[liberationtech] Introduction --- Haystack

Danny O'Brien danny at spesh.com
Sat Sep 11 22:49:31 PDT 2010 

First, I'd like to thank Dan for joining this debate. There's a great
deal of useful information in this document, and much to mull on from
a technical and design point of view.

I would like, however, to drill down to one non-technical detail. You
say that you spent some time distanced from CRC and Haystack. Could
you give the dates of your absence from the project?

d.

On Sat, Sep 11, 2010 at 6:42 PM, Daniel Colascione
<daniel at censorshipresearch.org> wrote:
> I have recently, and _tentatively_, agreed to resume a more active
> role in the Censorship Research Center, the organization I co-founded
> June 2009 with Austin Heap, and to continue development of Haystack.
> Several months ago, I distanced myself from the organization due to
> fundamental disagreements over transparency, press relations, and
> other issues. I've agreed to return provided certain changes are made,
> including a greater commitment to openness, frankness, and involvement
> with the community.
>
> In the interest of transparency, let me make a few unambiguous
> statements and hopefully resolve any confusion:
>
> - Haystack is not complete. A large amount of work remains.
>  Development was in hiatus until I returned.
>
> - We have fewer than two dozen testers as far as I am aware.
>
> - The "test" version of Haystack is an early functional testbed that
>  does not provide the security guarantees we have advertised for the
>  final product. It was never intended for distribution to anyone
>  except a small cadre of testers. We are aware of its
>  vulnerabilities.
>
> - Our testers are aware that the test version is not the finished
>  product, and they are aware that it does not provide the security
>  properties we guarantee for the finished product.
>
> - Our public statements about Haystack's capabilities apply to our
>  design for the finished product, not to the test version.
>
> - The Haystack client will be released as an open-core system under
>  the GPLv3 or later.
>
> - We will submit this open-core version to peer review and incorporate
>  community suggestions.
>
> - We will publish our threat model and rationale and open it to peer
>  review.
>
> - We will publish our cryptographic protocols and open them to peer
>  review.
>
> - We will release the system to the general public only after a third
>  party has verified that the program operates as designed, and that
>  our design provides the security properties we describe.
>
> - We will never censor our users on the basis of content.

More information about the liberationtech mailing list