

Haystack project responds to 'security concerns', looks like it's falling apart - thomas11
http://blog.jgc.org/2010/09/haystack-project-responds-to-security.html

======
tptacek
Here we have a painful example of the biggest problem with circumvention
tools: the people writing them don't have the resources to compete with their
adversaries.

It's easy to assume that knowing how to code with sockets and call into a
crypto library makes you more clueful than the people running "the great
firewall" or whatever it is Iran has. They're trying to censor the Internet,
how smart could they be?

Well, they're smart enough to pay someone a million dollars to break a
circumvention tool without giving it a second thought. The Tor project, which
actually has some software security talent, couldn't clear the "adversary with
$1MM" bar (they screwed up Diffie-Hellman). And Tor has an "easy" problem;
stealth circumvention is much harder.

Get circumvention at all wrong and you achieve the _opposite_ of what the tool
is intended for: you put a big red flag on people breaking their local laws.
The risk/reward structure here is totally broken, even before you consider how
likely it is that everyone's machines in the country you're trying to "help"
are already rootkitted.

Don't build circumvention tools.

~~~
aristus
Do you have an alternative idea? Or are we doomed to police-statism? Serious
question.

~~~
jerf
I would say we are not _doomed_ to police-statism, because there is a
countervailing force: An open network is more valuable than a closed network.
There are forces that will work to keep the network open so they can tap that
value, though they may face a coordination problem. Google would be one
example of a company that, for all its many missteps and concerning moves, is
broadly speaking fighting for a more open net rather than a more closed net.
(I'm not saying they've been 100% successful or 100% aligned to openness, but
net-net I've been reasonably impressed with their vision on this point; and
again, by "reasonably impressed" I do not mean "in love with".) Even a
government may be convinced that the more valuable open network is in their
best interests, as it represents a larger tax base to work from. Perhaps we
should be _encouraging_ Internet taxes now, instead of fighting them!

But the police state won't be defeated by broad-scale usage of some technical
tool. Small-scale usage by a small core group of hackers who constantly adapt
(and, frankly, constantly suffer attrition by the police and face the non-zero
chance of making one mistake that allows the police to catch them all) might
be possible, but if we're going to defeat a police state it will have to be on
something other than a purely technical level like that.

~~~
mindslight
A network that acts open most of the time, but can actually be controlled at
any time (by say ICANN and Verisign) is even more valuable.

------
j2d2j2d2
I'm confused by some points.

1) Why were they writing their own system to do this? Haystack sounds similar
to Tor, which is probably more tested.

2) How is hype being allowed to succeed in decisions made to address very real
causes? The glamour of hacker culture appears to have won, over the science of
hacking.

~~~
JulianMorrison
Haystack and Tor do different stuff.

Tor conceals your origin from the endpoint (web server etc).

Haystack conceals the fact you are communicating and about what, from a man in
the middle, by pretending to be innocuous web requests.

~~~
j2d2j2d2
Ah, thank you for the clarification. The Tor project's page says the same.

 _Tor anonymizes the origin of your traffic, and it encrypts everything
between you and the Tor network and everything inside the Tor network, but it
can't encrypt your traffic between the Tor network and its final destination.
If you are communicating sensitive information, you should use as much care as
you would on the normal scary Internet — use HTTPS or other end-to-end
encryption and authentication._

<http://www.torproject.org/download.html.en#Warning>

------
mcantelon
Related: <http://neteffect.foreignpolicy.com/posts/2010/09/02/hay_what>

------
sweis
Some background on this: Jacob Appelbaum obtained a copy of Haystack and found
serious vulnerabilities that could put users at risk. He convinced Haystack to
immediately suspend operations.

From what I understand, there was a diagnostics mode that allowed an attacker
to identify running copies of the program -- essentially the exact opposite of
what it's supposed to do. Even with Haystack's proxy servers shut down, there
may still be a risk to any user who has it installed.

This could have easily been prevented. Many people with security backgrounds,
including myself, contacted Austin Heap and asked for technical information.
He declined. Instead, they went ahead and distributed it to vulnerable live
testers.

------
eli
On The Media just aired a piece titled "Is Haystack Too Good to be True?"

<http://onthemedia.org/transcripts/2010/09/10/05>

------
bmelton
I hadn't heard anything about this until just now, but man, am I really glad
that this isn't <http://haystacksearch.org/>, as I thought they were talking
about.

On the flipside, while the goals of the project seem noble enough, I can't
help but wonder why they didn't just try to value-add to something like Tor.

Regardless, I'd much rather they stop distributing while they get things
sorted out than offer a false sense of security to their users who could
potentially be using Haystack in ways that, if caught, might put their
lives/careers in jeopardy.

------
benatkin
Is this the Haystack that forced 37signals to change Haystack's name to
Sortfolio?

~~~
malkia
It looks like there few other projects with the same name.

