[tor-talk] FBI cracked Tor security

Joe Btfsplk joebtfsplk at gmx.com
Thu Jul 14 19:17:32 UTC 2016 

On 7/14/2016 1:23 AM, Jon Tullett wrote:
>
> I think what you'll find in such cases is that the FBI generally crack
> the servers hosting the illicit material, not Tor itself.
>
1.  Wasn't this discussed back when it occurred?  As to how they did (or 
likely did) identify the Tor / Tor Browser users for the porn arrests?
Or am I thinking of bringing down Silk Road & some other sites?

2.  Aren't statements (from anyone) like, "... generally crack the 
servers hosting the illicit material, not Tor itself," sort of a matter 
of semantics?
e.g., on clear net, a plain Firefox user browses to a trusted site 
that's been hacked (& might be detectable, if anyone was checking).  The 
browser has no defense against the specific attack, though addons (say, 
NoScript) are aware of the possibility.

So the site / server was attacked 1st, but that's not the goal.  Due to 
weakness in (any) browser, isn't it as much an attack against the 
browser as the site?  And just as much the browser devs' faults for not 
fixing the weakness - if possible, and / or not repeatedly, very visibly 
warning users in unmistakable language  - if they don't do so.  In many 
cases, the discussion becomes, "Was it Firefox's fault or Tor Browser's, 
for not fixing the Firefox weakness?"

Not many realistic people I know would expect the producer or 
distributor of a product to *continually* point out the shortcomings, if 
they expected to retain or increase users.  (They might like for this to 
happen, but don't realistically expect it to).  Especially when the 
producer & distributor won't be legally liable for anything, if they 
don't constantly warn users. There's no penalty for software devs - esp. 
not freeware.   There usually are certain warnings or known issue 
comments from software devs, but often fairly obscure to average users.  
If Tor Project - or any other developer - repeatedly splashes weaknesses 
on page 1, it could seriously decrease users.

With software, lose-weight-while-you-sleep pills or OTC drugs, not all 
users necessarily understand the warnings, even if they hear / read 
them.  Often because they're ambiguous or don't give enough details or 
aren't worded so that average people understand.  And / or some users 
have a "it'll never happen to me" mentality.

More information about the tor-talk mailing list