One thing I haven't seen mentioned elsewhere is that it looks like aaronsw was running tor2web.org, as it has the same IP and is running in the same Linode instance as aaronsw.com and at least two of his other projects, blogspace.com and jottit.com.
Tor2web is an interestingly risky service all by itself, being the only public interface into Tor hidden services. And the Wikileaks submission system at least in 2010 was running on a Tor hidden service (http://suw74isz7wqzpmgu.onion/ at the time accessible as https://suw74isz7wqzpmgu.tor2web.org/).
While the sniffing could've happened on any exit router, tor2web.org would present an interesting extension of that capability.
One thing I haven't seen mentioned elsewhere is that it looks like aaronsw was running tor2web.org, as it has the same IP and is running in the same Linode instance as aaronsw.com and at least two of his other projects, blogspace.com and jottit.com.
Tor2web is an interestingly risky service all by itself, being the only public interface into Tor hidden services. And the Wikileaks submission system at least in 2010 was running on a Tor hidden service (http://suw74isz7wqzpmgu.onion/ at the time accessible as https://suw74isz7wqzpmgu.tor2web.org/).
While the sniffing could've happened on any exit router, tor2web.org would present an interesting extension of that capability.