[liberationtech] Deconstructing the security risks narrative of Haystack

Alec Muffett alec.muffett at gmail.com
Fri Sep 17 05:13:32 PDT 2010 

On 17 Sep 2010, at 09:10, Mehdi Yahyanejad wrote:
> On Sep 17, 2010, at 12:26 AM, Jacob Appelbaum wrote:
> 
>> To be fair - I said that our analysis took six hours - the issues that
>> are the most horrible were spotted in less than a minute. One minute.
> 
> Thanks for confirming my observation. You knew that these risks can be 
> discovered in less an a minute. You also believed that the risk puts
> "bullet to their heads", and you still went public with it? Why?




Let's be blunt:

* It is better sooner than later to expose bad software, because
  without exposure even more people will adopt software that
  could put them at risk.

* I am not a big fan of "the needs of the many outweigh the needs of
  the few", but practically this is how harm-minimisation works in the
  world of software.

* The notion that adoption of flawed software can be mitigated or
  corrected without the light of publicity is regrettably false;
  empirically it has been proven again and again that some form of
  full-disclosure is the best way to raise public awareness of
  software security flaws.

* It is especially hard to to prevent adoption of flawed software in
  the face of hagiographic public-relations stories.

* Risking N peoples' heads with regime-fired bullets is better than
  N*100 peoples' heads; blame those who fire the guns first and
  foremost, and secondarily those who by stupidity or design put
  dissidents in harm's way by virtue of tagging them in some manner.

* But don't blame the people who explain to potential victims the
  danger of being [thusly tagged] through use of [such software]

There is a lot of crap circulating about Haystack; as someone who
followed the project for about a year but with a background in hard
network security, Haystack rang dozens of snake-oil alarm bells[1] but
countered with such elegant, fluffy media coverage that even
today I can't decide whether it was by intent of the organisers, or
by shared groupthink of the media, that it rose to such prominence.

But I will be glad if it's dead.  There is plenty of room for
alternatives, and if Kerckhoffs' principle becomes more widely
understood as a result, I shall be doubly so.

	-a

[1] http://www.interhack.net/people/cmcurtin/snake-oil-faq.html

More information about the liberationtech mailing list