Comment by morkalork
2 days ago
Is the trade off here having more secure code in exchange for added complexity/difficulty? This is a real question, has the Tor code itself been exploited by bad actors before? All the incedences I've seen in the news were some other software running over tor that would be exploited to phone home or give up user data.
It seems they worry about it, which I can understand. But now with Rust I worry about about new logic bugs, supply chain issues, and lack of proper security updates.
Well, given that this has been going on for years, you can already start to empirically evaluate that question.
> (So far, it's a not-very-complete client. But watch this space!)
9 replies →