[liberationtech] liberationtech Digest, Vol 34, Issue 1

[Andrew Ford Lyons]

While I agree with Jim's points here, I think it would be short sighted to rule out every one of Brandon's concerns. While I found the technical issues and closed development model and a bit of the criticism about how media covers technology useful, a lot of the criticism — quite a lot from Evgeny Morozov — to be more personal attacks and matters of personal taste about Austin himself.

Morozov is turning his criticism of Haystack into a cottage industry. He's using it to further propel his overall thesis that internet tools cannot help dissidents, but is actually the tool of and for the establishment. It's a false premise, but that's not what people who are actually interested in such tools are interested in. Now he refers to it as the "the Internet's equivalent of the Bay of Pigs Invasion." What next? It's the Web's Holocaust? This  mini scandal mostly impacts developers interested in bypassing firewalls and promoting privacy and like it or not, there were not a lot of people using Haystack. I work with people in Iran. I've been able to ask around about its use to some limited extent. Most hadn't even heard about it. Tor, yes. Haystack not so much.

I found it interesting the number of people employing the "media whore" term without any sense of Irony. A whore is one who trades her or his services for money. Those doing it for nothing are merely enthusiasts. Those who are paid to blog their opinions may want to consider that.

So lets not inflate things to ludicrous degrees and have a reasonable discussion about it, because on many levels, it's very important. More importantly, beyond Haystack, how do we continually and independently vet all tools claiming to offer privacy and/or uncensored online access under different conditions in repeatable ways and compile those results for anyone to look at, question and refine? Could there be a sort of Conumer Reports of these things?



On 21 Sep 2010, at 20:06, liberationtech-request at lists.stanford.edu wrote:

> Date: Mon, 20 Sep 2010 11:51:07 -0700
> From: Jim Youll <jyoull at alum.mit.edu>
> To: Brandon Wiley <brandon at blanu.net>
> Cc: liberationtech at mailman.stanford.edu
> Subject: Re: [liberationtech] openness and transparency Re:
> 	Deconstructing	the security risks narrative of Haystack
> Message-ID: <474E3EA6-04C9-401D-8DF2-3EA5B5FF2E27 at alum.mit.edu>
> Content-Type: text/plain; charset=us-ascii
> 
> Brandon, you express a number of fears about unknowable possible futures.
> 
> "Fear" is no basis on which to proceed. It's not a foundation for decision-making. Anyone who's scared off by the prospect of potentially-harsh peer review should not be building life-critical systems, so anyone who wanders off for that reason won't be missed.
> 
> Haystack is/was created in isolation, and is representative of nothing more than itself. It does offer an example of the dramatic ways in which committees can fail to create or sustain a system that provides an intended outcome - an unfortunate, and unnecessary warning and lesson. These modes of failure aren't new and certainly are well-studied and documented.
> 
> The best way to not run into the problems you fear is to work openly and to invite criticism rather than to hide from it. Writers, photographers, and other creatives all benefit from the skills of outside editors. Should we be surprised that software creators wouldn't also benefit from the FREE help from qualified, interested experts?  Haystack is one of the only viable-seeming security systems to not have been subjected to an open critique during its design and development. On this point alone, and on Austin Heap's and others' insistence that it would be kept "secret," the project was fated to fail from the start.
> 
> It's not possible to "offer an alternative" to a complex, broken system - other than to design another entire system - and that is NOT a reviewer's duty. It is sufficient in the critique of any new work to ask un-answered questions, and to identify both flaws and strengths. Unfortunately, in this case, the only strong point in the project was its public relations push. Others in every well-meaning technology project SHOULD learn how to communicate more effectively. But the rest of it is an example of what /not/ to do. Fortunately, there are many positive examples for design, critique and deployment of secure systems.
> 
> On Sep 18, 2010, at 9:43 AM, Brandon Wiley wrote:
> 
>> I am disappointed by the response to Haystack because I think it will have a negative effect on young activists. In addition to the lesson about openness (which is a good lesson, to be sure), there is an implicit lesson that if you try to do something innovative the risk of failure is being vilified by bloggers and becoming an object of hatred and disdain. This is probably a true lesson, but it's not the sort of thing I think we should teach. If I had witnessed this exchange back when I was working on Freenet, I think I would have been scared to death of receiving the same treatment if I didn't do everything according to some possibly unknown or misunderstood community norms. 
>> 
>> Haystack had a lot going for it. It had an export license, a grant, a 501(c)3, plenty of free marketing. the only problem was that it didn't work at all. It's a shame to throw away all that infrastructure and all the good people that believed in it and were working on it. I fear that now people will be very skeptical of funding, contributing to, or using similar products because of the bad press that Haystack received. I favor mentorship over ostracism. Haystack was trying to solve a hard problem, not an impossible problem. It could have been fixed, or even replaced under the hood with something that works, even just a rebranded Tor. I'm not involved with the project, so maybe there are details of which I'm unaware. Maybe the CRC was uncooperative in fixing their product. Whatever the situation, I think it's an unfortunate outcome.
>> 
>> While I totally agree that secrecy should be discouraged, I'd just like to advocate the approach of offering an alternative, so that the message is "Secrecy fails, try openness!" instead of "If you try secrecy, you will never work in this industry again." Anyway, what's done is done. I think that one good thing that's come out of this is some posts by various people clearly articulating community guidelines. That's good stuff, no matter how you look at it.
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20100921/96a3c4b0/attachment.html>