Shari Steele is resigning her position as the director of the Tor Project, according to a report by Cyberscoop. Steele will remain director through December 31st, and the search for her replacement is still underway.
[...] For many, Steele's directorship, which started in December 2015, signaled a sea change within the organization and shifted Tor towards being more inclusive and community focused.
[...] "I had intended to retire after my time with EFF, but I believed strongly in the Tor Project's mission, and I felt I could help," Steele wrote in a blog post after the news broke. "I look at the Tor Project organization today and feel quite confident that we've got the talent and the structure to continue to support the organization's great work."
Source: The Verge
(Score: 2, Interesting) by Anonymous Coward on Saturday February 24 2018, @10:10AM
Resulted in the entire board resigning. The replacement board included Steele as well as Bruce Schneier and a few other 'reputable' members of the security community.
However as I've recently discovered during a spate of security issues with I2P, Tor's outproxies number only a few thousand. Its number of relay nodes may number a few thousand more, but if you use TBB and look at your 'Tor circuit for this site' you will notice a *LOT* of the same tunnels popping up.
At least one or two people involved provided, on good authority, that passive traffic analysis has rendered Tor compromised for at least the past 5 years, rendering the prospect of parallel construction to knock off darknet markets as probable as the simple incompetence claimed by enforcement authorities.
I2P on the other hand is sitting on 80 million worth of BTC under the control of eche|0n with no major development having occurred in 5+ years, and a concerning series of security exploits plus 28 percent node compromise Sybil attacks being not only probable, but tested by a member of the community.
At this point in time, Tor is still useful for keeping corporations from tracking you. But hidden services and clearnet browsing history should be assumed within the capabilities if not actively being recorded by 5 eyes related groups.
At this point in time the options are a fresh I2P implementation (both the java and c++ ones, as well as the crypto libraries in use having a variety of known flaws, some resolved, some inherent to their designs), a new network based off the dissent'/riffle style cipher/protocols, or a new protocol combining fixed timing/bandwidth tunnels with some way of authenticating the reliability and connectivity of other peers on the network to watch for indications of sybil attacks.