[liberationtech] Deconstructing the security risks narrative of Haystack

[Bram Cohen]

I feel like I'm raining on everybody's parade here, but the fact is that 
Haystack was taken down because it sucked. It had serious issues with 
deployment, implementation, and protocol design, all of which had obvious 
problems. It wasn't because it wasn't open (although that would have helped find 
the problems sooner) or because of any issue with the amount of work which had 
been put into it or the intentions of the authors, it was because of technical 
issues.

This is all very par for the course. Most crypto-related projects have similar 
issues, although usually they have the opportunity to improve and be good 
learning experiences for the authors without becoming a PR disaster. The 
difference with Haystack is that it got a huge amount of press of a form which 
was unwarranted, and was used (it is claimed) by people who urgently needed to 
keep their identity secret.