[liberationtech] Haystack update

Jacob Appelbaum jacob at appelbaum.net
Fri Sep 10 20:09:10 PDT 2010 

Hi,

As some of you know, I've been researching Haystack on a technical
level. I've learned a great deal of information about it and certainly
enough to make some definitive statements. Most of my research was
confirmed today and after speaking with Austin Heap he agreed with me on
many of my points. I was relieved that we were able to have such a
productive conversation and the outcome is probably the safest possible
at the moment.

I think that Austin has his heart in the right place and today he
claimed to have taken some actions that demonstrate this to me.

Specifically, Austin claimed and agreed that I could state the following
on this mailing list:

	Haystack has been turned off as of ~19:00 PST.

I have no independent confirmation on the truth of this claim but I
believe Austin was being sincere with me. I invite Austin, Babek, and
Daniel to confirm this statement in public.

Furthermore, Austin stated that Haystack will not be run again until
there is a solid published threat model, a solid peer reviewed design,
and a real security review of the Haystack implementation. He has also
agreed to review the claims made on his websites. I imagine that he will
have to check in with others before following through with those claims
but I believe he has made them in good faith.

He additionally agreed that Haystack will not use human testers moving
forward because of the risks involved.

He has agreed to engage with this mailing list to address the concerns
voiced here as well as those voiced elsewhere.

In the interest of not putting people in Iran at serious risk, I am
going to remain silent for the time being on the issues I have
discovered. I reserve the right to change my mind if I believe that
people are being put into harms way.

I believe that we only benefit from more circumvention, anonymity,
privacy and security tools but only if they're safely designed, safely
implemented, and honestly reviewed in the open.

A rich ecosystem of safe to use tools is important for the world that we
all want to create.

I look forward to Austin and Daniel engaging with this mailing list and
with the rest of the circumvention community openly.

Sincerely,
Jacob

More information about the liberationtech mailing list