This post is by from GigaOM
Click here to view on the original site: Original Post
It sounded like such a heroic tale: A 25-year-old programmer decides to take on the despots in Iran and creates a miraculous software tool that allows dissidents in the country to surf anonymously by encrypting their activity and hiding it inside a stream of innocuous-looking Internet traffic. It even had a cool name: Haystack. Unfortunately, it appears to have been too good to be true. The project has been shut down, and one of the lead developers of the software has reportedly quit, after concerns were raised about the truth of the claims that Haystack was making, and founder Austin Heap is left battling the flames.
Just a few months ago, Heap was the subject of glowing profiles in Newsweek magazine and The Guardian, which described how his software was allowing Iranian dissidents to travel freely around the Internet — thanks in part to high-level encryption. The Haystack founder even received an award from The Guardian for his work in helping protect freedom of speech, and the software was fast-tracked for export by the U.S. State Department. What wasn’t clear from the stories about Haystack was that the software had only been used by a handful of people in Iran, and its ability to route traffic securely had not been independently tested by anyone with knowledge of security and encryption.
When the software was finally tested, security experts apparently found it to be severely lacking, and convinced Heap to shut down the project and tell people using the software to stop. Programmer Jacob Appelbaum, who is involved with an open-source security project called Tor, called the software “total garbage.” Part of the concern was that unauthorized copies of Haystack had reportedly been circulating in Iran — driven in part by the claims about its abilities — and therefore, people’s lives could be in danger if they continued using it. Danny O’Brien of the Committee to Protect Journalists said on Twitter: “I can’t actually describe how broken @haystacknetwork is, because to do so would put people at risk.”
Some of those who have been watching the Haystack affair, such as Jillian York of Harvard’s Berkman Center for the Internet and Society and Ed Felten of Princeton’s Center for Information Technology Policy, say they blame media outlets such as Newsweek for pumping up the software and contributing to the hype around it. Others seem to blame Heap himself for making claims that couldn’t be backed up, or at least not correcting journalists who made claims about the software. It’s not clear whether the Haystack founder will go ahead with the project, or whether it’s effectively dead, since the lead developer has apparently resigned. We’ve contacted Heap and will update this post with any response.
Ironically, while Newsweek was writing about Haystack’s claims, several researchers were presenting a software project at the USENIX security conference that appears to actually do what Heap said his did: namely, hide activity from dissidents in totalitarian states inside innocuous traffic from social networks such as Twitter and image-hosting sites like Flickr. Unlike Haystack, the creators of the software known as Collage have published their work (PDF link) for anyone to review (although it’s not clear whether anyone has done so).
Related content from GigaOM Pro (sub. req’d.): As Cloud Computing Goes International, Whose Laws Matter?