Haystack new anti-censor, anti-filter protection

Simple solution to this would be to ask an independent, third party, such as the EFF to review his code and verify it works as advertised and WILL NOT endanger Iranians.

Then I think we can all breathe easier in donating and knowing this is not a scam or some shoddy piece of software that could endanger REAL lives.

Let's get the EFF to review this in the interest of the safety of REAL PEOPLE.

Thanks for the confidence!

I will make sure that Mr. Heap has seen/sees this thread and he/they can decide what, if anything, they want to do about it.

Also, I'd be glad to help in any way and offer comments privately and publicly. As unregistered pointed out, though, there are other organizations that are more qualified or at least more established that can do the same thing.

(And I don't think this is the time for any in-depth code level audits, but rather just validation of the overall idea, concept, functionality, scalability, feasiability)

salam joon

hopefully unreg will ask but u can ask too? we can all ask them? does anyone know any other ppl or organization to ask.

with friend & family in iran it must be safe for them. ppl already take enough risk in street. no need for computer to be more risk. who know what this haystack really do if nobody see it.

What about Psiphon? What about Freegate? Since Tor is the only open anti-censorship tool, you're logic doesn't blast just Haystack, but all the other valuable tools.

Psiphon is a small scale proxy server. You trust the server admin to use it. It is relative easy to check if there's anything sinister in the software. The developer of Psiphon is a commercial company with other bussinesses.

Freegate and similar others are also money making companies, who will be very unwilling in relasing their software into the public domain.

Because of the closed source, not all antivirus companies are willing to delist them. Most of these guys are detected as virus by many scanners.

The owner of GPass openly sell aggregate data, and hinted that if you pass their screening, you can get data of individual users. That created a big stir - I have to look up the reference.

Jondo wants to make money. They are open source.

In the Iranian case, you need very good reason not to open source.

Haystack FAQ coming soon

I don't buy the argument that circumvention software needs to be "closed source" because otherwise governments will find out how they work and prevent their usage. Being "closed source" makes it more difficult to find out how the apps work, but far from impossible. With governmental resources at hand it should be relatively easy to reverse engineer the circumvention client apps.

That said, the app doesn't have to be open source to be useful-- Freegate *is* providing their circumvention service for millions of users (who apparently are very satisfied with it). They do have some white papers detailing the technical concepts, so at the moment we know more about them than about Haystack.

I managed to get a brief comment from Austin Heap regarding this discussion thread and he said they will be posting a FAQ soon to give people some answers to questions they might have.

Thanks a lot Sir.

Haystack FAQ

Thoughts?

To save duplication, if people email Austin questions, it'd probably make sense to (ask his permission) and then post the Q and A to this thread.

I'd hoped that Mr Heap would prove the naysayers wrond, but the FAQ doesn't really say anything meaningful.

I really think now that, if he is acting in good faith, he should ask the EFF to have a look at Haystack.

If it does what he says it does, and it's scalable, there can really be no downside for him, only benefits.

Agreed. As I've written to thumb drive manufacturers on his behalf, offered a server and bandwidth... I had great hopes but I find it hard to have a desire to do more bc I don't feel I know more than I did at the outset.

I think it was a good "General FAQ" that shed more light on the overall concept.

Nice to see that they welcome more questions as well, so I think you should do just that and then publish the answers here (mention this when you're asking), like unregistered suggested.

The FAQ is actually very meaningful, in the sense that the most important questions didn't make any sense.

All the opponent needs to do is to get hold of a copy of Haystack, and see what server IP addresses it connects to. It's as good as having a public list, unless you really effectively have a huge number of server IP's to pool from with no fixed indexing/directory servers. Even given that, your ISP can detect say 1% or 0.1% of Haystack users, making the obscuring of HS traffic worthless.

Again with a working copy of Haystack, it's not at all difficult to see how you obscure encrypted traffic by looking like plain http traffic. Unlike encryption that is practically impossible to crack, you have to assume that the opponent knows how to detect Haystack traffic at your ISP at least from time to time. That makes it not any better than TOR with open protocols. The best is to use skype, like GPass and GTunnel. Either your opponent have to block all skype users, or in China's case, came up with their own crackable version.

Thanks

I Follow You and waiting soonest possible Yr Magic Call come through >>

web2sms

hey guyz

Free Naats Download | Latest Naats | Download Naats
Web2Sms | Free Web2Sms | Web2sms Chat

Regards

Funmarkaz.net | Web2sms | TV Channels | Naats | Jokes | Dictionary | Currency Converter | Wallpapers | Funny Sms | Mehendi Designs

Just got back

I just got back from filterland! Spent a week digging www tunnels and amassed epic high scores. The counterrevolution WILL be televised.

I found only one /i/gov-proof method to achieve anonymous anti-filter browsage.

Protocol:
1) Use tor.
2) Use a https:// webcloaker.

Without tor, you'll be filtered out of your cloak.
Without a secure cloak, you'll be ISP compromised.

Haystack could be this, or it could be the AK-47 that makes this look like a .22

Comments?

Enough

I believe Austin Heap is a fraud. I believe he's a profiteer. And I'm calling him out.

He asks for donations and people gladly give it up. His PayPal account is suspended for suspicious activity. But hey! You can still send him a check!

He asks you submit your known working proxies at proxyheap a project for iran. Sooo.. What happens to these proxies? Perhaps they get added to a filtering database?

Screenshots created in Microsoft Paint.. FAQs obviously written by someone without a clue.. And cheesy webpages that a 13 year old could edit in under an hour, are insufficient as evidence. There are "real" techies keeping up with this. I've been watching this "needle in a haystack" project off and on for nearly two months. I am a PAID techie. I am a network professional. I assure you, there is no proxy product here. I call "BULLSHIT"!!!

And Austin.. If you're reading this.. What say you? Techie to techie. Please prove me wrong. Submit your code to the EFF. Myself, other "real" techies and those that have given you their money, await your response.

Pisciatello

LOL @ Troll

Don't be a stranger. Just hit me with your best shot. I'm pretty much perfect. I was captain of the football team, and starter on my basketball team. What sports do you play, other than "jack off to naked drawn Japanese people"? I also get straight A's, and have a banging hot girlfriend (She just blew me; Shit was SO cash). You are all faggots who should just kill yourselves. Thanks for listening.

I see iran 115 has graced us with his presence. Did posting on twitter under the name "greenbrief" get too tiring for you?

While you are at it, since you want to attack Austin Heap and Night Owl, why don't you also say all that you feel and tell us how you think Mousavi is a traitor and Rafsanjani should be hung, etc. etc. etc. You can tell us how you think the elections were fair and all those people being raped and beaten deserve it, because they are evil and not true Muslims. Right? Don't just tell us part of it. Let it all hang out.

And your point is..... what? Why would I care if you play sports? Why would I care about your grades? Ok.. I'm glad you get good grades in school. Keep up the good work.

Now, I'm going to ask why you defend Austin? There is no proxy product, yet he keeps asking for money. Why do you not question this? I thought you were a smart boy with good grades?

Austin is making alot of promises. It's time for him to prove to his investors and peers that there is substance here. Why would you have a problem with that?

Your assumptions amuse me as I am female and Cisco certified and in the networking business. Again, I'm glad you get good grades... lol

Pisciatello

You are mistaken. I don't know who Night Owl, iran115 or greenbrief is..

Why would you even assume that? I do not agree with any of those statements. I advocate and support truth. I advocate and support freedom. I hate tyranny and injustice. I also dislike thieves and liars.

Why are you offended because I'm calling Austin out? How much do you have invested in him? I guarantee, I'm not the only professional that questions his claims. If he can substantiate his claims, then there will be no need for questions. What is he afraid of?

You make amusing assumptions too.. lol

Pisciatello

No, i'm pretty sure it's not iran115. He is too intelligent.

Anyways... as i've said before...

http://iran.whyweprotest.net/keepin...-personal-info-your-finances-3.html#post68303

As much as I hate to agree with a potential troll, I must agree with Pisciatello on this.

It appears to me that there is quite a bit of Austin Heap or Haystack blind obedience and love on this forum, which is quite disturbing. Many people have raised legitimate questions as I believe Pisciatello is raising as well, but perhaps in an overly emotional reactive manner. Nonetheless they are valid points.

For transparency's sake I work at a liberal think tank organization specifically with mideast policy. We work with hundreds of Iranians inside Iran (if you don't believe that such interactions with Iranians are real, attend any well-respected scientific/academic/policy conference and you'll see dozens of Iranians from Iran attending). There's a lot of misinformation about Iran. While it's certainly quite restrictive in some aspects, it is one of the more open and accessible nations in the Middle East despite what Internet activists would lead you to believe. Do your research. Go there. My coworkers in the mideast policy section were there earlier this year.

Speaking to many of them (Iranians in Iran) about anti-filtering and Internet problems we mostly get laughs. It's quite embarrassing, frankly. They tell us that what the people of Iran need most is human rights activists - people to advocate outside if Iran against human rights abuses that happen inside of Iran. They have constantly reassured me that there are more than enough anti-filtering mechanisms available to Iranians. That coupled with the fact that a lot of the Iranian ISPs turn a blind eye towards certain web traffic has really started to make our efforts in the U.S. look ridiculous.

People are dying, the photos and videos of abuse should be broadcast to world audiences but people want to give free Internet. Even in the absence of photos and videos the need for a voice outside of Iran is still needed.

The fact is, they've been dealing with the Internet for years and know more than enough. Look at the majority of information still coming out of Iran - it's not on Haystack. Those people who know how to do it already will do it and teach others. That's the nature of the culture as we've studied it. There's no need to reinvent the wheel here folks.

In fact, I believe another poster in this forum who claims to have some family in Iran has said the same thing. What's strange is the only place I seem to hear otherwise (regarding Internet filtering) is the Internet - talking to colleagues in Tehran or Isfahan yields no such discussion. And lest you think they are not speaking from fear of wire tapping I can assure you that more seditious statements about the government have come over the phone to me on a regular basis than has any discussion of Internet filtering.

While I absolutely respect the work of Internet activists, I can't help but feel a staggering sense of self-importance. Looking at Austin Heap, NedaNet, etc.'s proclamations, websites, etc. ("Good luck finding that needle") it really makes one firmly acquainted with the mideast shake their head.

I know people are looking for a hero (and are quite eager to defend against supposed detractors), and perhaps they've found something they can gel on to with Haystack or whatever other projects are out there.

I am not familiar with the EFF either but from what I have read on these forums and gleaned from news articles is that Haystack refuses to submit their code for an independent audit? If so, this is personally quite disturbing as it would be standard fare to engage in such a practice especially considering the very real possibility that this software could fall into the wrong hands or endanger activists in Iran in some way. I am not an IT expert nor do I pretend to be one so I defer to those with greater knowledge, but I do know that declining to have an indepdent audit of something that could potentially harm people or fall into a hostile regime's hands is generally not considered to be a practice that reputable organizations engage in.

Also, a question for those of you more familiar with the situation than I: What was the benefit of Haystack Austin Heap, and NedaNet getting so much publicity? Why would you tip your hat (so to speak) to the Iranian authorities about Haystack? Why not run the program first and then once it works solicit press coverage?

Why didn't they just do their work in private and accept donations from legitimate non-profits or foundations instead of blasting messages for money on Twitter? Personally, having the experience that I do in this realm I suspect it is because other organizations sense or feel something fishy is going on and are hesitant to donate. Again, I don't know the details but am just relaying personal experience.

Since I do work for a reasonably well known think tank I was hesitant to post this, but the level of blind obedience and unreasonable expectations to these activists seems to be reaching a fever pitch. It's almost as if in the absence of enough news or events to hold on to people are holding on to self-created Internet heroes. I say self-created because in our office we see all the press generated by these activists (Heap's recent BBC article, the recent article about Morgan Sennhauser) yet our office and my colleagues at other similar organizations can detect no significant benefit to the information flow inside and outside of Iran. Again, it's like people are desperate to feel useful.

If you want to feel useful and actually HELP people, I would strongly advise against donating to any of these groups (Heap, this 115 business, NedaNet, etc.) and instead donate your money to REAL organizations doing fundamentally important work that doesn't reinvent the wheel or generate a lot of press for yourself. Some of the organizations we have been fortunate to deal with (and that I can vouch for) are: the Iran Human Rights Documentation Center, International Campaign for Human Rights in Iran, Human Rights & Democracy for Iran, and Stop Child Executions (mainly focused on Iran). These are all top notch organizations that do real work yet receive a fraction of the press that these Internet activists receive.

While I think Pisciatello went too far in calling Heap a fraud, I do think that there are some real questions that are being raised and personally I feel that money would be better spent with real, established, and respected organizations such as those I've listed above.

Take my opinion for whatever you feel it is worth. I most likely will not be responding to questions here as I have seen some childish responses from both sides (like labeling Pisciatello's post with "LOL Troll" instead of engaging in rational, meaningful debate, despite Pisciatello's seemingly deliberately offensive post and likewise Pisciatello's outright calling Austin Heap a fraud). What I will say is that I have over ten years in mideast policy experience here and I am simply relaying to you my own opinion based on my years of experience.

Best of luck to all of you.

To explain the "LOL Troll" more, poeple do come on here... say stuff just to piss poeple off and start arguments. Pisciatello's post has all the traits of such a person. If his post was like yours, being rational and logical it would not be labeled as such. I assume you are intelligent enough to realize/seen this here.

I am unsure if you know of what a 'troll' is but it is someone that just inspires controversy, hatred, flaming, etc. just because they can for basically 'lols'. Generally these posts look just like his, a tad strong and not very logical with nothing to back up their statements, facts, claims, etc. and using personal insults like '13 year old could edit in under an hour'. These posts don't contribute to any argument at all. The internet and everyone on it just isn't all logical nor nice. I hate to break it to you but there are really poeple like this and at the beginning of this forums creating there was allot of poeple like this. We had to deal with all the jew conspiracy crap everywhere including how they staged 9/11. You name it, it was posted. One of the worst ones was the guy posting detailed instructions on chemical warfare and just about everything else imaginable along those lines.

So, how does his post contribute at all besides calling Austin Heap a 13 year old among other such personal insults? He is probably laughing at you right now for taking his post to heart so much to mention him.

There is only one troll here, and he keeps pretending to be other people and talks to himself to keep the argument going. Guess getting ignored bothers him. Kind of pathetic.

That is exactly what was happening here - he was being ignored, so he started pretending to talk to himself and argued with himself to keep it going. But yes, I agree with you completely. I just wanted to let him know how obvious he is, and that he is wasting his time. And that he is being laughed at, lol.

Sigh... So this is your response when legitimate questions are raised? Your only response is I'm a troll??? I find the responses I've received here ironic considering the reason we're all here..

EFF - Electronic Frontier Foundation

Electronic Frontier Foundation | Defending Freedom in the Digital World

Don't be sheep... Read for yourself...

Pisciatello

Pisciatello

The folks here are not naive as you are so foolish to think. It's obvious that you are here to stir FUD, and impugn the integrity of Austin Heap and his program Haystack.

First you call him a fraud, and a "profiteer", and when you're called on that, you then hide behind the seemingly innocuous premise of asking that the code for Haystack be presented to the EFF for evaluation.

The fact is that you are here to attempt to defame an individual who through uncountable selfless acts, has attempted to help the Iranian citizens against their evil government. It seems that you are so hellbent in damaging Austin's credibility that in my view, you must be a member or allegiant to that evil regime.

You should watch out, someone could drop a house on you.

The_FNG

I'll be a bit more reassured when I hear something from someone other than Austin I'm afraid.

Whatever "trust capital" he'd gained from his original activism, was eaten away completely for me, due to the way he's dealt with the whole Haystack thing.

Sad to say, but true.

Now, Austin, I do not want to be a downer, and I do not want to make this sound bad, but are we sure that the user is going to experience anonymous browsing?
What if the government gets a hold of one of the programs that is going to get sent out? What if they get the list of IP addresses and track down who is connecting to them?

I want this to work, but I don't want to see people getting hurt because of something we did.

Haystack has been recalled

Austin Heap and the CRC has asked people to stop using Haystack after it was discovered by several security experts that there was little privacy being provided and the user could be identified.

http://committeetoprotectbloggers.o...k-software-due-to-otentianial-security-flaws/

The larger question needs to be answered, though. What would accomplish the task?

From what I have read, Tor is the safest (although imperfect) tool available atm.

The whole concept was bogus. If you have a privacy tool *specific* for Iran, what is your alibi when / if authorities find out you have this program? The less specific the tool, the better.

And that's supposing the software is actually secure. It is a daunting task, even if you have a lot of very bright people working full time, for months.

TOR comes pre-installed into a number of systems, and / or some software packages. And there is a lot of reasons to have tor besides privacy *on iran* (like, to avoid google correlation of searches for marketing purposes). This is the minimum you want for plausible deniability.

This is a great program, Im pretty sure its legit. I didnt know Iran was censoring the internet. How dare they! The internet is supposed to be the one place to send out free opinions.

no it was a hoax

it is made of garbage

why is this still a sticky thread? did the mods die?