[liberationtech] Haystack Q&A

Jacob Appelbaum jacob at appelbaum.net
Fri Sep 3 01:01:02 PDT 2010 

On 09/02/2010 10:03 PM, Patrick Meier (Ushahidi) wrote:
> On Thu, Sep 2, 2010 at 9:50 AM, Behdad Esfahbod <behdad at behdad.org> wrote:
> 
>> And if people haven't seen it yet, here is Evengy Morozov's take on
>> Haystack:
>>
>> http://neteffect.foreignpolicy.com/posts/2010/09/02/hay_what
>>
>> behdad
>>
>>
> This is really disappointing. If people were serious about censorship
> circumvention and liberation technology, they would have met up with Austin
> in person and discussed this face to face first instead of writing a
> sensationalist article to gain public attention and make personal attacks.

Hi,

(As a disclaimer, I work on the Tor Project as my Day and Night Job -
this is not the opinion of my employer at all.)

I'm fairly certain that many of us are serious about censorship
circumvention and so called liberation technology.

Criticism of such a system is how we improve it. We try to understand
the operational environments in our scoping, we define threat models for
our users, we learn where we went wrong, we adapt by studying the
reality of the world, and then we start the process again.

The points that Evengy Morozov raises are reasonable and it is unfair to
take the author to task for not reaching out to Austin. This criticism
of Haystack seems valid and does not appear to be a sensationalist
article written to gain public attention. Systems that are similarly
described are potentially dangerous on both a technical and social level.

If Haystack exists, it seems to effectively be a single entity proxy
like any other VPN. Unlike other VPN services, it has the tag line of
being used for the "Green Revolution"; it also seems to be a prime
target for monitoring or specific targeted wire tapping. If the main
users are actually high profile revolutionaries attempting to overthrow
the Iranian government, I'd say it's not much of a stretch to say that
it may be monitored by the US Government and/or others.

Austin Heap produces no peer reviewed software, he makes bold social
claims, he makes bold technical claims, he (and his interviews in the
media) paints his users as revolutionaries and in the end, he attempts
to win by using dismissive arguments. He does not reveal technical
information to very many people and the things I've heard are far from
impressive. They're actually very dangerous.

I'm almost convinced that Haystack exists and has been deployed to some
users, somewhere. However, I've still yet to meet an Iranian who even
knows someone who knows someone that has used it. I'd love to be
incorrect and I'm still waiting for someone to leak me more than a half
finished design document. Those design documents were not impressive at all.

I've attempted to meet Austin a number of times, I've even offered to
review his protocol, critique the security of the ideas or even the
program itself, and so on. Each time, I have been met with hostility and
rejection. Once, I flew to San Francico for a panel discussion hosted by
the EFF - Austin, who lived down the street from the Parisoma venue,
tweeted that he wouldn't even bother to show up. That is not very
professional or reasonable. I am not the only one who has had this kind
of interaction with Austin; to suggest that any critic must endure this
kind of behavior is absolutely unreasonable.

To be clear - the argument isn't one of Free Software versus Closed
Source software either - if there's a binary, an attacker with
motivation has everything they need to attack the users of the system.

Austin promotes a piece of software that is supposed to be used as part
of a revolution - the burden of proof is on Austin.

All the best,
Jacob

More information about the liberationtech mailing list