It gets my goat that people think it’s a good option. There are plenty of articles explaining some of the many issues with it, but a few are:
- It’s run by anti-LGBTQ+ crypto bros.
- It has ads right out of the box.
- It collected donations towards people who never signed up for them - then held them to ransom in exchange for the kind of information you should never share on the Internet.
- They’re a for-profit advertising company. “Privacy-centric” my elbow.
I thought people gave up on Tor years ago when it was revealed that it wasnt as anonymous as people expected due to the number of entry and exit nodes controlled by governments and spy agencies.
The NSA wasn’t able to break Tor fundamentally, even with spanning numerous exit nodes to intercept traffic, and high-scale traffic correlation between enter and exit nodes
https://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption
Do we trust a 12 year old article sourced from the government to be honest about current/past capabilities? Genuinely asking.
This question is unironically very deep. As it’s privacy we’re talking, you decide what to trust on your own.
My understanding is that Tor provides anonymity for my threat model (ad-tech corporations).
But trust need to be placed somewhere. Do we trust Mozilla? All their emploees? Do we trust OSS? Does anybody actually review open-source code? What about supply chain attacks?
I am, a nobody, was personally invited to a Contagious Interview (a person, pretending to be a client for consulting was trying to place a rootkit on my machine via GitHub repo).
What about AI-assistet coding that actively tries to eliminate security gates?