[cookiecaper]

The headline implies that the "compromise" is an inherent failure in the protocol (or else how could "half" of all sites be infected?) instead of the reality that the hosting provider intentionally placed an exploit in all of their pages.

A better title may be like: "major .onion hosting service infiltrated by feds, all sites converted to honeypots; founder arrested". This does not imply any fundamental flaws in Tor itself or the technology in use, it does not falsely attribute a specific portion of .onion sites as infected, it does not communicate uncertainty into which sites are damaged (only sites hosted by Freedom Hosting were affected afawk), and it correctly reflects the events.

[pyre]

> The headline implies that the "compromise" is an inherent failure in the protocol

Personally, I didn't read it that way at all. My first assumption was a hack, because it's more likely that a website was hacked than that the Tor protocol was so severely compromised.

> or else how could "half" of all sites be infected?

To me it sounded like a possible major law enforcement operation against 'rogue' sites. If someone was able to compromise Tor so completely, the idea that they would turn around and just hack half of the hidden sites doesn't make sense. Such an exploit would be worth major cash on the exploit market (mostly due to governments bidding against each other to get it).

[threeseed]

You're being bizarrely pedantic.

If the headline had read "half of all web sites compromised" I would never have it thought it was because of some underlying fault with HTTP.

[cookiecaper]

Onion sites are (typically) accessed over HTTP, so the fact that I didn't think HTTP was flawed demonstrates that there's some misinterpretation here.

I'd suggest that you're the one being overly pedantic. "Protocol" doesn't necessarily have to refer to something explicitly labeled as a "protocol".

[RodericDay]

language is incredibly important. thank you a lot for the explanation.

[hnnnnng]

'infiltrated by feds' is a presumption based on speculation at this point. Assumptions dont 'correctly reflect events'. If you want to fix something, fix it entirely.

[cookiecaper]

It correctly reflects events as detailed by the post. The post clearly assumes that "the FBI" originated the exploit code and has been using it to harvest visitor IP addresses. I believe "infiltrated" is a fine summarization for that.

I suppose it's possible that the founder had a change of heart two days prior to his arrest and started collecting everyone's IP and sending it to the FBI based on nothing but a sense of personal moral obligation, but it doesn't seem too likely, and it's irrelevant either way because again, the proposed title is an accurate description of the posted article, even if the posted article is an inaccurate depiction of Real Life(tm).