Tor/Mozilla still haven't gotten the FBI to reveal how their pulled of their most recent Tor attack have they (not the CMU one, but the kiddy-fiddlers one).
Many have put forth those users were using flash, plugins or were convinced to download and execute something, but we don't know do we? And until developers do, the Tor Browser bundle could have a vulnerability that could compromise its main purpose.
It wouldn't be particular hard to sandbox Tor Browser on Linux and use namespaces such that the browser itself has limited ability to fingerprint its host or learn its host's IP.
> Surely text-mode gopher would also be more secure?
I guess early nineties, late 80ies network C code is wonderful for security! On the plus side it let's less to audit. And you rewrite it in a secure language.
Many have put forth those users were using flash, plugins or were convinced to download and execute something, but we don't know do we? And until developers do, the Tor Browser bundle could have a vulnerability that could compromise its main purpose.