Tuesday, September 14, 2010

Haystack project responds to 'security concerns', looks like it's falling apart

In a rather ranty post of mine I criticized the Haystack project for a lack of openness. Happily, there's an official blog post indicating that they are stopping testing because of security concerns:

Recently, there has been a vigorous debate in the security community regarding Haystack’s transparency and security. We believe that many of the points made in this debate were valid. As a result, and in order to ensure Haystack’s security, we have halted ongoing testing of Haystack in Iran pending a security review. We have begun contacting users of Haystack to tell them to cease using the program. We will not resume testing until this third party review is completed and security concerns are addressed in an open and transparent way.

It would be nice if they pointed to this debate, talked about which points they found valid and told us who was doing the third-party review etc. They really need to engage people who've been involved in this sort of thing to make sure that their code is going to work.

Roll on the openness and transparency.

Update: Oh wait, a read of Jacob Applebaum's Twitter feed makes it look like he's analyzed Haystack and the results are not good at all. And here's what he appears to have to say:

Hi - I have analyzed Haystack. It is total garbage and Austin Heap has pulled one over on the world.

I spoke with Heap on Friday and he promised that the network was disabled before we spoke on Friday. I was very sad to need to prove to a few specific people that it was still on late Sunday evening.

My findings are the reason that the Haystack network has now been shut off, his lead developer apparently turned the network down and locked him out of the machines. His advisory board has resigned as of today according to my sources

An ugly situation. Probably not good that Danny O'Brien wrote the following on Twitter:

never been angrier than right now. I can't actually describe how broken @haystacknetwork is, because to do so would put people at risk.

And the main developer has apparently quit:

What I am resigning over is the inability of my organization to operate effectively, maturely, and responsibly. We have been disgraced. I am resigning over dismissing pointed criticism as nonsense. I am resigning over hype trumping security. I am resigning over being misled, and over others being misled in my name.

Update: Here's a good summary of the situation. And here's a great summary of all the glowing media at the time.

Wonder if BBC, Newsweek, The Guardian etc. will apologize? They should. It's shameful to see this sort of reporting. Shameful.


Glen said...

fwiw, "On the media" (NPR radio program) which ran a glowing review last Spring, did run a "oh, maybe not so good" segment this pass week.

John said...

Now we know Haystack isn't secure, what can people in countries like Iran use instead that is secure?

Jillian said...

Well John, they could continue to use Tor, as many already have...

Danny said...

Tor (www dot tor dot org) is the way to go everyone... I run a tor server/node on all of my BSD boxes & it's *so* much better than something as primitive and antiquated as Haystack was (and existed well before Haystack was written), I'm truly suprised (being a hardcore developer myself) that they wasted the time re-inventing the wheel as they did, but didn't even make a better wheel...

Tor is so vastly superior, from it's "randomly" chosen (read: not predictable) paths/routes from src to dst, it's implied "plausible deniability" (important to absolve you of any conspiracy to help commit/evade ..." in situations like Iran, China, etc. I'd imagine) to anyone running a tor node (as no one is able to tell what type of traffic (or who it came from, ultimately) they're helping to route (at the packet/datagram level or otherwise), to it's redundancy (in the case a node goes down), which also implies that it's almost (if not truly) infinitely scalable... I just don't see why anyone would chose to use any other product (freely available or otherwise) when such a wonderfully engineered, distributed solution already exists and even has things like Firefox add-ons, etc to make using it literately *transparent* - the core tor dev team is who deserves recognition & donations, etc...

That said, I do appreciate the developers of Haystack's effort in the name of free speech & equal rights, however, anyone who has studied cryptography, encryption algorithms, math, the computational [in]feasability of algoeithms, etc should know that although the logic that was coded (internal to Haystack in this context) may be complex, security through obscurity does little but annoy the parties truly interested & to write something like this that's able to be *proven* to be at least reasonably secure takes months (at least) of open peer review by some of the best minds out there... Otherwise, you can almost be assured that *someone* will break it in a very humbling, short period of time... When lives are at stake for relying on your app's security (I.e. Someone could die for saying something; which they would have only said under the false sense of security given to them by using your app), it's a risk that too great to take, whether you're trying to help citizens of another country being opressed or not.

D. Blair
javahax0r -at- gmail dot com

Number 6 said...

It took me five minutes of reading the Haystack website when the project first came to my attention, to diagnose it as worthless snake oil. All of my conclusions proved correct. There is NO excuse for this and no amount of "blame throwing" by anyone in the project can even partially salvage even one reputation. I sincerely hope that no one involved in the Haystack project ever works again.

t least I am glad this crap has finally been killed off. I only hope that happened before it got any actual people killed.