This whole post is a mess. Someone distributes an exploit via a popular hosting provider for onion sites (and it's curious why anyone with a serious interest in privacy would outsource onion site hosting anyway) and suddenly Tor is damaged? There's a link to a paper that claims people can do things you're not supposed to be able to do with onion sites, but I don't see how that's relevant -- this post is conflating at least a few things.
So here's what I can grok from it:
* "Freedom Hosting" founder has been arrested; presumably, many people were using "Freedom Hosting" to host onion sites (is this where "half of all Tor sites compromised" comes from?). No charges listed, article slightly hints at child pornography charges.
* Someone, presumably the FBI, has set up an exploit to be distributed through Freedom Hosting sites that will phone home and reveal your non-Tor IP address (solution: seven proxies). "Freedom Hosting" founder was probably coerced into allowing distribution of this exploit.
* Author claims that said exploit only affects Firefox >= 17 on Windows.
* There's a link to a paper about possible problems with hidden services, which is apparently not relevant to any of this other than the fact that there was just a shakedown on a big onion site provider.
I'm flagging this article because it is utterly incoherent and the headline is sensationalist. There is no evidence of a fundamental flaw in Tor being related to any of the events mentioned. Hopefully someone will write a comprehensible piece soon and put it out there.
The exploit is targeted at the version of Firefox in the Tor Browser Bundle on Windows, which means most Tor users are vulnerable. While you can use a different browser the Tor developers have generally recommended that people don't; it's hard to lock down browsers against information leaks, and the fact that someone's using an unusual browser helps an attacker track them.
It's specifically targeting Firefox 17 for Windows. Versions less than 17 seem to be targeted as well, but the resource (content_1.html) doesn't seem to have ever been available. It does not target anything above 17.
The headline implies that the "compromise" is an inherent failure in the protocol (or else how could "half" of all sites be infected?) instead of the reality that the hosting provider intentionally placed an exploit in all of their pages.
A better title may be like: "major .onion hosting service infiltrated by feds, all sites converted to honeypots; founder arrested". This does not imply any fundamental flaws in Tor itself or the technology in use, it does not falsely attribute a specific portion of .onion sites as infected, it does not communicate uncertainty into which sites are damaged (only sites hosted by Freedom Hosting were affected afawk), and it correctly reflects the events.
> The headline implies that the "compromise" is an inherent failure in the protocol
Personally, I didn't read it that way at all. My first assumption was a hack, because it's more likely that a website was hacked than that the Tor protocol was so severely compromised.
> or else how could "half" of all sites be infected?
To me it sounded like a possible major law enforcement operation against 'rogue' sites. If someone was able to compromise Tor so completely, the idea that they would turn around and just hack half of the hidden sites doesn't make sense. Such an exploit would be worth major cash on the exploit market (mostly due to governments bidding against each other to get it).
'infiltrated by feds' is a presumption based on speculation at this point. Assumptions dont 'correctly reflect events'. If you want to fix something, fix it entirely.
It correctly reflects events as detailed by the post. The post clearly assumes that "the FBI" originated the exploit code and has been using it to harvest visitor IP addresses. I believe "infiltrated" is a fine summarization for that.
I suppose it's possible that the founder had a change of heart two days prior to his arrest and started collecting everyone's IP and sending it to the FBI based on nothing but a sense of personal moral obligation, but it doesn't seem too likely, and it's irrelevant either way because again, the proposed title is an accurate description of the posted article, even if the posted article is an inaccurate depiction of Real Life(tm).
It's just misleading. It's like if there was an exploit for iPhones and the headline was "Half of Verizon network hacked". It's not some arbitrary half of the Tor network, it's 100% of Freedom Hosting's clients.
So here's what I can grok from it:
* "Freedom Hosting" founder has been arrested; presumably, many people were using "Freedom Hosting" to host onion sites (is this where "half of all Tor sites compromised" comes from?). No charges listed, article slightly hints at child pornography charges.
* Someone, presumably the FBI, has set up an exploit to be distributed through Freedom Hosting sites that will phone home and reveal your non-Tor IP address (solution: seven proxies). "Freedom Hosting" founder was probably coerced into allowing distribution of this exploit.
* Author claims that said exploit only affects Firefox >= 17 on Windows.
* There's a link to a paper about possible problems with hidden services, which is apparently not relevant to any of this other than the fact that there was just a shakedown on a big onion site provider.
I'm flagging this article because it is utterly incoherent and the headline is sensationalist. There is no evidence of a fundamental flaw in Tor being related to any of the events mentioned. Hopefully someone will write a comprehensible piece soon and put it out there.