1. What is Haystack?
Haystack is a effectively a fast virtual private network (VPN), a computer program that allows full, uncensored access to the internet even in areas with heavy internet filtering, such as Iran. We use a novel approach to obfuscating traffic that is exceptionally difficult to detect, much less block, but which at the same time allows users to use regular web browsers and network applications securely.
2. Why are you doing this?
We are deeply committed to the idea that everyone has a human right to free expression, and censorship is a direct infringement of that right. This project is our attempt to make the world a better place – as Martin Luther King Jr. once said, “Injustice anywhere is a threat to justice everywhere.”
3. How does Haystack work?
Like most VPNs, Haystack hides traffic from the internet inside traffic that looks like perfectly normal web connections to innocuous sites. The Haystack client connects to our servers which in turn talk to websites on behalf of our users.
4. What do I need to run Haystack? What programs work with it?
The Haystack VPN software runs on Windows (2000 and up), OS X (10.4 and up), and modern Linux distributions. The executable is under half a megabytes and can run, without installation or configuration, from USB drives, optical discs, floppy discs, memory cards, and many other media.
From a user’s point of view, Haystack appears to be a standard HTTP proxy, which means that Haystack not only supports all modern web browsers but many other network programs as well, including Yahoo Messenger, FTP clients, and IRC clients.
5. Is Haystack secure?
Yes. We go to great lengths to ensure that any traffic between our servers and our users looks like perfectly normal, innocuous, and unencrypted web traffic – not like a VPN. It would be exceptionally difficult to detect and block automatically.
However, even if our methods were compromised, our users’ communications would be secure. We use state-of-the-art elliptic curve cryptography to ensure that these communications cannot be read. This cryptography is strong enough that the NSA trusts it to secure top-secret data, and we consider our users’ privacy to be just as important. Cryptographers refer to this property as perfect forward secrecy.
6. Is Haystack offered free of charge?
Of course. We would like to see as many people as possible assert their human right to free expression.
7. Is Haystack Open Source Software?
No. Although we sincerely wish we could release Haystack under a free software license, revealing the source code at this time would only aid the authorities in blocking Haystack. In the future, however, we would like to find a way to reconcile our Free Software ideals with the necessity of frustrating the efforts of those who would block Haystack.
8. Keeping the source code a secret, aren’t you just relying on “security through obscurity”? Won’t authorities eventually discover how your software works anyway?
This charge is difficult to refute because “security through obscurity” is indeed false security under normal conditions. However, Haystack has several properties that make it a special case.
First of all, we do not rely on “obscurity” to protect our users’ privacy. Everything that one of our VPN users sends and receives is enciphered. It would take centuries for all the world’s computers to decipher one of our users’ browsing sessions even with full access to the Haystack source code.
“Obscurity,” however, does make it much harder to find ways to block our software. Of course, the authorities will pour resources into finding a way to do this, and they may temporarily succeed. In that event, we will refine our software and issue a new version that circumvents the restrictions. We will not, however, give the authorities any assistance in this process. By retarding their efforts, we ensure that the Haystack network operates more robustly for more extended periods.
9. Why not just use Tor?
Haystack VPN and Tor do fundamentally different things and complement each other.
Tor focuses on using onion routing to ensure that a user’s communications cannot be traced back to him or her and only focuses on evading filters as a secondary goal. Because Tor uses standard SSL protocols, it is relatively easy to detect and block, especially during periods when the authorities are willing to intercept all encrypted traffic.
On the other hand, Haystack focuses on being unblockable and innocuous while simultaneously protecting the privacy of our users. We do not employ onion routing, though our proxy system does provide a limited form of the same benefit.
A user using Haystack appears to be engaging in regular, unencrypted web browsing to a computer, which raises far fewer suspicions than many encrypted connections. Authorities can block Haystack only by completely disabling access to the internet, which gives Haystack greater availability in crises, during which the authorities may be perfectly willing to stop all encrypted traffic.
Also, unlike Tor, our Haystack virtual private network has no public list of servers, making it exceptionally difficult for the authorities to discover which machines to block. The Haystack client is also less than a quarter of the smallest Tor client’s size, which leads to greater availability when it is impossible to download large programs.
It is possible to configure Tor to transmit through Haystack, and users who require the additional guarantees that Tor provides are welcome to combine the systems.
10. When will Haystack be ready?
Haystack is currently in the beta testing stage, and we are working out the last kinks in the system. We are also in the process of taking care of several procedural hurdles that must be settled before the program is operational. We are aiming for a full release sometime this winter.
11. How can I help?
Please donate to the project. We require servers, developers, and other resources to develop Haystack fully. Even small donations go a long way toward ensuring that people everywhere can communicate freely.
We also appreciate computer equipment, books, pizza, and thank-yous.
12. I have another question!
That’s not a question! But seriously — we’re dedicated to being as open as we can be while not giving any ground to the authorities. If you’d like to know anything, email us at firstname.lastname@example.org, and we’ll do our best to get back to you.