There is absolutely no backdoor in Tor. We know some smart lawyers who say that it's unlikely that anybody will try to make us add one in our jurisdiction (U.S.). If they do ask us, we will fight them, and (the lawyers say) probably win.
We will never put a backdoor in Tor. We think that putting a backdoor in Tor would be tremendously irresponsible to our users, and a bad precedent for security software in general. If we ever put a deliberate backdoor in our security software, it would ruin our professional reputations. Nobody would trust our software ever again — for excellent reason!
But that said, there are still plenty of subtle attacks people might try. Somebody might impersonate us, or break into our computers, or something like that. Tor is open source, and you should always check the source (or at least the diffs since the last release) for suspicious things. If we (or the distributors) don't give you source, that's a sure sign something funny might be going on. You should also check the PGP signatures on the releases, to make sure nobody messed with the distribution sites.
Also, there might be accidental bugs in Tor that could affect your anonymity. We periodically find and fix anonymity-related bugs, so make sure you keep your Tor versions up-to-date.
1. Tor is open source. Any backdoor attempts in the source would require careful hiding. Shutting down the Tor Project would just result in someone else picking it up.
2. The US Navy funded (maybe still does) Tor. Tor is useful for western allies & spies
3. Many of the developers live in western nations. While western nations like the US do have intel agencies who are interested in messing with Tor, it doesn't seem to have gotten to the point of shutting down the Tor Project or directly attacking their infrastructure much if at all, especially since Tor benefits the military as well.
selfrando contributor here. it is correct that selfrando is intended as an improvement over ASLR by randomizing code at the function level (vs. module level). this improves resilience to information leaks somewhat, but with mitigations like these, there are no silver bullets.
i think it's ASLR with more entropy by skimming through the paper, but most exploits have read primitives or infoleaks anyways so i don't see how more entropy affects them. If i am right it protects against attackers guessing the ASLR slide, but that's very unreliable and no FBI grade exploit should ever do that.
See "Real-world Exploits against the Tor Browser" pages 9-10 where they conclude,
> The reason is that these function pointers are
only accessed through an indirection layer, i.e., memory
objects on the heap contain a pointer to a virtual table
which is located in the code or data section of the application and contains a number of pointers to virtual
functions. Since the attackers can only disclose the virtual table pointer, but not the virtual table itself, as it is
not on the heap, they cannot disclose gadget addresses.
Note that, when only ASLR is applied, the address of
the virtual table is randomized with the same offset as
the ROP gadgets. Therefore, such an attack can bypass
ASLR but not selfrando.
> We therefore conclude that selfrando can thwart most real-world exploits. Attackers can only succeed in
rare cases where they can disclose the complete heap
and data section.