Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Haystack status update

Danny O'Brien danny at
Mon Sep 13 02:11:36 PDT 2010

On Sep 12, 2010, at 10:57 PM, Jacob Appelbaum wrote:
> Hello,
> I am quite sad to say that Haystack was not turned off this weekend.
> I wrote my original email on Friday in good faith after speaking with
> Austin Heap. I am quite sad to report that it currently appears that
> Austin was not entirely honest with me.
> At multiple points over this weekend I positively confirmed that
> Haystack was still operational. To be specific, I confirmed that
> Haystack was *still* operational as of 20:00 PST Sunday, September 12th,
> 2010.
> After my confirmation, I spoke with Danny O'Brien and I offered
> incontrovertible proof that Haystack was still running. Danny agreed
> with my assessment and then reached out to Austin by telephone.

I can confirm that I observed Jake successfully using Haystack at
7:44pm on Sunday.

My conversation with Austin Heap (on a call at 8:05pm) began with me
informing him of what I had observed. He said that this was
impossible. He explicitly told me the following (I read the statements
back to him and he confirmed that he believed them to be true).

    Jake's copy of Haystack is permanently disabled.
    All copies of Haystack do not function right now.
    Haystack was turned off when I [Austin] was on the phone to Jake on Friday.
    The Haystack network was up at two points, this [Sunday] morning,
and at around 6PM. It is not running now.

He was willing to assert these statements, even when I offered clear
proof that Haystack had been used minutes before, and that his
statements were false.  I encouraged him to contact Jake directly.

Shortly after this conversation, Jake told me that the Haystack system
had finally become unavailable shortly after my call with Austin.

I realize that the above description is a little light on details.
While writing this email, separate from Jake but using some
information he gave me, I realized that certain features of the live
Haystack system Jake and I observed in action were so fundamentally
flawed that expanding on what I had observed, even merely to confirm
Jake's statement, might prove dangerous to its users.

I called Jake, who had come to the same conclusion. Then I spoke to
Austin and, together with him, Daniel briefly. They, after some
prevarication, also confirmed my new found concerns with their current

I am, to understate the matter, not happy with what they told me. I
now join Jake in estimating the safety of the Haystack system to be
far below that of Tor, Psiphon, Freegate or any other circumvention
system that I am aware of.

On a personal note, I find it extremely frustrating to encounter a
system and organization whose security principles are so weak that I
cannot even definitively publish independent confirmation of the
simplest facts about its operation without placing its users at risk.

I strongly believe one of the lessons we should all learn from this
debacle is that no-one should take blanket assertions about software
for granted, but base them on open examination and inquiry. It
therefore it saddens me that all I can do at this stage is say that
Jake's assertions fit my experiences of Haystack far better than any
public statement made by Haystack and the CRC; that Austin and Daniel
confirmed what I believe to be a grave flaw in the current live use of
Haystack which would have gone unrevealed in this forum had it not
been for Jake's work, and that, on the evidence offered to me, neither
Austin nor Daniel were able to demonstrate a reliable understanding of
the behavior even of the elements of Haystack under their direct


> I have taken steps to prove that my observations are not disputable and
> independently verifiable by any other third party.
> I have discovered an alarming number of problems with Haystack both as a
> client, a network, and a non-profit. Due to the very serious issues at
> hand, I am actually quite concerned for the safety of people who have
> been using Haystack in Iran.
> At this moment, I am not comfortable sharing details about the flaws
> that have been uncovered. I am extremely concerned for the safety of
> people in Iran who have *ever* used Haystack. The situation is
> developing and I will be forthcoming with more information as I believe
> that it is possible to be shared safely.
> Sincerely,
> Jacob

More information about the liberationtech mailing list