[liberationtech] Deconstructing the security risks narrative of Haystack

[Jacob Appelbaum]

On 09/17/2010 08:23 AM, Collin Anderson wrote:
> This histrionics over "bullets in the head" from disclosure is pretty
> overplayed and ignores the capacity of the Iranian government. If Evgeny was
> able to get a copy, then it seems equally probable that the IRG or a
> disreputable infosec group could have. And, while I have a childlike
> admiration for Mr. Appelbaulm, if he was able to find fatal flaws in a day,
> so too could some Sharif University student.

I really should not have said anything about bullets and heads on
twitter. I was extremely angry and trying to make an analogy that I
thought was fitting. I spoke with a good friend and he said that he felt
I was equating Haystack's creators with murderers. That was not my
intention and I'm sorry for being such a raging ass about it.

I merely wanted to say that I felt the software was impossible to miss
if you were really looking or if the user was really being watched.

It seems prudent to underscore something: I'm not that good; this wasn't
an exercise in bragging. I entirely agree that a student from a
university could find these issues if they were at all familiar with the
field.

> 
> Inevitably there would have been flaws, and its absurd to think that the
> other side wasn't interested in finding them out.

Indeed.

Sincerely,
Jacob