Re: Haystack redux
* Adam Fields: I find it hard to believe that even the most uninformed dissidents would be using an untested, unaudited, _beta_, __foreign__ new service for anything. Is there any reason to believe otherwise? I wouldn't be surprised if there are plenty such tools in circulation which are used by various dissident groups. It's a cost-effective way to infiltrate them. The problem with such tools is that you can't really know how is listening in on the proxies. Even if the software itself contains no backdoors, the service as a whole might still be compromised. Even if the proxies are trustworthy, your usage of the tool can very likely be discovered by traffic analysis (and usage patterns as well, if you're unlucky, and increasingly so if the service has low latency). There is no technical solution to oppressive governments (or non-trustworthy ISPs, for that matter). After all, if you're anonymous and oppressed, you're still oppressed. -- Florian Weimerfwei...@bfk.de BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Haystack redux
On 09/15/2010 11:48 AM, Adam Fields wrote: On Wed, Sep 15, 2010 at 03:16:34AM -0700, Jacob Appelbaum wrote: [...] What Steve has written is mostly true - though I was not working alone, we did it in an afternoon. It took quite a bit of effort to get Haystack to take this seriously. Eventually, there was an internal mutiny because of a serious technical disconnect between the author Daniel Colascione and the supposed author, Austin Heap. Daniel has been a stand up guy about the issues discovered and he really the problem space that the tool created. Sadly, most of the issues discovered do not have easy fixes - this includes even discussing some of the very simple but serious design flaws discovered. This has to be the worst disclosure issue that I've ever had to ponder - generally, I'm worried about being sued by some mega corp for speaking some factual information to their users. In this case, I guess the failure mode for being open about details is ... much worse for those affected. :-( An interesting unintended consequence of the original media storm is that no one in the media enjoys being played; it seems that now most of the original players are lining up to ask hard questions. It may be too little and too late, frankly. I suppose it's better than nothing but it sure is a great lesson in popular media journalism failures. I'm wondering if someone could shed a little light on how this service acquired any real users in the first place, and whether anyone thinks that anyone in danger of death-should-the-service-be-compromised is actually (still) using it. The media hype? The fact that many Iranians were reaching out to people in the West during the summer of 2009? I find it hard to believe that even the most uninformed dissidents would be using an untested, unaudited, _beta_, __foreign__ new service for anything. Is there any reason to believe otherwise? My first guess would have been that it was a government-sponsored honeypot, and I bet they're far more suspicious than I am. I guess the dissidents that you work with are all savvy, never tricked, know how to make solid security evaluations, and so on? Generally speaking... that is not my experience at all. All the best, Jacob - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Haystack redux
On Sep 15, 2010, at 11:48 AM, Adam Fields wrote: I find it hard to believe that even the most uninformed dissidents would be using an untested, unaudited, _beta_, __foreign__ new service for anything. Is there any reason to believe otherwise? My first guess would have been that it was a government-sponsored honeypot, and I bet they're far more suspicious than I am. Perhaps people are more hopeful than suspicious. Haystack [1] had the apparent approval of the US State Department (no friends of the Iranian government), a pretty web page, major donors, coverage in all the mainstream press, an award in the UK, and lots of other stuff that demonstrated credibility. Gotta trust someone. Who you gonna trust? The guys with all that cred, or, say... me? --- [1] given Daniel Colascione's statements, we may have to quote this thing as it was test code, not what he intended to release. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Haystack redux
* Adam Fields schrieb am 2010-09-15 um 20:48 Uhr: I find it hard to believe that even the most uninformed dissidents would be using an untested, unaudited, _beta_, __foreign__ new service for anything. Is there any reason to believe otherwise? My first guess According to my experience the question that matters most is: Does it work for me?. If yes, all is OK. When I did courses for dissidents, nobody ever asked if some kind of software is beta or tested nor were they interested if some foreign agency produced it. They trusted me that I would not recommend any bad software. -- Jens Kubieziel http://www.kubieziel.de FdI#3: Polymorphie Der Fehler tritt in vielerlei Gestalt auf. (Kristian Köhntopp) signature.asc Description: Digital signature
Re: Haystack redux
On 09/14/2010 09:57 AM, Steve Weis wrote: There have been significant developments around Haystack since the last message on this thread. Jacob Applebaum obtained a copy and found serious vulnerabilities that could put its users at risk. He convinced Haystack to immediately suspend operations. The developer of Haystack, Daniel Colascione, has subsequently resigned from the project. Many claims made about Haystack's security and usage made by its creators now appear to be inaccurate. These claims were repeated without verification by the New York Times, Newsweek, the BBC, and the Guardian UK. Evegeny Morozov wrote several blog posts covering this. His latest post is here: http://neteffect.foreignpolicy.com/posts/2010/09/13/on_the_irresponsibility_of_internet_intellectuals Hi, What Steve has written is mostly true - though I was not working alone, we did it in an afternoon. It took quite a bit of effort to get Haystack to take this seriously. Eventually, there was an internal mutiny because of a serious technical disconnect between the author Daniel Colascione and the supposed author, Austin Heap. Daniel has been a stand up guy about the issues discovered and he really the problem space that the tool created. Sadly, most of the issues discovered do not have easy fixes - this includes even discussing some of the very simple but serious design flaws discovered. This has to be the worst disclosure issue that I've ever had to ponder - generally, I'm worried about being sued by some mega corp for speaking some factual information to their users. In this case, I guess the failure mode for being open about details is ... much worse for those affected. :-( An interesting unintended consequence of the original media storm is that no one in the media enjoys being played; it seems that now most of the original players are lining up to ask hard questions. It may be too little and too late, frankly. I suppose it's better than nothing but it sure is a great lesson in popular media journalism failures. All the best, Jacob - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Haystack redux
On Sep 15, 2010, at 6:16 AM, Jacob Appelbaum wrote: An interesting unintended consequence of the original media storm is that no one in the media enjoys being played; it seems that now most of the original players are lining up to ask hard questions. It may be too little and too late, frankly. I suppose it's better than nothing but it sure is a great lesson in popular media journalism failures. On the contrary, because life is not a series of disconnected events, this is a great success for the safety of civilians, and for media coverage, going forward: - people who care about the lives of others, and who worry about technologies based in trust now are more aware of one another than ever before - the business of taking well-intentioned but defective things apart is out of the shadows and in a very favorable spotlight - The media have a whole new dimension of drama to add to their coverage of high tech wonders: ... but does it really work? Journalism is self-correcting, as you note... provided a feedback channel exists and can be maintained long enough for the corrections to hold... as happened here. - jim - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Haystack redux
On Wed, Sep 15, 2010 at 03:16:34AM -0700, Jacob Appelbaum wrote: [...] What Steve has written is mostly true - though I was not working alone, we did it in an afternoon. It took quite a bit of effort to get Haystack to take this seriously. Eventually, there was an internal mutiny because of a serious technical disconnect between the author Daniel Colascione and the supposed author, Austin Heap. Daniel has been a stand up guy about the issues discovered and he really the problem space that the tool created. Sadly, most of the issues discovered do not have easy fixes - this includes even discussing some of the very simple but serious design flaws discovered. This has to be the worst disclosure issue that I've ever had to ponder - generally, I'm worried about being sued by some mega corp for speaking some factual information to their users. In this case, I guess the failure mode for being open about details is ... much worse for those affected. :-( An interesting unintended consequence of the original media storm is that no one in the media enjoys being played; it seems that now most of the original players are lining up to ask hard questions. It may be too little and too late, frankly. I suppose it's better than nothing but it sure is a great lesson in popular media journalism failures. I'm wondering if someone could shed a little light on how this service acquired any real users in the first place, and whether anyone thinks that anyone in danger of death-should-the-service-be-compromised is actually (still) using it. I find it hard to believe that even the most uninformed dissidents would be using an untested, unaudited, _beta_, __foreign__ new service for anything. Is there any reason to believe otherwise? My first guess would have been that it was a government-sponsored honeypot, and I bet they're far more suspicious than I am. -- - Adam -- If you liked this email, you might also like: Here's a little bookmarklet for turning github into rdoc -- http://workstuff.tumblr.com/post/1036575859 Making Sous Vide Custard -- http://www.aquick.org/blog/2010/09/02/making-sous-vide-custard/ Sous Vide Custard -- http://www.flickr.com/photos/fields/4951823152/ fields: Storm Troopers and Red Shirts: http://www.shoeboxblog.com/?p=18747; -- http://twitter.com/fields/statuses/24586133537 -- ** I design intricate-yet-elegant processes for user and machine problems. ** Custom development project broken? Contact me, I can help. ** Some of what I do: http://workstuff.tumblr.com/post/70505118/aboutworkstuff [ http://www.adamfields.com/resume.html ].. Experience [ http://www.morningside-analytics.com ] .. Latest Venture [ http://www.confabb.com ] Founder - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Haystack redux
There have been significant developments around Haystack since the last message on this thread. Jacob Applebaum obtained a copy and found serious vulnerabilities that could put its users at risk. He convinced Haystack to immediately suspend operations. The developer of Haystack, Daniel Colascione, has subsequently resigned from the project. Many claims made about Haystack's security and usage made by its creators now appear to be inaccurate. These claims were repeated without verification by the New York Times, Newsweek, the BBC, and the Guardian UK. Evegeny Morozov wrote several blog posts covering this. His latest post is here: http://neteffect.foreignpolicy.com/posts/2010/09/13/on_the_irresponsibility_of_internet_intellectuals - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com