Comment by morkalork

3 days ago

Is the trade off here having more secure code in exchange for added complexity/difficulty? This is a real question, has the Tor code itself been exploited by bad actors before? All the incedences I've seen in the news were some other software running over tor that would be exploited to phone home or give up user data.

12 comments

morkalork

uecker 3 days ago

It seems they worry about it, which I can understand. But now with Rust I worry about about new logic bugs, supply chain issues, and lack of proper security updates.

steveklabnik 3 days ago
Well, given that this has been going on for years, you can already start to empirically evaluate that question.
- yjdiquhf 3 days ago
  
  > (So far, it's a not-very-complete client. But watch this space!)
  
  9 replies →