Hole found in Edward Snowden

black_holeSecurity experts have found a flaw that could expose the identities of people using a privacy-oriented operating system touted by Edward Snowden.

The news came two days after widely used anonymity service Tor acknowledged a similar problem, making this a bad week for those who do not want their information made public.

The most recent finding concerns a heavily encrypted networking program called the Invisible Internet Project, or I2P. It is used to send messages and run websites anonymously and ships along with the specialized operating system “Tails.”

Tails was what Snowden used to communicate with journalists in secret.

I2P is supposed to obscure the Internet Protocol addresses of its roughly 30,000 users, but anyone who visits a booby-trapped website could have their true address revealed, making it likely that their name could be exposed as well.

The hole was found by researchers at Exodus Intelligence which warned people might think the technology is safe because Snowden used it.

Tails launches from a DVD or USB stick and is designed to maintain privacy even when a computer or network has been hacked.

The I2P flaw will be fixed, in what a spokesman for the I2P project called the “near future.” In the meantime, he said, users should disable JavaScript.

Exodus is normally seen as one of the bad guys, working with one of a dozen or more companies known to sell secret security flaws to intelligence agencies and spooks. In this case, Exodus alerted I2P and Tails to the problem and said it would not divulge the details to customers until the problem has been fixed.