.@ExodusIntel is lying. CC: @matthew_d_green @ErrataRob @thegrugq @ioerror @puellavulnerata The i2p vuln is a smokescreen. Their original tweet (https://twitter.com/ExodusIntel/status/491247299054428160 ) said they had *multiple* 0-days on Tails, and specifically called out Tor as the culprit. But their "responsible disclosure" is of an i2p vuln, unrelated to Tor and irrelevant to the vast majority of Tails users. It doesn't add up.

My theory is that they have a Tor vuln (perhaps Tails-specific) in addition to the i2p vuln, which they are not disclosing, and still intend to sell. They misjudged public reaction, and when they realized that they were going to be made a pariah over withholding a Tor vuln from the public, they decided to burn a lesser i2p vuln and pretend that's what they were talking about all along.

Prove me wrong.

Reply · Report Post