Anti-censorship program Haystack withdrawn Published duration 14 September 2010

image caption The software was born out of the 2009 protests in Iran

Software created to help Iranians escape government control of the web has been withdrawn over security fears.

Haystack was designed to help people in the country communicate via the web without revealing their identity.

However, independent tests showed that Haystack's creators had little control over who was using the program.

The tests also revealed that it could be vulnerable to attacks that limited its effectiveness to mask a user's location or identity.

Soon after the results of the tests were released a notice was placed on the website of the Censorship Research Center (CRC), the group of volunteers that was developing Haystack, announcing its withdrawal.

"We have halted ongoing testing of Haystack in Iran pending a security review," said the notice.

Hidden attacks

Austin Heap, one of the founders of the CRC and co-developer of Haystack, told BBC News that "all functional copies of the software had now been withdrawn".

"It is absolutely reasonable and valid for people to raise these concerns," he said, adding that the CRC would take three steps to answer critics.

Firstly, he said, it would get a third party to review the Haystack code. Secondly, he added, it would make the code open source so anyone could review it and thirdly it would stop people testing the software in the field.

Haystack was born out of the protests that occurred in Iran following the contested presidential election in June 2009.

A surge of online activity - largely on social networks - paralleled the events on the streets of Tehran.

Mr Heap and others developed the tool to help people inside the country circumvent the government's filtering system by disguising sensitive information as innocuous web traffic.

At the time he told the BBC : "It's completely secure for the user so the government can't snoop on them. We use many anonymising steps so that identities are masked and it is as safe as possible so people have a safe way to communicate with the world."

The software was granted a licence by the US government for export to Iran.

However, recent revelations have cast doubt on those original claims.

The investigation into Haystack was led by independent computer expert Jacob Appelbaum and highlighted by internet researcher and blogger Evgeny Morozov among others.

Although test versions of Haystack were only supposed to be shared among a handful of people, copies of the code had been found to have been passed around.

In addition he found that the program inadvertently alerts anyone watching that a person is using the software, and he uncovered attacks that made it possible to use Haystack without its central administrators knowing.

The discoveries led Mr Appelbaum to declare on Twitter that it was the "worst piece of software" he had ever investigated and that he was "concerned for the people using it in Iran".

image caption Thousands of people took to the streets of Tehran in 2009

Professor Ed Felten, a computer scientist at Princeton University, said that Haystack "exhibited the warning signs of security snake oil" in a blog post.

"The problem they are trying to solve - disguising traffic - is extremely difficult. There is a long history of people trying to solve the problem with little success," he told BBC News. "That is reason in itself to be sceptical."

He said the vulnerabilities identified by Mr Appelbaum suggested there was a "real risk to someone relying on the tool being identifiable to the Iranian authorities".

He also criticised the way the software had been developed with no independent verification from experts in circumvention software.

"One implication of closing the project is that you are stuck with the expertise in the group. If you get something wrong, it is difficult to tell."

Other circumvention software, such as Tor, is developed in a more transparent and open way, he said.

"That builds legitimacy and trust between the experts and the users - you know what you are getting."

'Big noise'

The disclosures about the shortcomings of Haystack led to the resignation of its core programmer Dan Colascione.

The Electronic Frontier Foundation has also issued a statement recommending that all users of Haystack stop using the software immediately.

Mr Heap said of the software: "We have always made it very clear to our testers the risks that are involved in using Haystack.

"Anyone using any anti-censorship tool in Iran is breaking the law in Iran," he added. "And also we tell people not to send any sensitive data using Haystack."

"Rogue clients; no apparent control. This is why I and others decided to make a big noise," he wrote.

"It was not a matter of letting just CRC's official Haystack testers quietly know of problems; we feared there was a potentially wider and vulnerable pool of users who were background users of Haystack that none of us, including CRC, knew how to directly reach."

As information about the problems with Haystack emerged many researchers, bloggers and web pundits have weighed in on the debate, with some saying the software was overhyped by Mr Heap and the media and the US government.

"Government accepted claims at face value without the necessary evidence and input from experts," said Professor Felten.

In response to the criticisms, Mr Heap said: "I am surprised at the very personal nature at which some bloggers have decided to take things."