Yes, but I'm not sure that justifies the end conclusion:
1. Do we actually know Iran spends $500MM on vulnerability research? What about Belarus?
2. Suppose they do. So they have zero-day exploits, sure. IIUC, you need MITM capabilities to execute an attack on tor like the NSA did. This sounds costly, and I'm not sure it can be outsourced like buying zero-days. It also requires, ummm, "being on good terms" with telcos, backbone providers etc., which I'm not sure Iran is.
So I'm not saying it's inconceivable that Iran can attack tor users, but the opposite also sounds plausible.
1. Do we actually know Iran spends $500MM on vulnerability research? What about Belarus?
2. Suppose they do. So they have zero-day exploits, sure. IIUC, you need MITM capabilities to execute an attack on tor like the NSA did. This sounds costly, and I'm not sure it can be outsourced like buying zero-days. It also requires, ummm, "being on good terms" with telcos, backbone providers etc., which I'm not sure Iran is.
So I'm not saying it's inconceivable that Iran can attack tor users, but the opposite also sounds plausible.