[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tor-talk] FBI cracked Tor security
On 7/14/2016 1:23 AM, Jon Tullett wrote:
1. Wasn't this discussed back when it occurred? As to how they did (or
likely did) identify the Tor / Tor Browser users for the porn arrests?
I think what you'll find in such cases is that the FBI generally crack
the servers hosting the illicit material, not Tor itself.
Or am I thinking of bringing down Silk Road & some other sites?
2. Aren't statements (from anyone) like, "... generally crack the
servers hosting the illicit material, not Tor itself," sort of a matter
e.g., on clear net, a plain Firefox user browses to a trusted site
that's been hacked (& might be detectable, if anyone was checking). The
browser has no defense against the specific attack, though addons (say,
NoScript) are aware of the possibility.
So the site / server was attacked 1st, but that's not the goal. Due to
weakness in (any) browser, isn't it as much an attack against the
browser as the site? And just as much the browser devs' faults for not
fixing the weakness - if possible, and / or not repeatedly, very visibly
warning users in unmistakable language - if they don't do so. In many
cases, the discussion becomes, "Was it Firefox's fault or Tor Browser's,
for not fixing the Firefox weakness?"
Not many realistic people I know would expect the producer or
distributor of a product to *continually* point out the shortcomings, if
they expected to retain or increase users. (They might like for this to
happen, but don't realistically expect it to). Especially when the
producer & distributor won't be legally liable for anything, if they
don't constantly warn users. There's no penalty for software devs - esp.
not freeware. There usually are certain warnings or known issue
comments from software devs, but often fairly obscure to average users.
If Tor Project - or any other developer - repeatedly splashes weaknesses
on page 1, it could seriously decrease users.
With software, lose-weight-while-you-sleep pills or OTC drugs, not all
users necessarily understand the warnings, even if they hear / read
them. Often because they're ambiguous or don't give enough details or
aren't worded so that average people understand. And / or some users
have a "it'll never happen to me" mentality.
tor-talk mailing list - firstname.lastname@example.org
To unsubscribe or change other settings go to