Tuesday, August 24, 2010

Comparing Liberation Technology: Haystack vs. Tor...

There is a burgeoning market for hacktivist software that helps internet users evade surveillance. At the top of the list for many years now has been Tor, which enables people to surf the Web while masking their IP address, therefore making it extremely difficult for the authorities to identify them.

Tor now has a new rival. Haystack is a soon-to-be-released software program, still in beta, which also seeks to protect users' privacy, and is specifically aimed at providing unfiltered internet access to the people of Iran. Their stated hope is that, by enhancing Iranians' capacities for free expression and uncensored access to information, they will be encouraging "peaceful opposition" to the regime.

Hacktivist software like this is typically well-intentioned, but a few observations are warranted...

First of all, Haystack is not an ordinary proxy system. "It employs a sophisticated mathematical formula to hide users' real Internet traffic inside a continuous stream of innocuous-looking requests. In addition to providing anonymity, Haystack uses strong cryptography, ensuring that even if users' traffic is detected, it cannot be read."

Second, Haystack is different than Tor. Tor focuses on using onion routing to ensure that a user's communications cannot be traced back to him or her, and only focuses on evading filters as a secondary goal. Tor also uses standard SSL protocols which make it easy to block, especially during periods when the authorities are willing to intercept all encrypted traffic. Haystack, on the other hand, gives primary attention to encryption that will help users evade filters. In fact, to a computer, a user using Haystack appears to be engaging in normal, unencrypted web browsing, which raises far fewer suspicions. Also, unlike Tor, Haystack has no public list of servers, which makes it exceptionally difficult for the authorities to discover which machines to block.

Third, Haystack is NOT open source. This might come as a surprise to some, but Haystack's counter-argument is that...

Although we sincerely wish we could release Haystack under a free software license, revealing the source code at this time would only aide the authorities in blocking Haystack. In the future, however, we would like to find a way to reconcile our Free Software ideals with the necessity of frustrating the efforts of those who would block Haystack.

This seems somewhat counter-intuitive to those of us familiar with open source software. In fact, the Haystack group themselves go on to say that "it would take centuries for all the world's computers to decipher one of our users' browsing sessions even with full access to the Haystack source code."

Regardless, it's a positive development to see that the much-beloved Tor is starting to see some viable competition. These aren't commercial products, so rather, what we're talking about is competition in the marketplace for non-profit activist software. But just as in the commercial marketplace, the more competition, the better the product and the greater the innovation.


Post a Comment

<< Home