[liberationtech] Haystack Q&A

Mon Aug 30 15:36:27 PDT 2010

Hello. I have been following Haystack a bit and subscribed to
liberationtech to see this response. My interest is as a cryptographer
and security engineer. I requested technical information about
Haystack and was declined. At this point, I have seen no meaningful
details nor know of any other researchers or security professionals
who vouch for it.

I have read two justifications why the client software is being kept
secret. The first is that publishing the client would reveal their
methods of circumventing filters. The second, from this response, is
that it would cause a surge in traffic and overwhelm their server.

In the first case, expecting client software to remain secret is
naive, especially when dealing with persistent and well-funded
adversaries. If security hinges on there being no leaked copies and no
compromised users, then the game is over. As is the case in general,
if Haystack connects to a known set of servers or has a distinct
traffic pattern, running it could make it easier to identify and
target users.

As for the claim that releasing the client would overwhelm their
network with traffic, certainly you could require authentication and
distribute anonymous access credentials to the end users. If the
system is that fragile and centralized, how do you prevent the
adversary from conducting a denial of service attack? It's a losing
game if you are relying on the location of that server being kept a
secret.

Even if we concede that the clients will not be released publicly and
the source remains closed, it would be prudent to have independent
experts audit the system design and implementation. It is easy to
incorrectly implement cryptography and create vulnerabilities. Any
remote exploits in the client would also be a significant risk.

I hope that more details will be forthcoming.

On Fri, Aug 27, 2010 at 11:57 AM, Leila Zia <leilaz at stanford.edu> wrote:
>   My first e-mail to Austin went only to him and not the list. as a result,
> his reply to me came only to me, not the list. I am sending you all the
> reply since couple of you asked. Sorry about the confusion and the delay. I
> was away from internet for couple of days.
>
> Best,
> Leial
>
> Austin's reply:
> Haystack is *not* available for wide spread distribution in the slightest.
> We work with a hand-picked (and friend-of-friend,
> friend-of-friend-of-friend) network of Iran-focused activist groups --
> generally people one of the members of our team know or trust in real life.
> If we were to post Haystack online right now, our network would be crushed
> with demand.
> Being an all volunteer organization and still having to pay for our
> bandwidth, fundraise, etc makes it very difficult to meet the huge demand
> there is for anti-censorship software in Iran.
> Additionally, our network is locked down to only accept connections from the
> IP blocks registered to Iran. That way, if a copy gets out, our resources
> won't be drained by those in other countries looking to mask their
> activities online.