Former Tor Developer Helped the FBI by Creating Malware to Go After Tor Users

Discussion in 'privacy technology' started by Minimalist, Apr 28, 2016.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,043
  2. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,411
    Disgusting! Tor should really vet who they hire more. This guy is pathetic. Tor gave him his start and he uses that to make money selling exploits to the FBI.

    And it's obvious by the FBI saying they lost the source code that they are not to be trusted. They make up the laws as they go.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,024
    He's not the first to turn on Tor. Stuff happens. Money talks. So it goes.
     
  4. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    I think this illustrates the problem with open source security: it's hard, and the business model is tricky. And your loyalties have to prioritise your own family and friends over any organisation.

    Sadly, a huge proportion of the money spent - much of it public money - is spent on attack rather than defence. And a tiny amount goes to open source, despite the reliance on it in everyday e-commerce (think heartbleed etc).

    What I find much more reprehensible are the moles operating in commercial suppliers, weakening security. We pay good money for tainted goods, with those people committing what is fraud against us and the companies they work for. Even worse, the current round of legislation seeks to force companies and their own employees to do this secretly against the corporation's interest.

    Incidentally, what I think I'd do in "employment" contracts for open-source or commercial software, particularly security related stuff, is to put in a disclosure clause, which compelled the person to disclose, to the organisation, any vulnerability they are or became aware of in the future. And to get them to make a statement that they had no conflict of interest.
     
    Last edited: Apr 29, 2016
  5. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,411
    This is really disgusting. This guy got his start at TOR. He would be a no body if it wasn't for them.

    Now he uses inside information he acquired to make exploits for LEA. How low can you go.

    That is betrayal. This guy has zero morals and ethics. No wonder LEA hired him.

    I'm not sure how enforceable the contract would be. They could sell exploits to companies like Vupen anonymously and no one would ever know.

    The only way you stamp out such behaviors is by criminal penalties. But I guess since he did the exploits for LEA it wouldn't matter.
     
  6. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    I wouldn't have much expectation that it would be directly enforceable.

    The enforceability goes in two parts - which reflect what we've seen in other cases, and demonstrate how the rule of law is being broken by LE.

    First is standing. One interesting thing is that no-one, not even those in LE, can feel completely safe that what they do will be covered up and hidden indefinitely, ironically helped by the collect-it-all-keep-it-forever mentality. Once reliable information gets out, then you have standing.

    Second, that the LE claims immunity and the application of secret law "due" to national security. Again, these things can take a long while, but can change due to political shifts or widespread revulsion.

    But, if you had the evidence, and if the case were allowed in an untainted court, there would be no doubt one could get very substantial damages awarded. Big ifs....

    However, I still think it would be worthwhile, because it has been found that getting people to sign declarations makes them less likely to lie and cheat. I'm talking regular, "good" people (see for example the books by Dan Ariely - How we lie to everyone, especially ourselves), who manage to justify shocking behavior to themselves, and I think the psychology of this is particularly applicable to LE and the spooks. Basically, they operate in a bubble where they are told by their superiors that they are doing a wonderful patriotic thing, grouptihink and groupspeak with their peers, and bolstered by a cushy desk job and pension for toeing the line. Whereas a decent level of cognitive dissonance could be very useful to shake them into recognition of the harm they do to their communities and economy, and the shame they should experience.
     
Loading...