Tor Browser 7.0a4 is released (opens in new tab)

Read their FAQ:

There is absolutely no backdoor in Tor. We know some smart lawyers who say that it's unlikely that anybody will try to make us add one in our jurisdiction (U.S.). If they do ask us, we will fight them, and (the lawyers say) probably win.

We will never put a backdoor in Tor. We think that putting a backdoor in Tor would be tremendously irresponsible to our users, and a bad precedent for security software in general. If we ever put a deliberate backdoor in our security software, it would ruin our professional reputations. Nobody would trust our software ever again — for excellent reason!

But that said, there are still plenty of subtle attacks people might try. Somebody might impersonate us, or break into our computers, or something like that. Tor is open source, and you should always check the source (or at least the diffs since the last release) for suspicious things. If we (or the distributors) don't give you source, that's a sure sign something funny might be going on. You should also check the PGP signatures on the releases, to make sure nobody messed with the distribution sites.

Also, there might be accidental bugs in Tor that could affect your anonymity. We periodically find and fix anonymity-related bugs, so make sure you keep your Tor versions up-to-date.

https://www.torproject.org/docs/faq.html.en#Backdoor

1. Tor is open source. Any backdoor attempts in the source would require careful hiding. Shutting down the Tor Project would just result in someone else picking it up.

2. The US Navy funded (maybe still does) Tor. Tor is useful for western allies & spies

3. Many of the developers live in western nations. While western nations like the US do have intel agencies who are interested in messing with Tor, it doesn't seem to have gotten to the point of shutting down the Tor Project or directly attacking their infrastructure much if at all, especially since Tor benefits the military as well.

selfrando contributor here. it is correct that selfrando is intended as an improvement over ASLR by randomizing code at the function level (vs. module level). this improves resilience to information leaks somewhat, but with mitigations like these, there are no silver bullets.

selfrando github repo: https://github.com/immunant/selfrando feel free to open an issue or write us at team@immunant.com

cheers!

I recommend reading the linked blog post about it. [0]

[0] https://blog.torproject.org/blog/selfrando-q-and-georg-koppe...

There is also a research paper [1] and accompanying video [2].

[1] https://people.torproject.org/~gk/misc/Selfrando-Tor-Browser...

[2] https://www.youtube.com/watch?v=IikpczzNyas

javascript:(function()%7Bvar%20currentURL%20%3D%20encodeURIComponent(window.location)%3Bwindow.location%20%3D%20%60https%3A%2F%2Fread.feedly.com%2Fhtml%3Furl%3D%24%7BcurrentURL%7D%26theme%3Dwhite%26size%3Dsmall%60%7D)())

bookmarklet code to do that for you on any web page not sure how to format this better

not over 40 yet BUT I do love readability-enhancements like this :D

* use Firefox 'Reader View'; OR

* use this outline.com bookmarklet

  javascript:(function()%7Bwindow.location.href%20%3D%20'https%3A%2F%2Foutline.com%2F'%20%2B%20window.location.href%7D)()

Could be a while.