A rumor has been circulating for a while that researchers at Carnegie Mellon University (CMU) provided information to the FBI, which led to the feds identifying Tor users linked to crimes. Details of any arrangements have been unclear, but evidence from a criminal case has confirmed a few facts.
It’s now abundantly clear that researchers from CMU used a vulnerability in Tor software to find some users’ true IP addresses. Information was collected during a months-long attack in 2014, carried out as research for a Department of Defense-funded project.
The FBI later discovered that CMU had carried out an attack, and served the researchers with a subpoena to hand over any information pertinent to a criminal case, which it did.
An earlier allegation from the…