"Although we are sad to see Andrew leave, Tor is entering an exciting period of growth. "
Why not stop at Andrew is leaving? The whole "exciting period of growth" thing feels tacked on and forced. Reminds me of the type of stuff managers say after a layoff.
He feels that there are so many great opportunities out there, but his is going to take some time to decide which one to focus on. The timing just felt right.
If you assume that there actually is no issue at Tor, how would the message be different? This could just be that the top guy is leaving, and this is their way of reassuring that it's still business as usual, and everything _isn't_ falling apart.
Of course that's the sort of message that you write if it is falling apart as well, so I guess this is basically a contentless press release on that part.
But it's not, is it? Unless there can be some proof of the said backdoor.
I don't get how a person - even though he is the Executive Director - moving on can co-relate to a "backdoor" in a project that puts all its code online and does deterministic builds.
I didn't know Tor had an Executive Director. Looking now at their staff list [0], I'm now unsure about how they have the money to support all these employees. All I see is a donate button.
It's well known that Tor is vulnerable to traffic analysis by an adversary that can basically monitor the entire internet. In the past, this was considered impractical, but now we know the NSA does something like this. Since this is inherent in its design, that means it doesn't really matter if it's funded by the US government, because they don't even need to weaken it in the first place.
Not to say that funding diversity wouldn't be a good thing, but there's no particular reason to think Tor is broken any more than is already known because of where the money currently comes from.
I2P claims to try to defend against large scale traffic analysis, but they are a underfunded project with few contributors. There was some mention of implementing cover traffic which would solve the issue (at the cost of massively increasing traffic), but I don't think that's happened yet.
I2P, being fully decentralised, is also very vulnerable to a sybil attack. Join thousands of nodes to the network, wait until you are strategically placed, then follow the traffic streams routed through your nodes.
Of course, sybil attacks are a concern in any open network. In theory the tor directory authorities are able to deny new nodes so they have some recourse, but in practice if you stagger your new nodes you can still infiltrate the network. :/
The fact is, anonymity systems are a hard and unsolved problem. That's not due to the source of the funding. We take what we get.
Also Tor Project is available on http://smile.amazon.com and almost every purchase you make they will receive 0.5% of the total as long as you make it through the smile subdomain.
Please, if you have to paste something, at least don't paste the absolutely ludicrous Pando article, which has been debunked many many times. It does nothing but say that Tor is compromised just because it was funded by the government.
It's a 501(c)(3) organisation so you should be able to see for yourself. I'm not a USian so don't know how to pull them out, would be very interested to know.
TOR has never been "secure". Everyone running an exit-node can intercept all communications going through that node, and since everyone can run an exit-node... So, you always had to take care that you use encryption when using TOR. In Terms of anonymity though TOR seems still to bug NSA and the likes.
I rather like the idea that someone from Tor is going to be working at an ISP. If everyone who worked at ISPs shared ideals with the Tor project, perhaps the Internet would be a better place.
Why not stop at Andrew is leaving? The whole "exciting period of growth" thing feels tacked on and forced. Reminds me of the type of stuff managers say after a layoff.