It's hard to tell from the article whether Facebook was an agent of the FBI or not in delivering the exploit, which has legal implications for this case.<p>What Facebook could have done to avoid that issue is to enforce their ToS to get his IP address, then contact and hand those logs to LEO. (A company can follow its own processes as far as possible before contacting LEO, but once they start working together, they become an agent and the process is changed into something with less independence.)<p>The idea of creating a new OS to trap an end-user is one of the weirdest things I've ever heard of, on several levels, frankly.<p>Source: previously the LEO contact at a large Silicon Valley company. Typically you meet with them quarterly or as necessary, but you don't casually "work together" on cases to avoid the appearance of being their agent instead of a company representative.
> For years, a California man systematically harassed and terrorized young girls using chat apps, email, and Facebook. He extorted them for their nude pictures and videos, and threatened to kill and rape them. He also sent graphic and specific threats to carry out mass shootings and bombings at the girls' schools if they didn't send him sexually explicit photos and videos.<p>> raises difficult ethical questions about when—if ever—it is appropriate for private companies to assist in the hacking of their users.<p>I am happy Facebook did this. They made the world a better place.
The exploit used a modified video which caused Tails' video player to reveal the user's real IP address. Does anyone know how that could be done? Does the video contain a redirect of some kind to an url that causes a bypass?