027544) on Tuesday September 14, 2010 @09:50AM (#33573102) Homepage

    EFF says: "Stop using this program you've never heard of to circumvent national firewalls. And don't you DARE consider checking it out since you've heard about it now!"

    Streisand effect, anyone?

    • by abigsmurf (919188)
      It can't be the Streisand effect! It's well known the Streisand effect only occurs to people and companies we dislike!
      • Re: (Score:3, Funny)

        by rvw (755107)

        It can't be the Streisand effect! It's well known the Streisand effect only occurs to people and companies we dislike!

        But this is about software that people we dislike dislike. So it's in effect the Streisand Effect 2.0.

    • Re: (Score:3, Insightful)

      by Mr. Slippery (47854)

      EFF says: "Stop using this program you've never heard of to circumvent national firewalls.

      Haystack and its author Austin Heap have been getting a lot of press lately [google.com], with stories in Newsweek, The Guardian, and the Washington Post among other venues. If you're concerned with national firewalls, you've heard of it.

    • Re:In other words (Score:5, Insightful)

      by Chrisq (894406) on Tuesday September 14, 2010 @10:06AM (#33573338)

      EFF says: "Stop using this program you've never heard of to circumvent national firewalls. And don't you DARE consider checking it out since you've heard about it now!"

      Streisand effect, anyone?

      I would like more details but I expect it is something like "if you use this it has flaws that may well reveal who you are, that you are avoiding the firewall and what you are viewing to the authorities". For someone in the USA trying to get to Facebook at work this might mean it is still worth a try ... their network guys may not have herd of it. For someone in Iran where the project has been suggested as a way of avoiding state censorship it probably isn't worth the risk.

      • by SethJohnson (112166) on Tuesday September 14, 2010 @11:06AM (#33574232) Homepage Journal
        There was a Slashdot blurb about this on August 17th [slashdot.org]. The general consensus in that discussion was the haystack technique is a fool's solution to http traffic analysis. It's hardly even a proxy. All it does is stuff a bunch of random 'safe' http requests around your illicit requests. Yeah, that might slow down the work of a traffic monitor that has to look at all your requests. Haystack is completely ignorant to the common filtering methods of http traffic monitoring tools. It's essentially the work of inexperienced students. EFF got all serious because it was possible Haystack might be endangering people with it's false sense of security.

        If you try to use this tool to browse 4chan at work, it's going to surround your browser's 4chan image http requests with nonsensical weather.com http requests. Your network admin will still see that your browser requested .jpg files from the 4chan image server.

        Seth
        • by dacut (243842)

          Your network admin will still see that your browser requested .jpg files from the 4chan image server.

          Ah, so it's vulnerable to a grep attack, then...

        • by Dogtanian (588974)

          All it does is stuff a bunch of random 'safe' http requests around your illicit requests

          Thank you for clarifying that. I was very critical of a similar technique used with web browsers that "hid" your browsing history from Google (or whoever) by sending lots of bogus requests, and this sounds like it would have similar problems.

          In the case of the browser plugin, the people you're trying to avoid have access to it too, and only have to figure out if there's any pattern to the bogus requests and if so, how to filter them out. It's not unlikely that they'd succeed. Even if they don't manage now

        • by QuoteMstr (55051)

          If you try to use this tool to browse 4chan at work, it's going to surround your browser's 4chan image http requests with nonsensical weather.com http requests.

          Where did you get that idea?

      • Re:In other words (Score:4, Informative)

        by fishexe (168879) on Tuesday September 14, 2010 @11:14AM (#33574384) Homepage

        For someone in Iran where the project has been suggested as a way of avoiding state censorship it probably isn't worth the risk.

        Just to be completely clear in case some readers didn't quite get your point, "the risk" may well include indefinite imprisonment or summary execution.

    • by Nerull (586485)

      Yes, I'm sure the Streisand effect will resurrect the central server and allow the software to be used again.

    • I heard about it on NPR last week.

  • by MonsterTrimble (1205334) <monstertrimble@NosPaM.hotmail.com> on Tuesday September 14, 2010 @09:53AM (#33573140)
    If they hate it, it means it will be loved by many and have millions of users.
    • So DRM and laws that erode privacy are loved by many? Those are two common targets of the EFF, I'm not following your logic here.
      • So DRM and laws that erode privacy are loved by many?

        Actually, yes. There are many people who love these things. There are also many people who are apathetic to them. You need to step out of the slashdot bubble a bit more often.

    • by Wiarumas (919682)
      I disagree. If you aggregate enough reviews together like rottentomatoes, I find it pretty accurate. With that said, somebody compile more tweets with the word Haystack and find out if its rotten or certified fresh.
      • I agree and actually use Rotten Tomatoes to find out if a movie is worth seeing or even downloading. There is a particular movie reviewer locally which has tastes almost 100% opposite of mine. if she hated a movie I loved it, and vice versa.

        That being said, I was trying to make a joke with respect to the EFF's warnings in the past regarding facebook.

  • How about a link (Score:4, Insightful)

    by rudy_wayne (414635) on Tuesday September 14, 2010 @09:55AM (#33573160)

    How about a link to something that actually contains some information

    • by taff^2 (188189)

      His tweet also says "Charlatons exposed. Media Enquiries Welcome." Perhaps it's worth asking him?

    • by fishexe (168879)

      How about a link to something that actually contains some information

      The editors tried to find some, but they were all hidden in the Haystack.

    • Haystack Site says :

      "We have halted ongoing testing of Haystack in Iran pending a security review. If you have a copy of the test program, please refrain from using it."

  • Why? (Score:5, Insightful)

    by abigsmurf (919188) on Tuesday September 14, 2010 @09:55AM (#33573164)
    None of the sources give any clear reason why people should not use this program.

    If you're going to systematically try to destroy the user base of someone's piece of software you should at least have the decency to explain why in clear terms, regardless of the reasons behind this kind of alert.
    • by Wildfire Darkstar (208356) on Tuesday September 14, 2010 @09:58AM (#33573206)

      The EFF has withdrawn their recommendation because the developers of Haystack have basically asked people to stop using it pending their security review.

      There's nothing dirty or questionable going on here. CRC has been criticized for certain things, they've taken those criticisms to heart and are attempting to deal with the problems, and in the meantime are warning people that their tool shouldn't be used until those problems are resolved. The EFF's actions reflect this, and nothing else.

      • Re: (Score:3, Informative)

        by abigsmurf (919188)
        This isn't just withdrawing a recommendation. This is "STOP USING IT NOW!", there's a big difference.

        They're giving a clear command and giving a wishy-washy explanation for it.

        The program is having a security audit, yes they should advise that it won't be known how secure it is until the audit is done but that headline will cause massive damage to the software's reputation that probably won't get repaired for a long time. Even if the audit verifies that it's secure and safe.
      • by Goaway (82658)

        CRC has been criticized for certain things, they've taken those criticisms to heart and are attempting to deal with the problems

        From the posts earlier in this thread, it seems they are "dealing with the problems" by pretty much shutting down permanently. Which is a good thing, since they seem to have had little clue at all what they were doing.

      • by ntk (974) *

        I worked at the EFF and spoke with Austin several times about Haystack. On the basis of what I learned then, EFF never publicly advocated using Haystack, and told any journalist or fundraiser who queried us that until Austin submitted the code for an independent security audit, we could not recommend its use.

        Austin would inaccurately characterized these conversations (most recently at the Q&A here at Gnomedex, here http://www.youtube.com/watch?v=V6b5ND2js_8#t=35m0s [youtube.com] ) as being that EFF telling Austin tha

    • Re:Why? (Score:5, Insightful)

      by Meneth (872868) on Tuesday September 14, 2010 @10:54AM (#33574064)
      I've got one: A security program that's not free software? Any slashdotter should know better. :)
    • None of the sources give any clear reason why people should not use this program.

      It's a classic of the internet age news. Except a few.. exceptions:

      There's never a real source. (source links are links to equally vague articles)
      There's never a real analysis, god forbid journalism work (each news item is processed in a matter of seconds anyway and only the "wow => ad clicks" effect matters)
      There's never an explanation. No one cares for the reason, the facts, etc. They just care about a quick "HAHA LOOK THEY SUK (or rok. yeh no C!)", even thus the reasons are always what's really inter

  • So, if he says it's a horribly written piece of software or it just doesn't do what he wants or whatever his reasons are; is he going to write something better? Because if this is the only option, why should people stop using it? Just because this guy says he doesn't like it means that we should do what he says without any information as to an alternative he approves of? Hell, people saying that you should do x over y "just because" is bullshit.
    • Re:Alternatives? (Score:5, Informative)

      by Anonymous Coward on Tuesday September 14, 2010 @10:23AM (#33573596)

      So, if he says it's a horribly written piece of software or it just doesn't do what he wants or whatever his reasons are; is he going to write something better? Because if this is the only option, why should people stop using it?

      Because if it doesn't work, the users may be stoned to death.

    • Re: (Score:3, Informative)

      by Mr. Slippery (47854)

      Because if this is the only option, why should people stop using it?

      This is software that, if works as advertized, helps prevent you from being arrested by an authoritarian regime. So if it does not work as advertized, the potential consequences include being arrested by an authoritarian regime.

      Given this, if you don't understand why the fact that expert review has shown that it does not work as advertized, implies you should stop using the software, please ask your parents, or the doctors at the institut

    • by Yvanhoe (564877)
      Tor doesn't work ?
      • I can't speak for the situation in Iran, but here in Beijing it's virtually impossible to get on the Tor network.
        All bridges that are published by the Tor team are all unreachable (including those published on social networks). The only way to get on the Tor network is to have a friend set up a private bridge.

        If China manages to block Tor, Iran may be able to do the same (now or in the near future)

    • Because if this is the only option, why should people stop using it?

      Imagine a malfunctioning table saw. Got it?

    • by jsm (5728)

      There are lots of alternatives. I like my own CGIProxy [jmarshall.com], but there's also Tor, Glype, PHProxy, UltraReach, etc. etc. Some of these have been around since the 1900's.

  • by Spad (470073)

    So the authors of Haystack say that people should stop using it until they've completed their 3rd Party security review and as a result, the EFF are taking the brave step of recommending that people stop using Haystack?

  • Main dev quits? (Score:2, Informative)

    by Anonymous Coward

    According to some info [tumblr.com], the main developer, Daniel Colascione has quit the CRC and the Haystack project.

    I am unsure if the e-mail is legit, but if it is, what will that mean? Will the existing codebase be released? No one seems to know.

    As far as I can tell, the basic premise (use a variety of 'legitimate' traffic to not necessarily hide what you are doing, but increase the number of false positives to an unacceptable level) is not bad per se. Hopefully a project will get started to do just that.

    • by Goaway (82658)

      Why would you want the codebase, if it's so insecure the main developer is giving it up in shame?

      • Re:Main dev quits? (Score:5, Informative)

        by QuoteMstr (55051) <dan.colascione@gmail.com> on Tuesday September 14, 2010 @06:34PM (#33581396)

        As I explicitly stated, I am not resigning in shame over the codebase. The program Danny, Jacob, and others rightly tore apart has no common lineage with what would have eventually become the Haystack release. As part of our short-lived attempt to open up, I described the design of that program in a lengthy post to liberation-tech [stanford.edu]. It is a generally reasonable design that could have worked. I believe the idea still has merit, and hope it is somehow pursued.

        It is a shame it is conflated with the broken test program that, for better or for worse, saw a more general distribution than ever intended. (But then again, I should not be surprised.)

  • by carp3_noct3m (1185697) <slashdotNO@SPAMwarriors-shade.net> on Tuesday September 14, 2010 @10:20AM (#33573552)

    Haystack and Tor do fundamentally different things, and actually complement each other.

    Tor focuses on using onion routing to ensure that a user's communications cannot be traced back to him or her, and only focuses on evading filters as a secondary goal. Because Tor uses standard SSL protocols, it is relatively easily to detect and block, especially during periods when the authorities are willing to intercept all encrypted traffic.

    On the other hand, Haystack focuses on being unblockable and innocuous while simultaneously protecting the privacy of our users. We do not employ onion routing, though our proxy system does provide a limited form of the same benefit.

    To a computer, a user using Haystack appears to be engaging in normal, unencrypted web browsing, which raises far fewer suspicions than many encrypted connections. Authorities can block Haystack only by completely disabling access to the internet, which gives Haystack greater availability in crises, during which the authorities may be perfectly willing to block all obviously-encrypted traffic.

    • by sco08y (615665)

      To a computer, a user using Haystack appears to be engaging in normal, unencrypted web browsing, which raises far fewer suspicions than many encrypted connections. Authorities can block Haystack only by completely disabling access to the internet, which gives Haystack greater availability in crises, during which the authorities may be perfectly willing to block all obviously-encrypted traffic.

      It also means that you absolutely can not reveal the source code. The software is, fundamentally, steganography.

      Most people are familiar with strong encryption, and they understand that genuine encryption algorithms are all published and open. They are considered strong because even when the algorithm is known, they are unbreakable so long as the key is secret.

      But steganography is fundamentally harder than encryption. While strong steganography may be possible, I don't think anyone has achieved that. Genera

  • 1. Insular geek clique gets into a pissing match over software design. Software is taken back to alpha by the developers, and they give notice. The EFF propagates the developers own wishes to a wider audience. 2. Slashdot??? RTFA??? Wha??? 3. EFF bashing profit!
  • There was a media spoogefest over this software a while ago. It turns out that there are only 100 users [onthemedia.org] and apparently it sucks in the first place.
  • I'm thinking some programmer forgot to comment his code. Thank you, sir, for your warning.
  • I can't think of many ways you could make "innocuous" requests which really mask requests to banned sites. Data has to flow to and from the computer via the proxy which means it is subject to all kinds of traffic analysis.

    Plain text is obviously out. Encrypted data is going to look suspicious. This implies the system probably has to use stego. Data hidden in plain site amongst other data.

    For example, imagine if Doubleclick were complicit with Haystack, they could send certain cookies in an embedded ifra

  • by Animats (122034) on Tuesday September 14, 2010 @11:56AM (#33575168) Homepage

    First, a "privacy system" with "central servers"? What's wrong with this picture?

    Second, if you need to hide traffic, you need a big bidirectional flow to an "approved" site to hide it in. Who has that role? Iran blocks Myspace, Facebook, Twitter, and Google, plus 5 million other sites [wikipedia.org], so finding some place outside Iran to hide the traffic will be tough.

  • We've already moved away from haystack technology and currently employ stickTech. Their competitors keep preaching about a new field dubbed as "masonry", but I really don't see the need.
  • Unlike most news and analysis programs, "On The Media" actually took some responsibility for their role in hyping this story: [onthemedia.org]

    The other guilty party here is us, and by us, you do mean us, among everybody else [LAUGHS] in the media. We aired an interview with Heap back in May, and we were quite impressed with his story. You say that Heap has proved to be catnip for the media. Why do you think his narrative is so appealing?

    That's an admission you don't hear too often in the press, oblique though it was.

    -S

  • by QuoteMstr (55051) <dan.colascione@gmail.com> on Tuesday September 14, 2010 @06:25PM (#33581296)

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I am Daniel Colascione. I've placed a link to my resignation letter
    below; I feel it adds another dimension to the debate on what happened
    to Haystack. If anyone has questions, I'll do my best to respond here.
    Let me note, also, that as part of my rejoining the project, I
    insisted that we release the source under the GPLv3, and that we
    engage in an open and honest dialogue with the security community. It
    was too late, of course.

    -----BEGIN PGP SIGNATURE-----

    iEYEAREC AAYFAkyP9 SwACgkQ17c 2LVA10Vtlx ACg6iE3K x2Cbzj3Hg CRO9k6msmz
    tH8An iNSdKNga 6sOQWr8wX5 tlbCDRLPP
    =s34t
    -----END PGP SIGNATURE-----

    (Note: the Slashdot lameness filter forced me to break up the signature; please remove the whitespace before verifying.)

    My resignation letter [tumblr.com].

    • Re: (Score:2, Insightful)

      by m50d (797211)
      Signing a message that refers to the "link to my resignation letter below", but not including the actual link? Guess the guy really doesn't understand security.
      • by QuoteMstr (55051)

        The message to libtech was signed with the same key; you can look it up there to verify it. I didn't want to deal with having a link in the signed portion. Getting the signed comment was a pain as it was.

"Pok pok pok, P'kok!" -- Superchicken

Working...