Weekly Edition
Return to the Security page
| |||||||||||||
O'Brien: Haystack vs How The Internet Works
Danny O'Brien writes
about the Haystack debacle, which may have exposed many of the people
it was supposed to be helping to protect. "Lessons? Well, as many
have noted, reporters do need to ask more questions about
too-good-to-be-true technology stories. Coders and architects need to
realize (as most do) that you simply can't build a safe, secure, reliable
system without consulting with other people in the field, especially when
your real adversary is a powerful and resourceful state-sized actor, and
this is your first major project. The Haystack designers lived in
deliberate isolation from a large community that repeatedly reached out to
try and help them: that too is a very bad idea. Open and closed systems
alike need independent security audits."
(Log in to post comments)
O'Brien: Haystack vs How The Internet Works Posted Sep 14, 2010 16:27 UTC (Tue) by tdwebste (guest, #18154) [Link]
Double Agent?
O'Brien: Haystack vs How The Internet Works Posted Sep 14, 2010 20:55 UTC (Tue) by tialaramex (subscriber, #21167) [Link]
If it was worth using you'd be able to examine the source code for yourself to determine that, as you could with PGP.
Why don't they have any warning in Persian? Posted Sep 14, 2010 20:13 UTC (Tue) by proski (subscriber, #104) [Link] Why don't they have a page in Persian on the homepage if Iran was their primary target? It they care about their users, they should have a huge message in Persian even on their English and French pages! Somebody please send them a translation as soon as possible! Even an automatically translated text would be better than nothing. Even if not comprehensible, it would attract attention. Somebody's freedom may be under threat right now.
Why don't they have any warning in Persian? Posted Sep 15, 2010 8:30 UTC (Wed) by rsidd (subscriber, #2582) [Link] It's worse than that: at the moment, the CRC web page continues to promote Haystack loudly and gives no hint that anything is wrong. The main Haystack webpage does, at the moment, have a warning in (I assume) Farsi, as well as English and French.
Why don't they have any warning in Persian? Posted Sep 16, 2010 2:53 UTC (Thu) by proski (subscriber, #104) [Link]
That's because I wrote the maintainer about the problem.
O'Brien: Haystack vs How The Internet Works Posted Sep 15, 2010 22:15 UTC (Wed) by bronson (subscriber, #4806) [Link]
Posting here because commenting on the original article just results in XML errors.
"ItÂ’s an open and public mailing list, but it with moderated subscriptions and with the archives locked for subscribers only."
Restricted subscriptions and restricted archives? Not sure how that could be considered open and public.
O'Brien: Haystack vs How The Internet Works Posted Sep 16, 2010 11:17 UTC (Thu) by nettings (subscriber, #429) [Link]
ah, the fun of conspiracy theories :)
unless there is sound evidence of good-willed applicants turned down by evil list administrators, take it for what it is: spam prevention and the protection of list posters' privacy to some degree.
the old rule applies: if you make the effort of running mailing list, you get to define the policies. those who object can make suggestions for a policy change, or create their own. simple as that.
O'Brien: Haystack vs How The Internet Works Posted Sep 16, 2010 12:58 UTC (Thu) by job (guest, #670) [Link]
I downloaded some non-free software from this guy on the Internet, well guest what, it turns out it does do what it says on the box! Oh noes! There's even a "Research Institute" involved, it must be legit!
O'Brien: Haystack vs How The Internet Works Posted Sep 17, 2010 12:46 UTC (Fri) by mgedmin (subscriber, #34497) [Link]
I found this article unsatisfying. What is Haystack? What was the debacle about?
O'Brien: Haystack vs How The Internet Works Posted Sep 19, 2010 11:25 UTC (Sun) by auc (subscriber, #45914) [Link]
Same question here.
|
|||||||||||||