Cyrus Farivar writes:
In an Irish court on Thursday, a FBI agent admitted publicly for the first time that the agency had control of a Tor hidden service operator’s company, Freedom Hosting, for a period of time. It had been widely suspected that the FBI or another American law enforcement agency used a particular Tor exploit to gain control.
Read more on Ars Technica.
Over on Threat Level, Kevin Poulsen also covers the confirmation of what was long suspected, but notes what concerns me about the confirmation:
Freedom Hosting was a provider of turnkey “Tor hidden service” sites — special sites, with addresses ending in .onion, that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network. Tor hidden services are used by sites that need to evade surveillance or protect users’ privacy to an extraordinary degree – including human rights groups and journalists.
Over ten years ago, I was involved in discussions concerning how to protect dissidents living under restrictive regimes and was involved in my own small way in efforts to assist them. If the FBI was able to compromise TOR, then so were others, putting freedom and lives at risk. While I have no sympathy or empathy for those who might use Tor for porn or some other activities, I am concerned about protecting dissidents and non-U.S. journalists who are trying to get information out, often at great risks to themselves. When our government inserts backdoors or compromises the security of networks or sites by weakening encryption standards it’s a serious problem on so many levels, but we need to keep dissidents in mind as we talk about what to do going forward.