Tor 0-days

mmm I read this but I am not very happy with it though…. They want a zero day exploit with the intention of not giving it to tor but rather the government to “help” keep us safe… I am all for helping the government with keeping the people safe but if it means that I have to totally expose myself to them so they know I am not a threat then what really is freedom? Is freedom the price to pay for security? :| Let me know your thoughts on whether we should give our freedom/anonymity for “security”…

I agree with you Cpt_Underpants

Freedom is unachivable, and so we have to do our best to reach it, and every small step toward it should be taken. A 0-day has to be patched, for everyone freedome AND security. Government agencies have already done enough damage with eternal blue, and if someone is able to find a 0-day, someone else will later.
Criminals are also not stupid, and if government were to prove that they are able to use such an exploit, criminals would move to something else, probably even more secure.
The company also seems to be looking for a web exploit, which would not target Tor in itself, but Tor browser. And for browser is nothing else than Firefox ESR. So an exploit in for browser is very likely to exists in Firefox, and so it could be used against anyone, and not just the potential criminals on the Tor Network. And Snowden already showed the world how they don’t care spying on everyone in every way they can. It’s better for everyone that this kind on attack vectors get patched as soon as they are found.

Some very interesting texts in this thread.

In all honesty though a million dollars is a ridiculous amount of money, as much as I want to preserve the anonymity I would probably take the money and run. After a while tor browser will find the exploit or somebody else will and they will patch it, so maybe taking the money and avoiding tor for a few months until they patch it may be the smartest thing to do.

But they wouldn’t let you run. You would be the only one except them to know about the exploit, and if they really were to sell it to governments, the governments would make sure you keep quiet. You would have lost your own “freedom”, and couldn’t spend you money.

What about looking at making an anonymous tip off with the details of a separate bank? I know I am saying anonymous but you’re giving them an exploit to not make you anonymous xD The irony is pretty funny

They wouldn’t give you any money unless you sign a contract or something. That’s for sure. The exploit would be valueless if they couldn’t prove that it wouldn’t be given to anyone else.