On Wed, 11 Jan 2017 11:59:19 -0500 Steve Kinney wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 01/10/2017 08:49 PM, juan wrote:

...

On Tue, 10 Jan 2017 20:30:34 -0500 grarpamp wrote:

...

https://www.eff.org/deeplinks/2016/09/playpen-story-fbis-unprecedente d-and-illegal-hacking-operation

...

unprecedented? except for freedom hosting? what the fuck?

anyway, another great illustration showing what piece of shit the tor network is - wouldn't expect less from a cyberweapon whose purpose is to serve the pentagon.

I think the Big Secrets they are trying to protect here include:

* The technique the FBI used to ID their child porn customers only works if the customer is running the TOR Browser on a Microsoft OS with NoScript in its default "off" position. The more widely this is publicized, the more useless the FBI's anti-TOR kit becomes.

That was a vulnerable configuration when the 'hidden' service freedom hosting was 'unhidden' by the gov't, in 2013. One would expect that the browser side of things was patched after that... Anyway, piece-of-shit tor has two points of failure. First the target server is found through traffic analysis (not 'hacked'). Once they know where the server is, the gov't calls the datacenter and tells them to patch the site so that it now serves malware. And the malware 'compromises' the shitty tor browser.

* The FBI distributed real child porn for weeks, in an operation not seeking to prosecute the people who produce it, and not doing anything to help the victims. How much of the great unwashed public would approve of that? Better toss out a red herring or two, make another issue the big talking point.

Well, that's the basic magical power of the state. They can criminalize non criminal activity like file transfers, and they can also exempt themselves from their own arbitrary 'laws'.

* And yeah, "nobody" wants the general public to understand that the TOR Browser Bundle is not ten feet tall and bullet proof, so the means of exploiting it to find a user's IP address has to appear to be a secret Superpower, not a script kiddie stunt.

They must be using a 'new' 'undisclosed' hole in the shitty java script engine, or more perhaps more likely, in another library of the amazing and 'open' (no bugs eh) piece of bloatware known as firefox. On the other hand, the malware was allegedly served to thousands of machines. One would expect that somebody somehow saved a copy...Especially somebody interested in doing "quality assurance" of the the tor shitbundle.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJYdmRnAAoJEECU6c5XzmuqpC8IAJihtjh1eyOUEsw3F0dHfLoo cgir1wGB/id/IgUNkyGVR3jwPNrD4Kz6lcWXioZyLXXjyKuBgLnl3b/D7dVQWliv P51rHzxI8z3c4bS/4kHVZZSWE+hAowd37x+v5AMyqlulG2If4s5spLbnKdQoEqkM dl2xFMjixrD8g/268bNGNxk5LNk+5JPKeYHohxpZG1dkz3xuiY4JQzmbgVEWvwWD UWz613aIWvM0jiRX13+ts0wLG0AuOG3CcT6qTWvZ3vynAYOtnqhP8EgYH/rhDLT3 EQawpo7aIrWv7dGPZd947p9T3Ijmu6ijocQdME2aWF+PI6Un0h+BAjpFGwz0dK8= =fYSk -----END PGP SIGNATURE-----

On Wed, 11 Jan 2017 14:40:21 -0500 grarpamp wrote:

On Wed, Jan 11, 2017 at 11:59 AM, Steve Kinney wrote:

...

I think the Big Secrets they are trying to protect here include:

* Since they don't want to disclose their domestic / global wiretaps, often used unconstitutionally illegally spying on their own citizens, and tor's onions are basically trivially findable for such GPA's, they rely on secret 'tips' from undiscloseable tap / LE partners, typically overseas since that makes jurisdiction and discovery even harder.

We also know opsec of criminals often plain sucks,

typical excuse straight out from the pentagon's playbook. you can do better than that grarpamp? perhaps not.