image transcription:
a YouTube screenshot of a community post, which is a meme regarding incognito mode. it has two panels with an animated figure(person) and chrome logo (chrome) with limbs. in first panel, chrome is asking “which website would you line to see?”, to which the person replies " I don’t want you to know. " in second panel, chrome has become a ventriloquist, holding a masked muppet with sunglasses and a fedora(symbol for incognito on chrome). it is asking the person “what about telling Mr. incognito?”, to which the person joyfully replies “okay.”
the screenshot has a main comment with several replies. the main comment(by Paula_Amato) reads, “And then there’s Tor browser e CD Catching my brother Scrolling through Tor was the second worst secret I know about him… The first is the website he was using.”
replies to the comment:
[30 Pranay Pawar • 1 day ago] May God bless and have mercy on the bro’s life. I would knock myself out for eternity if anybody i know found that out too.
[FArid ch. • 1 day ago] what onion website your brother access… out of curiosity
[Griffin McKenzie • 1 day ago (edited)] Tor is literally just a browser like any other but better.
It’s open source, anybody can audit the code. Everybody can keep secret what they found and sell it.
It’s very likely that more than a single person would find an issue…
The NSA uses TOR themselves. Why would they even want it to be insecure?
I’m not speaking of this project in particular.
Just saying, just because something is open source doesn’t mean it has no vulnerability or backdoor in it’s code.
There is plenty of example of vulnerabilities that existed for years in major open source projects. And there is definitely people that discover some zero day and straight up sell them and stay quiet.
If you look at some of the businesses in the market of zero day vulns you can see what they offer for good vulns.
Who cares if the NSA uses it. Or if they say they use it. They gain nothing in saying they use a specific product. But that’s a good way to encourage others to use it. I certainly wouldn’t trust the NSA on anything they say publicly.
You can backdoor a product just for you and still release it so other people you might be interested in will give you cool data. In cryptography this is not really an issue to have backdoors that only some people can use.