Haystack redux
Adam Fields
cryptography23094893 at aquick.org
Wed Sep 15 14:48:15 EDT 2010
On Wed, Sep 15, 2010 at 03:16:34AM -0700, Jacob Appelbaum wrote:
[...]
> What Steve has written is mostly true - though I was not working alone,
> we did it in an afternoon. It took quite a bit of effort to get Haystack
> to take this seriously. Eventually, there was an internal mutiny because
> of a serious technical disconnect between the author Daniel Colascione
> and the supposed author, Austin Heap. Daniel has been a stand up guy
> about the issues discovered and he really the problem space that the
> tool created.
>
> Sadly, most of the issues discovered do not have easy fixes - this
> includes even discussing some of the very simple but serious design
> flaws discovered. This has to be the worst disclosure issue that I've
> ever had to ponder - generally, I'm worried about being sued by some
> mega corp for speaking some factual information to their users. In this
> case, I guess the failure mode for being open about details is ... much
> worse for those affected. :-(
>
> An interesting unintended consequence of the original media storm is
> that no one in the media enjoys being played; it seems that now most of
> the original players are lining up to ask hard questions. It may be too
> little and too late, frankly. I suppose it's better than nothing but it
> sure is a great lesson in popular media journalism failures.
I'm wondering if someone could shed a little light on how this service
acquired any real users in the first place, and whether anyone thinks
that anyone in danger of death-should-the-service-be-compromised is
actually (still) using it.
I find it hard to believe that even the most uninformed dissidents
would be using an untested, unaudited, _beta_, __foreign__ new service
for anything. Is there any reason to believe otherwise? My first guess
would have been that it was a government-sponsored honeypot, and I bet
they're far more suspicious than I am.
--
- Adam
----------
If you liked this email, you might also like:
"Here's a little bookmarklet for turning github into rdoc"
-- http://workstuff.tumblr.com/post/1036575859
"Making Sous Vide Custard"
-- http://www.aquick.org/blog/2010/09/02/making-sous-vide-custard/
"Sous Vide Custard"
-- http://www.flickr.com/photos/fields/4951823152/
"fields: Storm Troopers and Red Shirts: http://www.shoeboxblog.com/?p=18747"
-- http://twitter.com/fields/statuses/24586133537
----------
** I design intricate-yet-elegant processes for user and machine problems.
** Custom development project broken? Contact me, I can help.
** Some of what I do: http://workstuff.tumblr.com/post/70505118/aboutworkstuff
[ http://www.adamfields.com/resume.html ].. Experience
[ http://www.morningside-analytics.com ] .. Latest Venture
[ http://www.confabb.com ] ................ Founder
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list