Anti-censorship tool for Iranians withdrawn, security concerns cited
The Haystack software tool is pulled back by developer after security experts warn that users of the application might be tracked.
The developer of a software tool to help Iranians get around their government's Internet restrictions has withdrawn the program in response to questions about its security.
Haystack said it had halted further testing of the program in Iran while it conducts a review. "If you have a copy of the test program, please refrain from using it," it said in a post on its Web site.
Haystack, which runs on Windows (2000 and up), OS X (10.4 and up), and most Linux distributions, appears to the user as a normal HTTP proxy. It claims to "use a novel approach to obfuscating traffic that is exceptionally difficult to detect, much less block, but which at the same time allows users to securely use normal Web browsers and network applications."
"Recently, there has been a vigorous debate in the security community regarding Haystack's transparency and security. We believe that many of the points made in this debate were valid. As a result, and in order to ensure Haystack's security, we have halted ongoing testing of Haystack in Iran pending a security review. We have begun contacting users of Haystack to tell them to cease using the program. We will not resume testing until this third party review is completed and security concerns are addressed in an open and transparent way."
Daniel Colascione, who had been the lead developer of Haystack, has since resigned his post. Explaining his resignation in a post on the Liberationtech mailing list, Colascione said he "should never have allowed that damned 'test' program to be distributed at all, and should never have added diagnostics to it; running it once in a controlled environment was a risk--arguably an acceptable one at the time. Multiplying that risk by users and by uses was what made it a catastrophe. I should have stuck my head out of the code and more strenuously objected to the hype."
According to security expert, Jacob Appelbaum, Haystack leaves clues that a third party could examine to learn the identity of its user and what sites they have visited. In an interview with Wired.com, Appelbaum said that "the more I have learned about the system, the worse it has gotten...even if they turn Haystack off, if people try to use it, it still presents a risk...It would be possible for an adversary to specifically pinpoint individual users of Haystack."
The media watchdog organization Reporters Without Borders frequently cites Iran as having one of the worst records of any nation when it comes to Internet freedom.
This story originally appeared on CBSNews.com.