undefined | Better HN

0 pointsstaticassertion8y ago0 comments

I guess I'm not everyone. I'd bet that the majority of the 'busts' are due to:

a) Infiltrating chats where people are more likely to share sensitive information / trust the people they're talking to

b) Poor configurations/ setups on either the client or server (client browser bundle has noscript, but it's not on the strictest settings, js is enabled iirc)

c) Exploitation of client or server due to out of date versions, things like that

Historically I think it's always fallen into one of these cases - and not just what the FBI etc say publicly but we've seen these exploits ITW. I wouldn't be surprised if the NSA and other agencies have the power to deanonymize TOR users but if it were trivial why is the majority of TOR traffic still going towards illegal content? Last I read (a paper a year ago) TOR is still primarily all about drugs, followed by child pornography (mostly drugs though iirc). If they can track all of these people by breaking TOR completely... why don't they?

0 comments

colejohnson668y ago

^ This.

Remember, Silk Road was finally found and taken down because Ross Ulbrich messed up his OpSec on a Stack Overflow question.

0xJRS8y ago

Thats really interesting, does anyone have a link to an explanation about this?

colejohnson668y ago

Wow. That was 4 years ago?

Here’s a Reddit discussion: https://www.reddit.com/r/webdev/comments/1nln17/the_stackove...

Basically, he posted to stack Overflow using his own name and email address with code that was Silk Road was using. He quickly changed his username, but it was too late.

j / k navigate · click thread line to collapse

0 pointsstaticassertion8y ago0 comments

I guess I'm not everyone. I'd bet that the majority of the 'busts' are due to:

a) Infiltrating chats where people are more likely to share sensitive information / trust the people they're talking to

b) Poor configurations/ setups on either the client or server (client browser bundle has noscript, but it's not on the strictest settings, js is enabled iirc)

c) Exploitation of client or server due to out of date versions, things like that

0 comments

colejohnson668y ago

^ This.

Remember, Silk Road was finally found and taken down because Ross Ulbrich messed up his OpSec on a Stack Overflow question.

0xJRS8y ago

Thats really interesting, does anyone have a link to an explanation about this?

colejohnson668y ago

Wow. That was 4 years ago?

Here’s a Reddit discussion: https://www.reddit.com/r/webdev/comments/1nln17/the_stackove...

Basically, he posted to stack Overflow using his own name and email address with code that was Silk Road was using. He quickly changed his username, but it was too late.

j / k navigate · click thread line to collapse