EFF Says 'Stop Using Haystack'

tenco writes "Based on a blog post by the CRC today, EFF warns against using Haystack for circumventing censorship firewalls in Iran. Jacob Appelbaum states on twitter: 'Haystack is the worst piece of software I have ever had the displeasure of ripping apart.'"

Ok you've got my attention

[The+MAZZTer]

Now did Mr. Appelbaum post a detailed review somewhere that isn't limited to 140 characters? I would like to read it. The linked blog posts don't satiate me.

Re:Ok you've got my attention

Reading through the tweets [shudder], it appears they submitted their findings to Haystack in private. Haystack reviewed the findings and agreed fully and shut down testing, and their board resigned, basically killing the project. Jacob Applebaum is still deciding whether or not to fully disclose his findings to the public, the reasons for which are a bit unclear, but likely trying to avoid the Iranians who have already tested the software from being found out.

Re:Ok you've got my attention

[Sycraft-fu]

I'm not sure why you'd get so hostile towards Twitter posts. I mean seriously, what kind of reasonable idea can't be expressed in 140 charac

Re:Ok you've got my attention

[doomy]

Here is a better explanation of what happened by Danny O'Brien (http://twitter.com/mala)

---- posted in verbatim for /. proof ----

Theres been a lot of alarming but rather brief statements in the past few days about Haystack, the anti-censorship software connected with the Iranian Green Movement. Austin Heap, the co-creator of Haystack and co-founder of parent non-profit, the Censorship Research Center, stated that it had halted ongoing testing of Haystack in Iran; EFF made a short announcement urging people to stop using the client software; the Washington Post wrote about unnamed engineers who said that lax security in the Haystack program could hurt users in Iran.

A few smart people asked the obvious, unanswered question here: What exactly happened? With all that light and fury, there is little public info about why the worlds view of Haystack should switch from it being a step forward for activists working in repressive environments that provides completely uncensored access to the internet from Iran while simultaneously protecting the users identity to being something that no-one should consider using.

Obviously, some security flaw in Haystack had become apparent, but why was the flaw not more widely documented? And why now?

As someone who knows a bit of the back story, Ill give as much information as I can. Firstly, let me say I am frustrated that I cannot provide all the details. After all, I believe the problem with Haystack all along has been due to explanations denied, either because its creators avoided them, or because those who publicized it failed to demand one. I hope I can convey why we still have one more incomplete explanation to attach to Haystacks name.

(Those whod like to read the broader context for what follows should look to the discussions on the Liberation Technology mailing list. Its an open and public mailing list, but it with moderated subscriptions and with the archives locked for subscribers only. Im hoping to get permission to publish the core of the Haystack discussion more publicly.)

First, the question that I get asked most often: why make such a fuss, when the word on the street is that a year on from its original announcement, the Haystack service was almost completely nonexistant, restricted to only a few test users, all of whom were in continuous contact with its creators?

One of the things that the external investigators of Haystack, led by Jacob Appelbaum and Evgeny Morozov, learned in the past few days is that there were more users of Haystack software than Haystacks creators knew about. Despite the lack of a public executable for examination, versions of the Haystack binary were being passed around, just like unofficial copies of Windows (or videos of Iranian political violence) get passed around. Copying: its how the Internet works.

We were also told that Haystack had a centralized, server-based model for providing the final leg of the censorship circumvention. We were assured that Haystack had a high granularity of control over usage. Surely those servers could control rogue copies, and ensure that bootleg Haystacks were exc

Re:Ok you've got my attention

[x2A]

Oh yeah, even our jokes get peer reviewed!

Why?

[abigsmurf]

None of the sources give any clear reason why people should not use this program.

If you're going to systematically try to destroy the user base of someone's piece of software you should at least have the decency to explain why in clear terms, regardless of the reasons behind this kind of alert.

Re:Why?

[Meneth]

I've got one: A security program that's not free software? Any slashdotter should know better. :)

Destroy "someone's" piece of software?

[Wildfire+Darkstar]

The EFF has withdrawn their recommendation because the developers of Haystack have basically asked people to stop using it pending their security review.

There's nothing dirty or questionable going on here. CRC has been criticized for certain things, they've taken those criticisms to heart and are attempting to deal with the problems, and in the meantime are warning people that their tool shouldn't be used until those problems are resolved. The EFF's actions reflect this, and nothing else.

Re:Destroy "someone's" piece of software?

[Nerull]

The software is dead. The board has resigned. The primary developer says the software in use now was never meant to be secure. It was an early testing version, and should never have been distributed.

Re:In other words

[Chrisq]

EFF says: "Stop using this program you've never heard of to circumvent national firewalls. And don't you DARE consider checking it out since you've heard about it now!"

Streisand effect, anyone?

I would like more details but I expect it is something like "if you use this it has flaws that may well reveal who you are, that you are avoiding the firewall and what you are viewing to the authorities". For someone in the USA trying to get to Facebook at work this might mean it is still worth a try ... their network guys may not have herd of it. For someone in Iran where the project has been suggested as a way of avoiding state censorship it probably isn't worth the risk.

Re:Alternatives?

So, if he says it's a horribly written piece of software or it just doesn't do what he wants or whatever his reasons are; is he going to write something better? Because if this is the only option, why should people stop using it?

Because if it doesn't work, the users may be stoned to death.

Re:140 characters

[TaoPhoenix]

The proof of Fermat's Last Theorem.

Since the article is mostly content-free

[Nerull]

Here are some links:
http://neteffect.foreignpolicy.com/posts/2010/09/09/one_week_inside_the_haystack

http://jilliancyork.com/2010/09/13/haystack-and-media-irresponsibility/

http://calixte.tumblr.com/post/1120185415/no-more-haystack - Lead Developers resignation Letter

http://www.oblomovka.com/wp/2010/09/14/haystack-vs-how-the-internet-works/

Don't use it in America, either

[SethJohnson]

There was a Slashdot blurb about this on August 17th. The general consensus in that discussion was the haystack technique is a fool's solution to http traffic analysis. It's hardly even a proxy. All it does is stuff a bunch of random 'safe' http requests around your illicit requests. Yeah, that might slow down the work of a traffic monitor that has to look at all your requests. Haystack is completely ignorant to the common filtering methods of http traffic monitoring tools. It's essentially the work of inexperienced students. EFF got all serious because it was possible Haystack might be endangering people with it's false sense of security.

If you try to use this tool to browse 4chan at work, it's going to surround your browser's 4chan image http requests with nonsensical weather.com http requests. Your network admin will still see that your browser requested .jpg files from the 4chan image server.

Seth

Problems with the approach

[Animats]

First, a "privacy system" with "central servers"? What's wrong with this picture?

Second, if you need to hide traffic, you need a big bidirectional flow to an "approved" site to hide it in. Who has that role? Iran blocks Myspace, Facebook, Twitter, and Google, plus 5 million other sites, so finding some place outside Iran to hide the traffic will be tough.

I am Daniel Colascione

[QuoteMstr]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am Daniel Colascione. I've placed a link to my resignation letter
below; I feel it adds another dimension to the debate on what happened
to Haystack. If anyone has questions, I'll do my best to respond here.
Let me note, also, that as part of my rejoining the project, I
insisted that we release the source under the GPLv3, and that we
engage in an open and honest dialogue with the security community. It
was too late, of course.

-----BEGIN PGP SIGNATURE-----

iEYEAREC AAYFAkyP9 SwACgkQ17c 2LVA10Vtlx ACg6iE3K x2Cbzj3Hg CRO9k6msmz
tH8An iNSdKNga 6sOQWr8wX5 tlbCDRLPP
=s34t
-----END PGP SIGNATURE-----

(Note: the Slashdot lameness filter forced me to break up the signature; please remove the whitespace before verifying.)

My resignation letter.

Re:Main dev quits?

[QuoteMstr]

As I explicitly stated, I am not resigning in shame over the codebase. The program Danny, Jacob, and others rightly tore apart has no common lineage with what would have eventually become the Haystack release. As part of our short-lived attempt to open up, I described the design of that program in a lengthy post to liberation-tech. It is a generally reasonable design that could have worked. I believe the idea still has merit, and hope it is somehow pursued.

It is a shame it is conflated with the broken test program that, for better or for worse, saw a more general distribution than ever intended. (But then again, I should not be surprised.)