British programmer and writer John Graham-Cumming has spotted something interesting in the opening protocol of any HTTP/2 connection: an array of explicitly formatted code which spells the word PRISM, in an apparent reference to the NSA’s primary program for mass-surveillance of the internet, as disclosed by Edward Snowden in 2013.
But we should probably leave the tinfoil alone on this one, as it seems most likely to be the work of unidentified developers expressing their frustration with the powers that be. If it is the work of a covert intelligence agency, it would hardly a shining example of its work.
The HTTP/2 client connection begins its work with a 24-octet sequence which unravels to PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n. Anyone who has ever tried to make a line wrap in web server output will discount the returns and line breaks (such as ‘\r’ and ‘\n’) and see the word ‘PRISM’ stripped away from the code which it is sitting inside.
Graham-Cumming tracks the origin of the Easter egg back to nine days after the world was rocked by the first wave of Snowden revelations. The set-up for the trick began with the placement of the explicit formatting on May 29th, 2013, during which the apparently useless send-to-foo was initially set up. By July of that year, ‘FOO’ was changed to ‘PRI’
The final commit of the code was identified at Hacker News and referenced in a revised version of the Cumming post.
One of the architects of HTTP/2.0 made quite a vocal posting about how the development group should go about coding the protocol in the wake of the Snowden disclosures.
HTTP/2 is one of the many things currently vexing western governments regarding the potential for genuinely secure communications to also provide impenetrable means for terrorists to communicate with each other and to plan events such as the attacks in Paris on November 13th. Though the protocol is not secure by default, none of the major browser manufacturers intend to implement it without TLS, which means that HTTP/2 will actually be secure in practice.