A large number of journalists and activists end up communicating with sources and each other using direct messaging on Twitter, so there is private information passing around. There's also the question of using login credentials to take over and fake messages. Also, there's the question of correlating Twitter identities with individuals (though I can think of a few strategies for attackers to do that even with https enabled).

I work with independent journalists in this and other at-risk countries, and consult with those seeking to protect activists. While you are perhaps right that the threat is, at heart, one of human rights, protecting those attempting to change or document that situation is also important. And lack of on-the-wire encryption also presents an almost constant temptation to even other countries supposedly better protected by the rule of law. The pervasive data-mining conducted by AT&T on behalf of the NSA is the obvious (and known) example here. I'm sure there are plenty more.

I don't think it's correct to characterise this as a "scarecrow" when a) we have actual evidence of countries using unencrypted communications to repress critics and protests against the regime, and b) this is a problem that all Internet users potentially face worldwide.

In order to protect and improve free speech and other rights, we need to build systems that are resilient when those rights are under attack.

Tunisia was blocking https connections to www.facebook.com.

I worked at the EFF and spoke with Austin several times about Haystack. On the basis of what I learned then, EFF never publicly advocated using Haystack, and told any journalist or fundraiser who queried us that until Austin submitted the code for an independent security audit, we could not recommend its use.

Austin would inaccurately characterized these conversations (most recently at the Q&A here at Gnomedex, here http://www.youtube.com/watch?v=V6b5ND2js_8#t=35m0s ) as being that EFF telling Austin that Haystack should be open source.

To be clear: EFF never made this request, and I made it clear to Austin that there were a number of ways that a technical security audit could take place without making the source publicly available (for instance, we offered to put him in touch with independent security consultants who work with Microsoft and Google under NDA).

EFF works has and will work with both closed source and open source vendors to improve their products' privacy and security.

Okay, that's pretty much what we're thinking -- warn now, release details as soon as we can. Right now I'm talking to people to establish how widespread the message is, and also to get some idea of the actual, non-technical risk of "being a Haystack user". One of the problems is that there may be non-trivial amount of retrospective risk.

The service is actually down; that's what Austin claimed he did on Friday.

Hey, Kangsterizer. I'm sorry if you read my blog post expecting to find substantive technical details; that does seem like a waste of time, and maybe I should have made it clearer at the start that there would not be that level of detail.

My claim, and that of others involved in this (including I believe the coder of the Haystack system, who is posting on this thread also) is that we can't give out more detailed info about the problems because we believe that would put people at risk.

I find this incredibly frustrating, because obviously people in your position are entirely right to be skeptical. I'd like you to not believe it's FUD, but I can't think of a way to convince you short of as I said, a detailed public analysis.

Assuming for the moment what I'm saying isn't an ingenious pack of lies or delusion, what do you think I should do?

Not questioning your point, but are those UK gallons or US gallons for the mpg figures you quoted?

They cut off your network access because of a report of infringement? Are you in the US? Do you think you could mail me at danny@eff.org with more info? We're always interested in the details of these incidents.

Actually, the journalist who wrote this article about Northpaw was the same person who tried that out, too.

Ah yes. It's completely unreasonable for anyone to expect Apple to make a version of their phones with a CDMA (ie. the "wrong standard") radio in it. It's not like any other phone manufacturers build handsets for both standards. Certainly not RIM, Samsung, Palm, Motorola, etc.... Oh wait.

I'm not saying that there's anything _wrong_ with Apple's decision to only address part of the market. If they had to pick only one technology, they'll obviously pick the one with the biggest customer base.

What I'm saying is that the AC's implication that it is somehow strange for DarthVain to expect a phone to support more than one network is kind of ridiculous. It's not strange at all. In fact, Apple is pretty much the only phone manufacturer that sells into North America that doesn't also make CDMA phones. This fact will cost them some sales from people like DarthVain. They obviously know this, and are apparently okay with it.

It is also fairly annoying that it's necessary to hack the phone (jailbreak, whatever) to make it work with an otherwise compatible GSM network though. Vendor lock-in is pretty much par for the course with Apple stuff, though. It's part of why I don't really own any.