[tor-talk] FBI cracked Tor security

Jon Tullett jon.tullett at gmail.com
Thu Jul 14 19:34:16 UTC 2016


On 14 July 2016 at 21:17, Joe Btfsplk <joebtfsplk at gmx.com> wrote:
> On 7/14/2016 1:23 AM, Jon Tullett wrote:
>>
>>
>> I think what you'll find in such cases is that the FBI generally crack
>> the servers hosting the illicit material, not Tor itself.
>>
> 1.  Wasn't this discussed back when it occurred?  As to how they did (or
> likely did) identify the Tor / Tor Browser users for the porn arrests?
> Or am I thinking of bringing down Silk Road & some other sites?

Yes indeed. I linked to such an article in another email in this thread.


> 2.  Aren't statements (from anyone) like, "... generally crack the servers
> hosting the illicit material, not Tor itself," sort of a matter of
> semantics?

Depends on the context, I guess. To the user, maybe, but in the
context of this (Tor) community, the distinction matters. Browser
vulns and server exploits are common. Tor's crypto is not, AFAIK,
known to be compromised. If a law enforcement agency cracked Tor, it
would be a very significant development indeed. The same agency using
browser exploits doesn't move the security needle at all; we already
know they do that.

The issue of who should be responsible for alerting a user to possible
risks is debatable. Tor's job, after all, is not to keep users secure;
it's to keep them anonymous. I don't speak for the Tor project, but I
expect the assumption is that users should take responsibility for
their own security, just as they should take responsibility for
antivirus, patching, and brushing their teeth :)

-J


More information about the tor-talk mailing list