Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Fwd: Haystack

Jim Youll jyoull at alum.mit.edu
Tue Aug 17 12:18:34 PDT 2010


Concerns aired in this discussion from another list has relevance to the
"safe communications for journalists/activists" conversation that aired
here recently...

the message here seems to be wary of Haystack and other technologies that
have not been analyzed for security exposures by people who know 
what they're talking about.

Begin forwarded message:

> From: Steve Weis <steveweis at gmail.com>
> Date: August 17, 2010 11:46:54 AM PDT
> To: Jerry Leichter <leichter at lrw.com>
> Cc: "cryptography at metzdowd.com List" <cryptography at metzdowd.com>
> Subject: Re: Haystack
> 
> I sent an email asking for technical information several months ago
> and did not receive a response. The FAQ says "the Haystack client
> connects to our servers which in turn talk to websites on behalf of
> our users" and "from a user's point of view, Haystack appears to be a
> normal HTTP proxy". There is no binary or source available for
> download and the FAQ says "revealing the source code at this time
> would only aide the authorities in blocking Haystack".
> 
> Based on those statements, I'm going to speculate that the client
> connects to a static list of innocuous-looking proxies and that they
> are relying on keeping those proxies secret. If those servers were
> known to an authority, it would be trivial to block. I think that is
> why they're making the unrealistic assumption that an authority will
> not be able to reverse engineer or even monitor traffic from a client.
> 
> On Tue, Aug 17, 2010 at 12:57 AM, Jerry Leichter <leichter at lrw.com> wrote:
>> The mainstream press is full of discussion for a new program, Haystack,
>> developed by a guy name Austin Heap and sponsored by the Censorship Research
>> Center as a new kind of secure proxy.  See
>> http://www.haystacknetwork.com/faq/ for some information.
>> 
>> As described, the program relies on some kind of steganography to hide
>> encrypted connections inside of connections to "approved" sites.  It was
>> specifically designed to help Iranian dissidents maintain connections in the
>> face of active government efforts to locate and block proxies and Tor entry
>> and exit nodes.
>> 
>> A Google search reveals absolutely no technical information about exactly
>> what Haystack does or now it does it.  The program is available on multiple
>> platforms but is closed source - the FAQ linked to above discusses this,
>> citing fears that making the source available would help censors.
>> 
>> Anyone know anything more about what Haystack is actually doing?
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com




More information about the liberationtech mailing list