[mikeash]

It's well known that Tor is vulnerable to traffic analysis by an adversary that can basically monitor the entire internet. In the past, this was considered impractical, but now we know the NSA does something like this. Since this is inherent in its design, that means it doesn't really matter if it's funded by the US government, because they don't even need to weaken it in the first place.

Not to say that funding diversity wouldn't be a good thing, but there's no particular reason to think Tor is broken any more than is already known because of where the money currently comes from.

[antocv]

What about I2P?

[wongarsu]

I2P claims to try to defend against large scale traffic analysis, but they are a underfunded project with few contributors. There was some mention of implementing cover traffic which would solve the issue (at the cost of massively increasing traffic), but I don't think that's happened yet.

[throwaway7767]

I2P, being fully decentralised, is also very vulnerable to a sybil attack. Join thousands of nodes to the network, wait until you are strategically placed, then follow the traffic streams routed through your nodes.

Of course, sybil attacks are a concern in any open network. In theory the tor directory authorities are able to deny new nodes so they have some recourse, but in practice if you stagger your new nodes you can still infiltrate the network. :/

The fact is, anonymity systems are a hard and unsolved problem. That's not due to the source of the funding. We take what we get.