[tor-talk] fwd: FBI Is Pushing Back Against Judge's Order to Reveal Tor Browser Exploit

Thu May 19 15:56:25 UTC 2016

On 5/19/2016 1:31 AM, Zenaan Harkness wrote:
> On 5/19/16, krishna e bera <keb at cyblings.on.ca> wrote:
>> On 05/18/2016 11:40 AM, Joe Btfsplk wrote:
>>> I'm surprised there are no discussions or questions on tor-talk about
>>> this issue .
>>> Since any exploits - whether due to "flaws" in Firefox or TBB, or not -
>>> potentially have broader implications & applications.
>>>
>>> Normally, there'd be many comments on far less serious but important
>>> issues.
>>> I doubt comments are being censored.
>> Actually i am not surprised there are few comments from the Tor
>> community - maybe not smart to discuss legal strategy in the open...
> See that on sl4shd0t all the time - "market testing" "think testing"
> etc - unknown entity wants to know current 'think' and potential of an
> idea, just throw it up on slashdot and many people chime in, giving
> away their best thoughts and insights to anonymous entity without any
> thought to contributing to a specific libre project. Action is
> important, ideas are otherwise used by those with money in our
> capitalist greed oriented instant gratification society.
Point(s) accepted.  But... if it's often a better idea not to openly 
discuss matters involving legal or potential flaws / bugs, possibly 
directly affecting Tor or Firefox users, we may not follow that strategy 
very consistently.

"Discussing" an issue doesn't have to & shouldn't involve giving away 
secret / previously unannounced valuable strategies or counter measures 
to attacks or hacking methods.  However, seems like once any software, 
network  or best practices changes are made, the enemies will figure 
them out soon enough.

Even if nothing of value is given to the enemy, users on this list & 
elsewhere usually discuss hot topics w/ serious implications - sometimes 
excessively.

We discuss general ideas on topics like how to disrupt LEAs & others 
from identifying users of Tor & other software; how LEAs might have 
identified users *and* strategies on how it could be prevented or 
minimized.  And much more.  Maybe some of those discussions are really 
bad ideas.  It just struck me as odd that this topic was one of very few 
when most tor-talk subscribers decided to adhere to communication 
silence.  I haven't checked other related lists or forums.