Tor has known limitations. Pretending like all communication channels with limitations are equal is like saying X minus Y always equals five.

This wouldn't even have resulted in the catching of the person in question, due to the use of an Onion Service, your link referring to the guy downgrading HTTPS on bitcoin exchanges. Hacker News users have surprisingly little comprehension of just what Tor is, so much so that I made an account here just now. Lurkers, please read:

Tor is a powerful tool for increasing the privacy of its users, though it is worth noting that it prioritizes performance over privacy. Tor's threat model does not include global adversaries, particularly those who can access traffic metadata for large numbers of ISPs- though, hidden services do fare significantly better than your usual clearnet services, usually requiring DoS attacks to deanonymize their hosts, and protecting their users especially. But note that Tor is not a mix network- it does not provide mathematically provable anonymity against a global passive adversary, unlike systems such as Loopix. See from this paper describing Tor in 2004, and consider reading the whole thing for a better understanding of Tor: https://www.usenix.org/legacy/publications/library/proceedin...

Tor's Threat Model "A global passive adversary is the most commonly assumed threat when analyzing theoretical anonymity designs. But like all practical low-latency systems, Tor does not protect against such a strong adversary. Instead, we assume an adversary who can observe some fraction of network traffic; who can generate, modify, delete, or delay traffic; who can operate onion routers of his own; and who can compromise some fraction of the onion routers. In low-latency anonymity systems that use layered encryption, the adversary’s typical goal is to observe both the initiator and the responder. By observing both ends, passive attackers can confirm a suspicion that Alice is talking to Bob if the timing and volume patterns of the traffic on the connection are distinct enough; active attackers can induce timing signatures on the traffic to force distinct patterns. Rather than focusing on these traffic confirmation attacks, we aim to prevent traffic analysis attacks, where the adversary uses traffic patterns to learn which points in the network he should attack. Our adversary might try to link an initiator Alice with her communication partners, or try to build a profile of Alice’s behavior. He might mount passive attacks by observing the network edges and correlating traffic entering and leaving the network by relationships in packet timing, volume, or externally visible user-selected options. The adversary can also mount active attacks by compromising routers or keys; by replaying traffic; by selectively denying service to trustworthy routers to move users to compromised routers, or denying service to users to see if traffic elsewhere in the network stops; or by introducing patterns into traffic that can later be detected. The adversary might subvert the directory servers to give users differing views of network state. Additionally, he can try to decrease the network’s reliability by attacking nodes or by performing antisocial activities from reliable nodes and trying to get them taken down—making the network unreliable flushes users to other less anonymous systems, where they may be easier to attack."

Tor increases the costs to uncover your identity, especially so in the context of a hidden service, which the entity in question (Protonmail) actually does offer to users. Perfection is the enemy of the good- Tor is not built to deal with global adversaries unlike a mix network, but surely any increase in privacy is a good thing, no? You do not complain that your wrench does not serve the purpose of a hammer quite as well as a hammer might- you either put some more energy into it, or you buy a hammer.

I vouched for this, because I don't understand why this was dead and I would like to hear some other opinions.

It's dead either because my account is new, or because I mentioned a mix network.

And yet, confirmation attacks and traffic shaping by global adversaries are where the actual design flaws lie, inherent to any 'low-latency' (read: performance trumps privacy) anonymizing network, and you know that. Even efforts such as the Invisible Internet Project (I2P) which pile on tactic after tactic to improve upon this, but are too scared to delve in outright mixing traffic, are vulnerable to traffic confirmation attacks.

So now you're asserting that the binaries are backdoored, or built from something other than the published source.

Again, provide evidence or stop spreading FUD.

Don’t those binaries come with signatures you can verify? People in the community would notice if building from source produced different signatures than the binaries provided directly by torproject

In practice the USG would not distribute malevolent binaries everywhere, but could target them to particular IP- and time-ranges.

Downloading Tor from a particular IP in Iran? We'll add a little something extra...

Or maybe you're a US citizen with a set of known IPs on a "watchlist".

The USG does not operate or control the Tor Project’s servers.