On Mon, 5 Aug 2013 10:15:20 +0200 Nadim Kobeissi <na...@nadim.cc> wrote:
> Now, we find out that the FBI has been sitting on an exploit since an > unknown amount of time that can compromise the Tor Browser Bundle, > which is currently the main way to download Tor and the only way to > download Tor for the average end-user, and is deploying it en-masse > to the visitors of what seems to be around half of all Tor hidden > services, which have also been compromised Please cite first person sources on this. It's not clear the FBI did anything or is involved at all. There is a reddit thread implying this, but no statement (as of yet) from the FBI or anyone claiming responsibility for the javascript injection. Second, it's not clear this exploit or malware has actually compromised current versions of Tor Browser (as released on June 26, 2013). Please show a working exploit against the current TBBs. Third, please show data that "half of all Tor hidden services" have been compromised. We don't have this data because we don't track hidden services. If you do, please share your metrics. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech