[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [OT] another proxy, but not open source :-(



On Tue, 2010-05-25 at 01:45 -0500, Scott Bennett wrote:
> I don't know who "Censorship Research Center" might be, but they claim
> to have a development project going for another encrypted proxy service.
> However, they say it will be free software, but *not* be open source, so no
> one can examine what they have done in order to look for bugs, design flaws,
> etc. :-(  There isn't much real information at the web site,
> 
> 	http://www.haystacknetwork.com
> 
> but what little there is looks very much like an attempt to sucker people
> who don't understand much about security.
>      Oh.  I almost forgot.  Their FAQ page mentions tor, complaining about
> tor's publicly available directory and arguing that their method is better,
> while not mentioning bridges.

I saw this a while ago. From what I could get from their website, it
looks like they'll be running single-hop proxies from various hosts, and
distributing that list inside the proprietary software they distribute
(IIRC). They also say they'll be using HTTP as the transport protocol,
which means either that the content will be unencrypted or that it'll be
tunneled through HTTP. 

I wonder if they'll sign the binary blobs they distribute; it would be
very easy for the police in any country to distribute their own
backdoored version (via sneakernet) and just arrest everyone who uses
it.

Attachment: signature.asc
Description: This is a digitally signed message part