I don't think Liberte users are vulnerable because it doesn't use Firefox or Iceweasel does it? No I don't think there is. I don't think there is even any proof yet that this is actually him, although circumstantial evidence strongly suggests that it is. I do know that he used virtual machines to isolate his web servers though, that means if he was hacked the hackers had to break out of a virtual machine, which is pretty advanced compared to everything we have thus far witnessed LE hackers do. Another possibility is that his server was traced to its entry guards and then LE got a court order to tap an identified entry guard in order to locate his hidden service. Another possibility is that he fucked up in some other way, maybe social engineering got him or maybe the datacenter his server was at noticed he had 24/7 terabytes a day of Tor traffic. The exploit only targets what looks like Windows OS, but Tor Button makes all Tor users look like they are using Windows. So it is not certain that it wont work against Linux users, it will try to exploit them anyway due to the fact that Tor Button spoofs user agent to look like Windows. I have seen a few peoples opinions on this exploit code so far, and nobody is yet willing to say if it works against Linux or not. So far I have not heard much that sounds very solid. Javascript directly cannot obtain IP address, but it can be used to take full remote control of a persons computer, because it can be used to exploit security vulnerabilities in firefox or whatever, and that is what people think has happened. He kept his identity a secret and he did offer free hosting services. Of course they could use the same tactic to shut SR down. It may be possible, or it may not be, it depends on too many variables that we do not know. You should have used GPG. The claim is that the exploit was injected during the down time, and during the time when the server is down message was coming up. He didn't host CP himself and he actually said in the rules that he wouldn't allow CP to be hosted, but he also turned a complete blind eye to it and obviously was fine with people using his server to host CP. I don't think he was too stupid or anything, he had some of the best technical security of anyone in onionland and he has been running Freedom Hosting for quite a lot of years now with no issues. He also didn't charge anything for hosting anything. Also the person who is busted used his credit card to withdraw 6,000 Euro in romania but also sent about half a million dollars worth of Euros to Romania through his bank account.