Vulnerabilities and exploits
In 2016 I noticed something odd on Twitter — without context or explanation, Andrea Shepard, a Tor developer, had posted a string of random letters and numbers. Some days later, news broke that the Tor Project had cut ties with Jake Appelbaum, a lauded activist and the most high-profile of their developers, in response to allegations of sexual harassment. Shepard tweeted again, revealing that the mysterious message was a SHA-256 hash of the sentence, “It seems one rapist is one rapist too many.”
It was a veiled accusation, one that omitted Appelbaum’s name or the context of his alleged acts — a statement that only landed a punch when lined up next to the Tor Project’s official statement and the many accounts that followed. It could have been a Weinstein moment, but in 2016, his accusers were met with harassment from many quarters. Although Appelbaum had been a well-known missing stair for many years, the moment was a “controversy,” not a reckoning.
In 2017 we’ve moved on from veiled words hidden behind encryption, to victims tweeting out their accounts and naming their alleged attackers. Whisper networks have turned into loud broadcasts, and even — for a brief, disastrous moment — public Google spreadsheets of misdeeds.
