Anti-censorship tool for Iranians withdrawn, security concerns cited

The Haystack software tool is pulled back by developer after security experts warn that users of the application might be tracked.

CBS

The developer of a software tool to help Iranians get around their government's Internet restrictions has withdrawn the program in response to questions about its security.

Haystack said it had halted further testing of the program in Iran while it conducts a review. "If you have a copy of the test program, please refrain from using it," it said in a post on its Web site.

Haystack, which runs on Windows (2000 and up), OS X (10.4 and up), and most Linux distributions, appears to the user as a normal HTTP proxy. It claims to "use a novel approach to obfuscating traffic that is exceptionally difficult to detect, much less block, but which at the same time allows users to securely use normal Web browsers and network applications."

On his personal Web site, Austin Heap, co-founder of the Censorship Research Center in San Francisco, issued the following statement:

"Recently, there has been a vigorous debate in the security community regarding Haystack's transparency and security. We believe that many of the points made in this debate were valid. As a result, and in order to ensure Haystack's security, we have halted ongoing testing of Haystack in Iran pending a security review. We have begun contacting users of Haystack to tell them to cease using the program. We will not resume testing until this third party review is completed and security concerns are addressed in an open and transparent way."

Daniel Colascione, who had been the lead developer of Haystack, has since resigned his post. Explaining his resignation in a post on the Liberationtech mailing list, Colascione said he "should never have allowed that damned 'test' program to be distributed at all, and should never have added diagnostics to it; running it once in a controlled environment was a risk--arguably an acceptable one at the time. Multiplying that risk by users and by uses was what made it a catastrophe. I should have stuck my head out of the code and more strenuously objected to the hype."

According to security expert, Jacob Appelbaum, Haystack leaves clues that a third party could examine to learn the identity of its user and what sites they have visited. In an interview with Wired.com, Appelbaum said that "the more I have learned about the system, the worse it has gotten...even if they turn Haystack off, if people try to use it, it still presents a risk...It would be possible for an adversary to specifically pinpoint individual users of Haystack."

The media watchdog organization Reporters Without Borders frequently cites Iran as having one of the worst records of any nation when it comes to Internet freedom.

This story originally appeared on CBSNews.com.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Want affordable gadgets for your student?

Everyday finds that will make students' lives easier: chargers, cables, headphones, and even a bona fide gadget or two!