Re: Huh?
Wait, so if the FBI has seized and fully controls the Playpen server, and the subject's computer has been infected with an exploit that reports the suspects IP/MAC address/quantity of Justin Bieber songs in music library/etc back to the server, you are asserting that the fix is to ensure all traffic is routed through Tor? - The exploit worked by running a javascript exploit on the main site, setting up a connection directly to the FBI server separate to the connection to the playpen site. The only details it gave were MAC and IP. Nothing more. So yes, the vulnerability would not of worked because it wouldn't of been able to set up a side connection outside of Tor. Also, anyone not allowing JS to run wouldn't of been affected.
I don't know anything about their exploit - so why argue it?
Given the hit rates, I'd guess that the exploit may be as simple as seeding a hot_nekkid_pics.zip.exe file on the server - If a site has x amount of files and you infect 1, what is your hit rate as compared to just running a JS exploit on the main page and nabbing everyone who visits it?
they relied on the idiot's own actions to reveal themselves. - yes.
Plus, the original goal would have been to bring the server down (and, hopefully, go after those running it and producing any content). Nailing a few consumers is just gravy if it helps with deterrence. - Agreed, but from what I've heard the goal was always to take the clients, then the server.