We covered the controversy over Haystack – an internet monitoring circumvention tool designed for use in Iran - a few days back. Here’s the latest.
“It’s so dangerous to use, it’s unbelievable,” said Jacob Applebaum, a developer who led the review. “The first thing it does is tell everyone you are using Haystack,” he added, making users an obvious target for Iranian authorities. Mr Heap said Haystack had been tested in Dubai and was intended to be offered free in many other countries.
I think Evgeny Morozov might have actually saved lives here. I hope that for his next trick he does something about US sponsorship of Gonger VPN software. Anyway, here’s his wrap up.
Austin Heap adds:
Speaking before Mr Colascione’s admission, Mr Heap said he had made “some mistakes” in the development of Haystack.
He put those down to his age and the lack of other models on which to base his project. “I wish someone would give me a manual,” he said.
Jesus wept. I’d suggest the one that starts with the words “first, do no harm”. Compare that to the happy talk in the Guardian a few months back.
I'm not aware of any issue with VPNs, which are a well-understood technology based on good open standards (usually either SSL like OpenVPN or else IPSec).
However, the difficulty in using an encrypted VPN is that you need another host outside the firewall to terminate the VPN. There's both a chicken-and-egg problem, and also a risk of the enemy operating a honeynet.
I recently saw a rather neat solution to this which uses XMPP-based instant messaging (like Google Talk or Jabber) to communicate information between potential peers in a peer-to-peer VPN, so as long as you can get to some XMPP server or other, it's possible to find peers outside the wall and also to verify them once found. That's all SSL, and you could also use PGP or whatever to authenticate first. Of course, dictators tend to kill GTalk, ICQ, AIM and friends when things go awry, but there are a lot of Jabber servers in the world.
Still, Evgeny Morozov is doing the Lord's work in resisting the nonsense.
Posted by: Alex | September 15, 2010 at 10:32 AM
It's more the politics of it I'm interested in. making the heirs of the Taipings into your lead local agency on Chinese dissidence sends an unambiguously hostile message - not "we want to free your people" but "we want to destroy your country". I believe some of the usual suspects on the US hard right are promoting this policy.
Posted by: jamie | September 15, 2010 at 11:29 AM
Also, I've just had a look at the Haystack website and I'm very doubtful that what they were offering is even theoretically possible in a universe where mathematics works the way it does in this one.
They seem to be claiming both that the traffic is strongly encrypted, and that it's indistinguishable from normal web traffic. Well, if the traffic is strongly encrypted, it should be impossible to determine whether it's encrypted signal or encrypted random noise without the key - this is a formal condition of strong encryption and very important indeed from a security point of view. If you can tell which bits of the message are payload, you can start to make guesses based on word length etc.
Now, anything that satisfies this condition is going to be pretty much as different from routine web activity as it's possible to get.
At this point, they start using the word "steganography" a lot. I guess that they were thinking of stegging the encrypted payload into an image or something, then sending that as an HTTP request to the proxy outside the firewall, which de-stegs it and passes it on. This isn't any better than just using an SSL proxy from one of the public-proxy lists, though - you've got to find the proxy, and once traffic starts flowing the other side can identify it and block it. So perhaps there's some P2P element, in which case (as it's apparently all HTTP) each peer has to act as a webserver as well as a client for two-way comms.
In that sense, it actually has the downside that the traffic profile is going to be weird. I mean, if I was an Iranian sigint agent, big HTTP POSTs to obscure IP addresses would be one of the profiles I'd look for, as it suggests someone uploading pics or video or documents to somewhere they don't want me to know about. And when they all turn out to be randomly selected girlie pics or whatever, I'm going to be very suspicious indeed.
I always thought the use case for steg was for discrete, one-shot data transfer - the classic "nuclear bomb design hidden in a random upload to xtube" one. Otherwise, if you're trying to tunnel generic Internet service over it, not only will the CPU load be impressive and the performance dire, the enemy are going to see you exchanging equal numbers of random images in a bursty TCP-like pattern, unless you're also sending nulls all the time.
Also, I don't know if anyone's raised this yet, but introducing steganography gives your dissident a serious problem. How could you convince anyone that your family snaps or smut collection or MP3s or whatever aren't steg messages?
Posted by: Alex | September 15, 2010 at 12:26 PM