It also questions Tor Project's effectiveness at educating its users. Especially users engaged in high-risk activity. Once PlayPen had been compromised, this FBI operation relied entirely on exploiting a Firefox vulnerability to drop malware that phoned home, bypassing Tor. Putting tor daemon and userland in separate VMs would have prevented user compromise. Even firewall rules might have prevented it. Why doesn't Tor Project focus more on user safety?
Edit: We hear about this because defendants in criminal cases are questioning FBI practices. And because criminal cases in the US are public, unless there are national security issues. But we probably don't hear about similar efforts elsewhere against political dissidents etc.
Edit: We hear about this because defendants in criminal cases are questioning FBI practices. And because criminal cases in the US are public, unless there are national security issues. But we probably don't hear about similar efforts elsewhere against political dissidents etc.