SELF-STYLED premium zero-day acquisition platform Zerodium is offering one million dollars in bounty payments for Tor browser vulnerabilities.
Tor has its own bug bounty programme, which it announced back in 2015. "We are grateful to the people who have looked over our code over the years, but the only way to continue to improve is to get more people involved," said Nick Mathewson, co-founder, researcher, and chief architect of the Tor Project back then.
In 2014, the Russian government offered a 3.9m rubles (£65,000) prize to anyone clever enough to crack the Tor network.
Zerodium's bounty program runs until the end of November, or earlier, if the firm spends its $1m before then. Zero-days are requested on Windows and Tails Linux.
What with the fact that Tor already has its own bounty programme it does seem rather mean of Zerodium to come rolling in and offering bigger bounties. The firm explains itself, so we'll give it that.
"While Tor network and Tor Browser are fantastic projects that allow legitimate users to improve their privacy and security on the internet, the Tor network and browser are, in many cases, used by ugly people to conduct activities such as drug trafficking or child abuse," it said.
"We have launched this special bounty for Tor Browser zero-days to help our government customers fight crime and make the world a better and safer place for all."
Oh, ah. Well, we knew that the UK GCHQ and US NSA, and whatever the Russian equivalent is, want to crack into the onion, so that makes sense. Even if we don't like it. µ
C3-PO, R2-D2, BB-8 and other Androids
Helpful cyber vigilante gets short changed by customer services
...you know, now it's less confusing...
Firm will no longer provide updates for its first Android mobe