Hi, I am a long-time cybersecurity researcher and Tor-user. I have also used Linux for a few years, and have studied various topics such as cybersecurity, networking, opsec, and similar topics.
I became made aware of information implicating various rich people and people in government, in criminal activity, and became a whistleblower, using Tor to leak plain-text (non-documents, just text) whistle-blowing information to various entities, in order to safeguard the public.
I used a brand-new laptop, fully firmware updated, running on Linux, with a firewall, on public wifi, with a "no-log" VPN (paid via Monero).
I ensured my screen wasn't on camera, so the only way I could have been identified, was via a Tor compromise (backdoor, trace such as via big-data analysis via tracking all Tor relay connections and providing correlations via timing analysis using AI/super computers., or both).
So, because my information was non-specific to me, (I wasn't one of a few people aware of the information), and my whistleblowing was done using plain-text (not documents, with metadata), and I also modified my writing style to specifically avoid stylometric analysis, used a decent operating system (linux), with a VPN to add an additional protection for my source (original) IP, on public wifi (rather than connecting from my house), my analysis concludes that the only way to identify me, as the whistleblower, was via a technical Tor compromise, such as a backdoor, (most likely due to a bribe from the rich criminals, bribing a Tor developer), or a deep intelligence agency backed timing correlation, which is also logical because the criminals were both rich civilians, and government agents.
Because of my technical OPSEC, and use of Public wifi, I believe strongly that Tor was, or is currently, deeply compromised, de-anonymizable, and traceable, in some way.
Even using public wifi, I could have been seen on nearby security cameras, coming to or going from the area where I used public wifi, indicating high-level governmental involvement in my survived assassination attempt, (I got poisoned, with a rare toxin, which was confirmed with a 3rd party lab-test, and also dodged two gunmen while taking a nap in my car, in a very low-crime, safe neighborhood.) which tracks with me analysis of the criminally responsible, which I was whistle-blowing on.
Therefore, I henceforth conclude, based upon my experiences, that Tor is compromised, deeply. Direct deanonymization. Thus, in order to fix Tor, if it is possible, we, as a community, must deeply analize Tor's source code, of both the Tor Browser, and Tor Network software code, crypto analysis, etc.
We should also act as if Tor is compromised currently, and use Tor only from public wifi, wifi not linked to our identity, such as Phone data, or home WIFI connection. Be sure your screen ins't on camera, even with reflections. Preferably, turn off your cellphone to prevent keystroke analysis via audio capture.
Together, we can fix Tor, together, we can audit Tor with security analysis, and patch the backdoors, and add additional timing correlation resistances, such as via random timing delays between relay connections. Tor should be considered as fully compromised at this time. Someone, somewhere, was able to trace me exact source IP, from Public WIFI , to a VPN , through Tor, and back).
I care deeply about every Tor user, as each user, when the network is working correctly, increases the anonymity of Tor. We all have shared values.
Please use caution when using Tor, please audit and re-secure Tor.
I risked my life to try to save others, and nearly got assassinated, that means every Tor user is also vulnerable to the same technical compromise. Please help to re-secure Tor. Start a group-fund to pay a cybersecurity company to audit Tors full source code of browser and relay networking code, audit the code yourself, use caution when using Tor now.
Thank you.