Legality aside, I'm surprised this wasn't pulled on ethical grounds. Does Black Hat not require "researchers" to follow responsible/coordinated disclosure?
What about the political dissidents who use Tor? They could be at risk of certain death if caught by the authoritarian regimes they live under. Without coordinated disclosure, the "researchers" might as well have been signing death warrants.
Black Hat is a venue for presenting research. They don't influence the procedures used by researchers at all. And the Black Hat review board is not stuffed full of people who buy into "responsible disclosure".
In fact: I'm not aware of a vulnerability research conference that does get nosy about this stuff. I even reviewed for Usenix WOOT one year, and we didn't vet research for "coordinated disclosure". Not even Usenix works the way you want BH to.
What about the political dissidents who use Tor? They could be at risk of certain death if caught by the authoritarian regimes they live under. Without coordinated disclosure, the "researchers" might as well have been signing death warrants.