[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [OT] another proxy, but not open source :-(



     On Tue, 25 May 2010 13:33:23 -0400 Ted Smith <teddks@xxxxxxxxx>
wrote:
>On Tue, 2010-05-25 at 01:45 -0500, Scott Bennett wrote:
>> I don't know who "Censorship Research Center" might be, but they claim
>> to have a development project going for another encrypted proxy service.
>> However, they say it will be free software, but *not* be open source, so =
>no
>> one can examine what they have done in order to look for bugs, design fla=
>ws,
>> etc. :-(  There isn't much real information at the web site,
>>=20
>> 	http://www.haystacknetwork.com
>>=20
>> but what little there is looks very much like an attempt to sucker people
>> who don't understand much about security.
>>      Oh.  I almost forgot.  Their FAQ page mentions tor, complaining abou=
>t
>> tor's publicly available directory and arguing that their method is bette=
>r,
>> while not mentioning bridges.
>
>I saw this a while ago. From what I could get from their website, it

     What drew my attention to it was a small newspaper column in yesterday's
_Fib_ (a.k.a. _Trib_ a.k.a. _The_Chicago_Tribune_) that I saw at a coffee
shop.  The author was all ga-ga about it, praising Austin Heap as if he
should be canonized ASAP for his wonderful work for freedom of speech.
Being somewhat of a skeptical nature, I looked up the web site referred to
in the article when I got back to my apartment last night.  I couldn't figure
out why the author, Kurt Knutson of WGN TV, was so taken in by something that
isn't even available yet and about which there is so little publicly available
information.

>looks like they'll be running single-hop proxies from various hosts, and
>distributing that list inside the proprietary software they distribute

     That's more than I managed to extract from it, but that certainly
looks very bad if that is indeed what they are doing.

>(IIRC). They also say they'll be using HTTP as the transport protocol,
>which means either that the content will be unencrypted or that it'll be
>tunneled through HTTP.=20
>
>I wonder if they'll sign the binary blobs they distribute; it would be
>very easy for the police in any country to distribute their own
>backdoored version (via sneakernet) and just arrest everyone who uses
>it.
>
     Maybe they'll sign it with their own in-house equivalent to PGP, too. :-}


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/