| The Tor Browser folks have talked about this a little bit under https://blog.torproject.org/category/tags/chrome although I'm not sure if there's been a big recent summary on this. One way to put it, akin to things other people have said in this thread, is that Chromium is tougher to customize, less cooperative upstream, and somewhat worse for specific technical user-tracking issues. Tor folks are very, very worried about cross-site and cross-session linkability attacks and tend to put a lot of technical effort into mitigating those. tptacek's point in the other thread (that you're quoting) is about exploit mitigation, where Chromium is doing better, partly because they hired a lot of super-great people to work primarily on that (and also are paying pretty big bounties), and also because their architecture makes it easier in the first place. So the Tor Browser work has focused a lot on stopping sites from recognizing you, while they're not working as hard or doing as well on stopping sites from hacking you, which they might then use to deanonymize you by making you send clearnet traffic, or even to exfiltrate files from your computer. (Also, for visiting non-HTTPS clearnet sites over Tor, the exit nodes and their ISPs are in a position to perform these attacks.) The situation for SecureDrop instances might be safer than for other hidden services because they're probably more professionally run and carefully monitored, and use better-audited and simpler user-facing code, among other reasons, but then again this might not be true because they're also potentially exciting and interesting targets. |