Needle program exchange
September 13, 2010 4:46 PM   Subscribe

I'm not an expert on Haystack in particular, but people are right to be cautious. A closed source, non-vetted application that leaks the information you want it to leak through some low-bandwidth communications channel (the old-school spook speak is "covert channel") could easily also be leaking information you don't know you're sharing and very much don't want leaked.

Thanks for a great FPP--this will make good afternoon reading.
posted by AkzidenzGrotesk at 5:03 PM on September 13, 2010 [1 favorite]

Certainly feeding AES-encrypted information through this program would help, no? The tricky part would be hiding the fact that you're doing it. But even that seems like an easy enough problem to fix -- you grab a good hashing algorithm, take in some physical stimulus (i.e. noise from an audio source) to introduce enough entropy, and just constantly send data. Then any third party won't know the difference between noise and signal. If the integrity of the program is questionable, then they can only prove that you're trying to send something (which, for a worst-case scenario, isn't so bad).
posted by spiderskull at 5:05 PM on September 13, 2010

despite its distribution to and use by a small number of Iranians

If he can distribute this to some Iranians, why not just distribute Tor to some Iranians.
posted by Jimbob at 5:08 PM on September 13, 2010 [1 favorite]

He should just distribute Thor to the Iranians and all of their problems would be solved.
posted by item at 5:19 PM on September 13, 2010

I love some security through obscurity.

Also, no one will every find the million dollars I have beneath the floorboards of 490 Sussex Drive,
Ottawa, Ontario. Because it is hidden.
posted by GuyZero at 5:28 PM on September 13, 2010 [1 favorite]

simple idea:

Post an inane story about a cat stuck on a tree with a ball of yarn and a cheezburger to some blog.
Encode the target message as a thread of inane comments on the lines of "OMG! LOL!", "Cool story, bro", "It just goes to show you can't be too careful".
Profit.
posted by qvantamon at 5:30 PM on September 13, 2010

OMG maybe all those inane YouTube comments are SECRET MESSAGES!
posted by freebird at 5:48 PM on September 13, 2010 [1 favorite]

Youtube is the 21st century number station.
posted by qvantamon at 5:59 PM on September 13, 2010 [8 favorites]

After a first read, I'm inclined to harbor the same suspicions as does Jillian York (your link "mounts"). Heap appears to be making some extraordinary claims ("2000 simultaneous connections per second"--from Iran alone--is mind-boggling insofar as it makes sense, which it doesn't really*). This guy seems to be very good at promoting himself, but I can't see any evidence that anyone has ever actually seen or used the software.

*"2000 simultaneous connections" would be one thing, "2000 connections [instantiated] per second" another. It's not clear which meaning Heap intends or even whether he knows the difference.
posted by AkzidenzGrotesk at 6:06 PM on September 13, 2010 [1 favorite]

Interview with Evgeny Morozov on On the Media re: Haystack this past weekend (sort of a self-link).
posted by orville sash at 6:20 PM on September 13, 2010 [1 favorite]

Hide and Seek? (no wait, wrong Heap.)
posted by en forme de poire at 6:44 PM on September 13, 2010

He should just distribute Thor to the Iranians and all of their problems would be solved.

O_0
posted by adamdschneider at 7:08 PM on September 13, 2010

I heard it uses fractal compression to push the images down to a few bytes and sneak them through that way.
posted by adipocere at 7:15 PM on September 13, 2010

Steganography is incredibly weak to fingerprint-style attacks on applications. Unless you do something strong like distribute codebooks ahead of time, or dilute the amount of data you send to something much less that 5% the overt data payload, it's going to be this way. AFAIK anyway...
posted by ehassler at 7:33 PM on September 13, 2010

Tweet from @ioerror aka Jacob Appelbaum, who you might remember from such projects as Tor (and Wikileaks by proxy):

Haystack is the worst piece of software I have ever had the displeasure of ripping apart. Charlatans exposed. Media inquiries welcome.
posted by RobotVoodooPower at 7:37 PM on September 13, 2010 [4 favorites]

Isn't Tor a "competitor" of sorts to Haystack, with respect to purpose of use?</devils_advocate>
posted by Blazecock Pileon at 7:43 PM on September 13, 2010

You know, I do IT security assessments for a living. I'd heard about Haystack (was he on OTM when he released this?) and it STILL surprises me that this hadn't had any kind of security review done. I shouldn't be, people don't have security assessments done unless you twist their little arms, but hackers do voluntary work on tools like this all the time. Never fucking believe ANYONE who claims to have solved a security problem without external review. I'm pissed at myself for accepting the original media reports.

More info here and here.
posted by These Premises Are Alarmed at 7:51 PM on September 13, 2010

I'd entrust my security, my safety, my life to this guy: http://blog.austinheap.com/brain-dead-journalism/ I mean, wouldn't you?

Awful stuff. Media & financial backers who pushed this into Iranian citizens' hands without any security review should be ashamed.

Much respect to the folks who unmasked it and brought it to light. Very much hope that it's been stopped soon enough to keep people from harm.
posted by jenh at 8:50 PM on September 13, 2010

Hi - I have analyzed Haystack. It is total garbage and Austin Heap has pulled one over on the world.

I spoke with Heap on Friday and he promised that the network was disabled before we spoke on Friday. I was very sad to need to prove to a few specific people that it was still on late Sunday evening.

My findings are the reason that the Haystack network has now been shut off, his lead developer apparently turned the network down and locked him out of the machines. His advisory board has resigned as of today according to my sources.

I'll post a detailed analysis of Haystack at a later date; the details of the program itself are enough alone to get people into trouble. That is perhaps also the case for an unknown period of time moving forward.

Things are still developing and frankly at every step of the way it becomes worse for everyone involved.
posted by ioerror at 8:53 PM on September 13, 2010 [24 favorites]

I heard it uses fractal compression to push the images down to a few bytes and sneak them through that way.

Ah, yes, the old ZLE algorithm.
posted by five fresh fish at 10:39 PM on September 13, 2010

adipocere: "I heard it uses fractal compression to push the images down to a few bytes and sneak them through that way."

With NABOB he could squeeze his 2000 simultaneous connection in the TCP header alone...
posted by benzo8 at 12:24 AM on September 14, 2010

I mentioned this to a friend who works in this area (internet activism) and he asked why it was in english not farsi. She also questioned why no independent review of it was available (though looks like there will be one soon).
posted by a womble is an active kind of sloth at 3:07 AM on September 14, 2010

I don't know ioerror personally, but I know people who do, and I consider him trustworthy. While BP's skepticism is understandable, I really do believe that ioerror's analysis of Haystack is impartial, and conducted with the idea of ensuring its users are protected.
posted by AkzidenzGrotesk at 8:38 AM on September 14, 2010

I have analyzed Haystack. It is total garbage and Austin Heap has pulled one over on the world.

Which sort of begs the question "Did you think people wouldn't find out?".
posted by Caviar at 10:20 AM on September 14, 2010

Echoing AkzidenzGrotesk, while I wouldn't say I know Jacob (ioerror) well enough to call him a friend, I do keep running into him at parties, we have a lot of friends in common, and some of those friends are hackers whose skills I definitely respect. Jacob is a solid dude and if he says Haystack is shit, I'll take his word for it.
posted by Mars Saxman at 11:07 AM on September 14, 2010

While BP's skepticism is understandable, I really do believe that ioerror's analysis of Haystack is impartial, and conducted with the idea of ensuring its users are protected.

I'm not very skeptical. Most of the criticisms of Haystack seem fair given past reluctance on Heap's part to allow an independent look. I wouldn't mind seeing the technical details of ioerror's findings, though, just out of curiosity. It would perhaps be as much an error of logic to take his conclusions as fact sightunseen, as it was for the press to believe Heap's claims without the usual fact-checking steps it should have undertaken.
posted by Blazecock Pileon at 11:46 AM on September 14, 2010

Danny O'Brian: Haystack vs How The Internet Works

As you might imagine from the above description of Haystack’s system management, on close and independent examination the Haystack system as a whole, including these untracked binaries, turn out to have very little protection from a high number of potential attacks — including attacks that do not need Haystack server availability. I can’t tell you the details; you’ll have to take it on my word that everyone who learns about them is shocked by their extent. When I spelled them out to Haystack’s core developer, Dan Colascione late on Sunday, he was shocked too (he resigned from Haystack’s parent non-profit the Censorship Research Center last night, which I believe effectively kills Haystack as a going concern. CRC’s advisory board have also resigned.)

posted by We had a deal, Kyle at 12:35 PM on September 14, 2010

I totally get where you're coming from with this:

It would perhaps be as much an error of logic to take his conclusions as fact sightunseen, as it was for the press to believe Heap's claims without the usual fact-checking steps it should have undertaken.

The problem is that, per ioerror's claims, disclosure of specific vulnerabilities in Haystack at the present time could compromise operations security, i.e., put at risk the life and liberty of users in certain regimes.

So what do we do in the absence of a primary source (a published security analysis)? This is where reputation becomes important, and the identity of the person saying "trust me" really matters. I suggest that everyone take a careful look at who is publicly putting their weight behind ioerror, Morozov, et al., and who is backing Heap. The process is similar in some ways to peer review and the formation of scientific consensus
posted by AkzidenzGrotesk at 2:01 PM on September 14, 2010

Sorry, premature post.

That should have been "...scientific consensus, and hopefully amounts to more than a naked appeal to authority."
posted by AkzidenzGrotesk at 2:06 PM on September 14, 2010

The problem is that, per ioerror's claims, disclosure of specific vulnerabilities in Haystack at the present time could compromise operations security, i.e., put at risk the life and liberty of users in certain regimes.

Wasn't Austin Heap's original claim that putting Haystack up to open scrutiny would compromise its users, who are in all likelihood already compromised?

The process is similar in some ways to peer review and the formation of scientific consensus

I see what you're trying to get at, but there are problems with this analogy. The peer review process for, say, life sciences research doesn't really get to a point where the reviewers call for a paper not to be published. The reviewers do not say, "Here's an abstract and no paper. Please take our word on this and accept the conclusions hinted at in the abstract."

An excerpt of the On The Media interview with Morozov is pretty insightful here:

BROOKE GLADSTONE: How sure are you that Haystack doesn't work?

EVGENY MOROZOV: No independent third party has managed to come up with an opinion that would assure us of Haystack’s ability to do what it claims. You know, it’s like me saying that, you know, the brakes on this car work but I won't let any third party engineers test it, and you have to take me at my word, and why don't you drive it?

I'm just suggesting there is some element of appeal to authority here, which is what put people in potentially lethal trouble in the first place — there, the media treated Heap like an authority, in turn based on their own authority as a source of information, compelling them to craft a certain narrative about the Iran election protests.

I am certain the security authorities in this matter have motivations for withholding information that are well-reasoned and intentioned; I'm not second-guessing any of that. I hope the story breaks and we learn more, in any case.
posted by Blazecock Pileon at 2:48 PM on September 14, 2010