Tor Honeypot Attack

It’s a hilarious demand for hackers to make of anything that enforcement should be ramped up to begin with.

One topic that has really caught my attention was how last year the entire management of the tor browser project allowed itself to be upended by sexual misconduct allegations made against one of its members. This software gets widely recommended in the security community for being capable of effectively encrypting your internet connection against many types of potential adversaries. It has had some input from law enforcement in its design and concerns are raised about whether the servers that make up its network are spying on its users, but overall this doesn’t prevent many people from maintaining their strong belief in its effectiveness. As law enforcement also uses the tor network themselves to protect their own connections, it is said they can’t risk undermining the whole network entirely.

It would be a serious issue though if the management overseeing development for the project can let itself get conned by the most basic social engineering attack. As much as I can find this has gone unreported even in the underground hacking alternative media who should be raising all kinds of alarm bells about it. The only thing that has been said is that these unconfirmed allegations must be addressed by enforcing better cultural norms in the tech community where sexual assault is allowed to take place to prevent it from happening more often. But this reaction completely fails to address how the browser they all claim to rest the security of their livelihoods on has become fundamentally undermined only due to one of its staff members having sexual relations with questionable people who went on to publicize their unconfirmed stories of assault through the media. I would have to laugh at what an obvious honeypot attack this turned out to be if so many lives did not really depend on the tor browser having a reliable management.

The people who come out looking good with their response of calling for a rabid hunt to get made against harassers have shown no change in their understanding that would allow them to be able to prevent such idiotic attacks from happening against them. In much of their writing they reveal a common disturbing belief in the intentional accumulation of the social capital necessary that would allow you to convince a person to become authentically infatuated with you. Many of the responses have, again failing to address the issue of the tor browser, instead chosen to attack the person’s character saying they knew the person was some how bad because they witnessed them stealing work previously or putting their name on things that didn’t belong to them. Hackers making claims of copyright theft! And in every instance the person was too much of a coward to speak up in the moment when the problem could have been resolved right there and then, so instead they allowed who they claim to be was an abuser to go continuing to act exactly as they have done. But we can not allow this to stand any longer, apparently.

Why is so much of a big deal made by his accusers about him not only being a sexual harasser but also having all along never really been a real contributor to any of the projects he was a part of but was only greedily using them to suit his own selfish and lazy ends. First of all, why was this put up with in the first place for so long if has any semblance of truth behind it? And secondly, who are the real contributors in any case but the people who have won the war and planted their own flag ontop the smoking battleground? One must stunningly lack a understanding of history to come to believe capitalism has otherwise rewarded the quietly dedicated people who just do good work and never ask anything for it besides when an abuser goes beyond the appropriate limits. And they suggest that now the issue has been taken care of, or when the other abusers are found out, then we can get back to only rewarding the people who really deserve it. If these aren’t the concocted ideals of an agent of the state it would be surprising.

Nevermind that one of the persons who other people took it upon themselves to claim they saw was abused came out in defense of the person saying the situation that was reported was entirely misread by the people who believe it was an instance of abuse. Don’t pay any attention to the fact that everything is heard third hand through a game of telephone ending with a couple of highly disreputable individuals.

It would be very simple for the people who carried out this attack to claim that even attempting to question the veracity of the story reveals a motivation in salvaging the person’s reputation but that is not what interests me in this topic. The person is internationally renowned for their work and will remain so regardless of my input. I only want to find out if the most security hardened internet browser in the world is not just susceptible to exit node monitoring or to carelessly misconfigured javascript but also to the most basic social engineering style of attack you could possibly come up with. If we’re going to make it that easy for the police we shouldn’t even bother.