Its not tor itself that was compromised but the version of Firefox bundled with the Tor browser bundle. They used a 0day to install a tracking cookie in FF.
Van: Djones Boni Verzonden: dinsdag 29 oktober 2013 11:09 Aan: debian-security@lists.debian.org On 29-10-2013 07:29, Nikolay Kubarelov wrote: I would use Tor hidden service instead of SSL. Tor is too slow and you must install additional software. A better idea is offer both SSL and a Tor Hidden Service. You choose which use. Do not forget Tor encryption is not considered secure anymore. On 29-10-2013 07:52, Tormen wrote: And then again: http://yro.slashdot.org/story/13/08/04/2054208/half-of-tor-sites-compromised-including-tormail ^^ Half of Tor Hidden Services are compromised. So Debian THS will be also compromised. I cannot see your point.
