[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] FBI cracked Tor security



On 7/14/2016 1:23 AM, Jon Tullett wrote:

I think what you'll find in such cases is that the FBI generally crack
the servers hosting the illicit material, not Tor itself.

1. Wasn't this discussed back when it occurred? As to how they did (or likely did) identify the Tor / Tor Browser users for the porn arrests?
Or am I thinking of bringing down Silk Road & some other sites?

2. Aren't statements (from anyone) like, "... generally crack the servers hosting the illicit material, not Tor itself," sort of a matter of semantics? e.g., on clear net, a plain Firefox user browses to a trusted site that's been hacked (& might be detectable, if anyone was checking). The browser has no defense against the specific attack, though addons (say, NoScript) are aware of the possibility.

So the site / server was attacked 1st, but that's not the goal. Due to weakness in (any) browser, isn't it as much an attack against the browser as the site? And just as much the browser devs' faults for not fixing the weakness - if possible, and / or not repeatedly, very visibly warning users in unmistakable language - if they don't do so. In many cases, the discussion becomes, "Was it Firefox's fault or Tor Browser's, for not fixing the Firefox weakness?"

Not many realistic people I know would expect the producer or distributor of a product to *continually* point out the shortcomings, if they expected to retain or increase users. (They might like for this to happen, but don't realistically expect it to). Especially when the producer & distributor won't be legally liable for anything, if they don't constantly warn users. There's no penalty for software devs - esp. not freeware. There usually are certain warnings or known issue comments from software devs, but often fairly obscure to average users. If Tor Project - or any other developer - repeatedly splashes weaknesses on page 1, it could seriously decrease users.

With software, lose-weight-while-you-sleep pills or OTC drugs, not all users necessarily understand the warnings, even if they hear / read them. Often because they're ambiguous or don't give enough details or aren't worded so that average people understand. And / or some users have a "it'll never happen to me" mentality.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk