Tails have tried to communicate with Facebook repeatedly, but it has not responded. Buster Hernández used the Tor browser to hide his identity.
In recent days, Facebook reportedly hired a company that developed an exploit and gave it to the FBI. The objective was to locate a man who extorted and threatened minors through the Linux privacy operating system, Tails.
Buster Hernández, known online as “Brian Kil,” is a California man who threatened and harassed underage girls for several years through messaging applications, e-mails, and Facebook. Hernández extorted them to send naked videos and photos and threatened to kill or rape them if they refused. He did all this through the Tor network, managing to hide his IP address, thus making it difficult to find him.
One of the main features of Tails is that it transfers all Internet traffic through Tor, a network that encrypts and makes anonymous all connections, hiding the true IP address of users. Facebook and the FBI exploited a vulnerability in Tails video player system, known as GNOME, to track the criminal’s IP address.
However, Tails was unaware of the vulnerability of the system and that Facebook was using it to track a person. Tails managed to discover it thanks to an article from the reporting website Motherboard.
Some members of the Facebook team said that they planned to inform Tails of the vulnerability once the FBI found Hernandez, but that never happened. According to a former Facebook employee, they decided not to inform Tails as they would release an update that would eliminate the code flaw.
However, the developers of Tails, as well as some security experts, say that Facebook should have informed them once the FBI finished the operation, even if they had updated the system.
One of Tails’ concerns is being able to fully fix the flaw in the code. Even though they removed the flaw, some people using the software may still be running an outdated version. For this reason, they have tried to communicate with Facebook and the FBI. However, they have not yet received any response.
Negative Responses to Facebook’s Actions
Facebook’s lack of transparency is giving rise to controversy. A GNOME spokesperson commented that the fact of not receiving timely information about such vulnerabilities jeopardizes the safety of law-abiding users.
Many security and privacy experts consider that Facebook should not have created or funded the hacking tool, or that they should have just notified both Tails and GNOME of the flaw so that they could fix it.
Katie Mossouris, who used to lead the vulnerability research teams at Microsoft and Symantec, commented that Facebook is “out of control and making the world less secure for people who need anonymity to survive.”
Recently, the relationship between the FBI and Facebook has become closer. Besides this collaboration, the FBI has been using social media, Facebook in particular, to locate people who incite violence in the recent protests over the murder of George Floyd in the USA.
By Alexander Salazar
