[throwawaytarp]

>Blaming the person who found out how terrible EJMR's "anonymization" was, is classic shooting the messenger.

Found out! They had an enemy: a small forum that they did not control. They looked for ways to screw it. This isn't some good-natured happenstance, they targeted someone they didn't like so they could screw them. The result, the point, wasn't, "Hey, security is important, kids, let me highlight your errors" it was, "Hey, you goddamn blasphemers, you have trod upon my fickle religious beliefs, so with the institutional and state power vested in me I will screw you."

So you're saying its good that the obviously vindictive "researcher" targeted them for personal reasons because he dislikes political/religious opinions displayed on their casual rumors forum. "It was a public service," he claims! I understand that you probably want to white knight for your team, but perhaps take a moment to realize how ghoulish your disingenuous equivocation is.

[olliej]

Dude, you're hiding behind an explicitly anonymous account throwing random personal attacks at people.

I literally had not heard about ejmr until this week.

Direct your anger at ejmr, they're the people who made bogus claims about anonymity while using tools they lack the most basic understanding of.

It also does not matter if it was some kind of personal "I hate this forum" or "I hate the creator". ejmr's anonymization was incompetently written, and screwed up the most basic usage of the most basic cryptographic primitives, and was using the wrong primitives in the first place.

The fact that we're hearing about this in a paper by a person you have declared to be on a vendetta is irrelevant - given that person is explicitly not a cryptographic specialist and was able to find that the ejmr posts were not anonymous means that the idea that no one else could have done so without publishing an academic paper is implausible.

As I have said elsewhere, ejmr's "anonymization" was so broken that even the attack itself was trivial (the article's author is an academic and would have absolutely made a separate publication on the deanonymization process if they could have).

[ShrigmaMale]

then i think that's why you're so cavalier, you don't understand the area you're discussing. ejmr is an actual important site in econ, and by cracking and holding that info rather than just reporting a bug, ederer is creating and maintaining a chilling effect because "wahh, he doesn't like what people say about him on there"