image transcription:
a YouTube screenshot of a community post, which is a meme regarding incognito mode. it has two panels with an animated figure(person) and chrome logo (chrome) with limbs. in first panel, chrome is asking "which website would you line to see?", to which the person replies " I don't want you to know. " in second panel, chrome has become a ventriloquist, holding a masked muppet with sunglasses and a fedora(symbol for incognito on chrome). it is asking the person "what about telling Mr. incognito?", to which the person joyfully replies "okay."
the screenshot has a main comment with several replies. the main comment(by Paula_Amato) reads, "And then there's Tor browser e CD Catching my brother Scrolling through Tor was the second worst secret I know about him... The first is the website he was using."
replies to the comment:
[30 Pranay Pawar • 1 day ago] May God bless and have mercy on the bro's life. I would knock myself out for eternity if anybody i know found that out too.
[FArid ch. • 1 day ago] what onion website your brother access... out of curiosity
[Griffin McKenzie • 1 day ago (edited)] Tor is literally just a browser like any other but better.
Besides Tor was (initially) developed by the NSA. I would be surprised if there wasn't a government backdown
Thought it was the navy that did.
You’re correct
https://en.wikipedia.org/wiki/Tor_(network)?wprov=sfti1#HistorY
It's open source, if there was a back door it would have been found years ago.
It's open source, anybody can audit the code. Everybody can keep secret what they found and sell it.
It's very likely that more than a single person would find an issue...
The NSA uses TOR themselves. Why would they even want it to be insecure?
I'm not speaking of this project in particular.
Just saying, just because something is open source doesn't mean it has no vulnerability or backdoor in it's code.
There is plenty of example of vulnerabilities that existed for years in major open source projects. And there is definitely people that discover some zero day and straight up sell them and stay quiet.
If you look at some of the businesses in the market of zero day vulns you can see what they offer for good vulns.
Who cares if the NSA uses it. Or if they say they use it. They gain nothing in saying they use a specific product. But that's a good way to encourage others to use it. I certainly wouldn't trust the NSA on anything they say publicly.
You can backdoor a product just for you and still release it so other people you might be interested in will give you cool data. In cryptography this is not really an issue to have backdoors that only some people can use.
I'd argue its in their best interest for it to be as secure and widely used as possible. Can't have other govs peeking (every lock can be lockpicked yadda yadda) and can't have people instantly know its the US military when someone accesses Tor.
Exactly. And if you want to catch bad guys, you can build honeypot websites (or take over bad ones, like law enforcement did with several dark markets) and work on deanonimyzing visitors there.