
Haystack: a project for iran - chaostheory
http://www.haystacknetwork.com/
======
limmeau
I gather from the FAQ that this software consists of a client and servers
(both closed-source). The servers are operated by the Haystack people in safe
countries. The client appears like an HTTP proxy to the user's web browser,
but then it encrypts the user's web traffic and hides it among innocuous
traffic, some or all of which goes to the Haystack servers.

I still don't get how the client traffic is supposed to look unconspicuous
while still most of it goes to Haystack servers. Do they pad their client-
server traffic with ten times as much Google searches for cute kitty pictures?
If not, what keeps the suppressive government from installing their own
Haystack client on a spare computer and blacklisting every server the client
connects to as an illegal proxy?

------
Timothee
It sounds interesting but I wonder about the focus only on Iran, while other
countries notoriously suffer from censorship too. (China, North Korea…)

Also, from the FAQ:

 _7\. Is Haystack Open Source Software?_

 _No. Although we sincerely wish we could release Haystack under a free
software license, revealing the source code at this time would only aide the
authorities in blocking Haystack. In the future, however, we would like to
find a way to reconcile our Free Software ideals with the necessity of
frustrating the efforts of those who would block Haystack._

They sound sincere and it seems that they've really thought about that aspect
but it seems to me that by being closed-source, users have to trust that their
intentions are good (looks like it's the case, but who knows?), but also that
they know what they're doing and that connections are indeed undetectable.

I'm not saying that's not the case, but I feel like the target users are
exactly the ones who can't be as willy-nilly as many are with Facebook for
example.

~~~
brown9-2
Security through obscurity is a falsehood.

~~~
enjo
No it's not. Security _only_ through obscurity certainly, but obscurity is
most definitely one worthwhile tactic in a security strategy.

------
dschobel
_Haystack hides traffic to any from the internet at large inside traffic that
looks like perfectly normal web connections to innocuous sites._

I don't get it. How is "hiding" this traffic amongst other innocuous traffic
going to defeat, say, ngrep looking for connection to the haystack servers.

At some point you're going to have a tcp connection from client to haystack
server...

------
jgrahamc
A strange project. They are asking for donations, but there is no software to
download and no real indication that this actually works.

Also, there's no description of the protocol/algorithm used nor do they plan
to be open source. So, we have no way of evaluating its effectiveness or
security.

But he did get lots of press for himself. Well done. Now shut up and ship.

------
rrhyne
Am I alone in thinking Americans might need software like this if ISPs are
allowed to throttle certain types of traffic?

~~~
cschep
Seriously, we should be setting this precedence now, before we "need" it.

------
petercooper
I just hope they don't get interpreted as offering "business information
services": [http://37signals.com/svn/posts/2080-haystack-is-now-
sortfoli...](http://37signals.com/svn/posts/2080-haystack-is-now-sortfolio)

------
dotBen
I'm still looking for a technical whitepaper or similar as to how it "hides"
traffic in innocuous "good" traffic.

That's the way it has been explained in the main stream media, which is fine
for people who have no idea how any of this really works.

But if I was in Iran, I'd like to know more before I risked my life looking at
material that might get me imprisoned, etc.

------
Raphexion
Relevant: "For Neda" at around 50 minutes mark
<http://www.youtube.com/watch?v=F48SinuEHIk>

