A software tool designed to help dissidents circumvent government censorship of the Internet contains flaws so severe that it could endanger those who use it.
The tool, called Haystack, has won awards and praise for enabling political activists and ordinary citizens to beat government controls barring Internet content. But security expert Jacob Appelbaum warns that it leaves a trail of clues that could be used to find whoever’s using it, and what content they have accessed. Experts say this highlights the importance of having outside experts review technologies intended for this kind of use.
Haystack was created by the San Francisco-based Censorship Research Center, founded last year by two activists Austin Heap and Daniel Colascione. The software was intended to “provide unfiltered and undetectable Internet access to the people of Iran,” according to the project website. Its creators received much attention–Heap was declared Innovator of the Year by the Guardian newspaper, and also received the First Amendment Coalition Beacon award.
The tool was billed as a way to access restricted Internet pages while hiding this activity from the authorities. Haystack’s creators claimed that it could do this by exploiting problems with Iran’s firewall, by encrypting communications between users and Haystack’s servers, and by disguising traffic sent to and from the tool so that users would appear to be visiting innocuous websites. But in the past month, experts have expressed concern that there had been no independent review of its ability to function as promised.
Appelbaum, along with Evgeny Morozov, a visiting scholar in the program on liberation technology at Stanford University, and civil liberties activist Danny O’Brien in particular pressed for more details about how the software was built. They worried that vulnerabilities in its underlying code could allow protected messages to be decoded by government officials. After testing the software, their reaction was anger and dismay.
Appelbaum says that after hearing a description of how the tool functioned, he worried that it might not have been built correctly. But he became truly concerned once he tested it himself. Appelbaum and his colleagues broke the tool’s privacy protections in less than six hours. Appelbaum says it would be easy for government authorities to do the same.
“This is a system that’s so fragile, I can barely tell you how it operates without being extremely worried about the people who may have used it who had no idea that they were being put at risk,” says Appelbaum. “It’s incredible, and incredibly terrible.”
Appelbaum says he must be cautious about giving details of what’s wrong with Haystack for fear of further endangering those who might be at risk. But he says, “When you use the tool, it effectively alerts authorities that you are trying to use it.”