On Wed, Sep 15, 2010 at 03:16:34AM -0700, Jacob Appelbaum wrote: [...] > What Steve has written is mostly true - though I was not working alone, > we did it in an afternoon. It took quite a bit of effort to get Haystack > to take this seriously. Eventually, there was an internal mutiny because > of a serious technical disconnect between the author Daniel Colascione > and the supposed author, Austin Heap. Daniel has been a stand up guy > about the issues discovered and he really the problem space that the > tool created. > > Sadly, most of the issues discovered do not have easy fixes - this > includes even discussing some of the very simple but serious design > flaws discovered. This has to be the worst disclosure issue that I've > ever had to ponder - generally, I'm worried about being sued by some > mega corp for speaking some factual information to their users. In this > case, I guess the failure mode for being open about details is ... much > worse for those affected. :-( > > An interesting unintended consequence of the original media storm is > that no one in the media enjoys being played; it seems that now most of > the original players are lining up to ask hard questions. It may be too > little and too late, frankly. I suppose it's better than nothing but it > sure is a great lesson in popular media journalism failures.
I'm wondering if someone could shed a little light on how this service acquired any real users in the first place, and whether anyone thinks that anyone in danger of death-should-the-service-be-compromised is actually (still) using it. I find it hard to believe that even the most uninformed dissidents would be using an untested, unaudited, _beta_, __foreign__ new service for anything. Is there any reason to believe otherwise? My first guess would have been that it was a government-sponsored honeypot, and I bet they're far more suspicious than I am. -- - Adam ---------- If you liked this email, you might also like: "Here's a little bookmarklet for turning github into rdoc" -- http://workstuff.tumblr.com/post/1036575859 "Making Sous Vide Custard" -- http://www.aquick.org/blog/2010/09/02/making-sous-vide-custard/ "Sous Vide Custard" -- http://www.flickr.com/photos/fields/4951823152/ "fields: Storm Troopers and Red Shirts: http://www.shoeboxblog.com/?p=18747" -- http://twitter.com/fields/statuses/24586133537 ---------- ** I design intricate-yet-elegant processes for user and machine problems. ** Custom development project broken? Contact me, I can help. ** Some of what I do: http://workstuff.tumblr.com/post/70505118/aboutworkstuff [ http://www.adamfields.com/resume.html ].. Experience [ http://www.morningside-analytics.com ] .. Latest Venture [ http://www.confabb.com ] ................ Founder --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com