Anticensorship Tool Proves Too Good to Be True

by Erica Naone MIT Technology Review

Experts warn that the software could identify those it claims to protect.  A software tool designed to help dissidents circumvent government censorship of the Internet contains flaws so severe that it could endanger those who use it.

The tool, called Haystack, has won awards and praise for enabling political activists and ordinary citizens to beat government controls barring Internet content. But security expert Jacob Appelbaum warns that it leaves a trail of clues that could be used to find whoever’s using it, and what content they have accessed. Experts say this highlights the importance of having outside experts review technologies intended for this kind of use.

Haystack was created by the San Francisco-based Censorship Research Center, founded last year by two activists Austin Heap and Daniel Colascione. The software was intended to “provide unfiltered and undetectable Internet access to the people of Iran,” according to the project website. Its creators received much attention–Heap was declared Innovator of the Year by the Guardian newspaper, and also received the First Amendment Coalition Beacon award.

The tool was billed as a way to access restricted Internet pages while hiding this activity from the authorities. Haystack’s creators claimed that it could do this by exploiting problems with Iran’s firewall, by encrypting communications between users and Haystack’s servers, and by disguising traffic sent to and from the tool so that users would appear to be visiting innocuous websites.  Read on… and beware!