On July 31, 2013, Jason Geffner of CrowdStrike discussed a new tool called “Tortilla” that allows incident responders and computer security researchers to hide behind the Tor network as they poke and prod malicious software infrastructure. Were I there, I would have asked Jason this question: What things should I not do while using Tortilla, and why shouldn’t I do them? I know Jason and respect his technical skills, but if he and CrowdStrike don’t have a good answer, that will say a lot about our field’s collective ability to reason about actions along the Active Response Continuum.