There's only been like 3 times mainly that have been found out about publicly at least
OnionDuke Malware (2014)
Operation Onymous (2014)
Tor Exit Node Malware Campaign (2020)
So it can happen but doesn't happen often and the people who pull it off usually have virtually unlimited funding to do it. For the common person its still safer than rawdogging the internet
That excerpt still says it was deployed to all the businesses listed above it, though. So yes it was being used however those businesses used it.
And yes closed source components are inescapable (and also a potential threat) unless you use something that is GNU certified and I don't even think a lot of them can even run the current version of Tails but I havent researched it in awhile. Maybe could run Tor browser though but if my memory serves correctly even stuff that is GNU certified has some proprietary hardware in it.
But no, the irrationality here would be saying "because something is open source you should trust it automatically and ask no questions about it" which of course isn't what you said but you implied that because something is open source its automatically to be trusted. And that's not true.
I never said not to use TOR or implied that, I said (and you can look back at my comments and see) that just because something is open source doesn't automatically mean it is safe and trustworthy. And I don't think its irrational to say that.
This was all in response to someone pointing out that depending on what the person is using TOR for they should do more research about it and educate themselves on security of using it which is true.
Never just see open source and assume complete safety or trustworthiness. Which is something people who have never used TOR do all the time and why you see the points I made being brought up around the conversation constantly.
Open source doesn't guarantee complete safety, you should still take other steps in addition to using open source to better enhance your privacy and security. TOR is great and I think OP and others interested should use it, but you should never blindly trust something just because it is open source and used a lot. Vulnerabilities can happen all the time, if they didn't Tails wouldn't ever need updated at all.
Alternatives (that I wouldn't really recommend) do exist and since you mentioned how none were mentioned the two that come to mind first is i2p and Whonix although Whonix uses Tor routing but is an alternative to Tails I guess. Still wouldn't recommend them over Tails though.
The algorithm has been included in the code libraries and software of major vendors and industry bodies, including Microsoft, Cisco Systems, RSA, Juniper, RIM for Blackberry, OpenSSL, McAfee, Samsung, Symantec, and Thales, according to Nist documentation, external.
Whether the software of these organisations was secure depended on how the algorithm had been used, Cambridge University cryptographic expert Richard Clayton told the BBC.
I wouldn't say it didn't affect anyone. And the thing about stuff like this is that this is just what has been found there likely exist many other things like this that won't be found for a long time if it all.
OP should still use open source, to be clear I never said they shouldn't.
But your comment implied that because it is open source it automatically means that it is safe and trustworthy and that isn't true.
Obviously your security is much better on widely used open source software and programs than on proprietary stuff that isn't widely audited but it doesn't guarantee your safety and that's all I was pointing out.
Also to add to this, since the discussion is about TOR I think this line of conversation is even more warranted and not just some "ritualistic" thing like your edit on that original comment says. TOR is 80% funded directly by the State department.
Now, yes many talented software people are out there but the governments of the world have some of the best and it would be in all of their best interests not to disclose a vulnerability in something they could use against someone. You're either the USAs ally or someone that is against it, either of those options would make you not disclosing a vulnerability in your best interests.
So to automatically assume that software from a government that historically is against human and privacy rights is safe simply because it is open source is disingenuous.
That said, I still recommend TOR and I like it a lot. But I do not recommend trusting something simply because it is open source. Since this user wanted an in depth conversation on the topic I don't feel like its "ritualistic purity" to disclose all that I said above.
It isn't bad to be suspicious. If no one was, then open source wouldn't even matter because no one would be wary enough to check.
I'm reminded of the backdoor the NSA placed in OpenSSL.
I love open source everything, but open source doesn't just automatically mean "safer".
Because of good old propaganda. I know, its fucking bullshit.
Cops are badly out of control and weed should be allowed if someone chooses to do it but yes I agree that libertarianism is stupid.
"libertarians generally advocate for minimal government regulation, believing that businesses should operate freely and regulate themselves through voluntary exchange and competition. They argue that over-regulation can stifle innovation and economic growth."
So in my opinion, they are dumbasses. Yeah let's get the Nestles and Monsanto's of the world to regulate themselves. Honestly just unserious people with no critical thinking skills in my opinion.
Nah too busy causing more of the deranged work yourself to death mentality and widening the gap on wealth inequality more.
That'll get the folks to have more kids!
Even in other countries using something that is tested and proven for its no logs policy beats taking a stab in the dark and being hopeful that your ISP doesn't.
You said yourself you "bet" that ISPs in other countries don't do it but you don't know. Something like Mullvad has been proven not to keep logs which sounds a lot better than some dudes hunch.
But if you want to gamble with your privacy by all means do it but you shouldn't act like you know what you're talking about when you tell people to trust ISPs because you think if you're in a certain country they don't spy on you or sell your data.
https://www.pcmag.com/news/mullvad-vpn-hit-with-search-warrant-in-attempted-police-raid
Yeah you're right man the VPN that got raided and proven to keep no logs is the exact same as ATT that helped the NSA spy on everyone in the USA and has your credit card and address on file.
https://www.pbs.org/wgbh/frontline/article/how-att-helped-the-nsa-spy-on-millions/
Sure something like NordVPN wouldn't be trustworthy but come on, saying all VPNs are just as trustworthy as ISPs is absolutely insane
Wasn't Mullvad famously raided and found to keep no logs?
I'd sure trust that more than any ISP in UK or USA and I think you would be crazy not to as well.
One has a proven track record, the others undoubtedly do it and have been known to do it and tell you they do it.
It frustrates me to no end that people can't understand that truth.
Even with TOR and shit they say don't do that and I think that's wrong. Sure sure, fingerprinting or whatever. I believe there is a much more tangible risk of your ISP knowing that you are connecting to TOR in the first place especially in countries like UK and USA.
Sure if you lived in Belize or something where it doesn't matter it wouldn't be a big deal but living in those two countries and even like Canada and Germany automatically makes you a target for using it.
Out of those options or a VPN I pay anonymously with Monero or mail cash to I would consider that much, much safer than any ISP.
I encourage you to look up what Snowden said about ATT helping the NSA during Prism which is absolutely still ongoing.
In fact, here you go heres a small part of it https://www.pbs.org/wgbh/frontline/article/how-att-helped-the-nsa-spy-on-millions/
But sure keep preaching about how VPNs don't do anything and instead trust the companies that have direct interests to the governments they serve to stay in favor and that have your credit card and address on file. That is much more secure!
Not really but due to the current US administration I think Europe is realizing they need more of their own autonomy back. That's why Germany and others are switching to open source options and I'm so glad to see it.