Team Cymru (the company the article is about) has a response to the coverage: <a href="https://www.team-cymru.com/post/team-cymru-myth-vs-fact" rel="nofollow">https://www.team-cymru.com/post/team-cymru-myth-vs-fact</a><p>In short, they claim that:<p>- The "PCAP" data, email addresses, etc that they sell comes from them running malware samples on their own infrastructure. It's not based on captured Internet data.<p>- The web page addresses etc that they sell are the results of automated vulnerability scans and honeypots, not captured Internet data.<p>- The netflow data they sell <i>is</i> captured from real ISP traffic, but it is a small sample (only 1 in 10,000 netflows is captured), and it can't identify individual websites if they use a CDN or shared hosting infrastructure (which most websites do).<p>I have no clue how true these claims are, but those are the claims.
> But of course, not actively endangering our users is a low bar. It is reasonable to raise questions about the inherent disconnection between the business model of Team Cymru and the mission of Tor which consists of private and anonymous internet access for all. Rob Thomas's reasons for choosing to resign from the board are his own, but it has become more clear over the months since our initial conversation how Team Cymru's work is at odds with the Tor Project's mission<p>Looks like he was going to get fired anyway.
Actual title is "The Role of the Tor Project Board and Conflicts of Interest"<p>The Motherboard piece mentioned is: <a href="https://www.vice.com/en/article/y3pnkw/us-military-bought-mass-monitoring-augury-team-cymru-browsing-email-data" rel="nofollow">https://www.vice.com/en/article/y3pnkw/us-military-bought-ma...</a>
If you are using Tor, seriously ask yourself if it's a good idea to install software that was developed by DARPA and has never solved the exit node problem.
While I can appreciate the measured tone in TFA, at some point you've got to take a step back and ask what the hell is going on. This instance reeks of an <i>egregious conflict of interest and this response is negligent on behalf of the board</i>.<p>The current TOR Board scenario is akin to having a known child-abusing relative babysit your own kid, catching them inexplicably sitting with the kid alone in a darkened room in a state of undress, then saying:<p>"Well, this is strange.. but we can't prove you were planning anything malicious this time around. As you were, mate!"<p>Sometimes a harsh response is warranted to preserve integrity of that which is important. This is one of those times.<p>My confidence in TOR was already kind of low, now how can I trust and be assured the lack of firm response isn't due to integrity already being compromised and no longer the main priority?<p>The public trust in TOR is EVERYTHING the project has*.<p>* had