| ▲ | memoriyato3 4 days ago | |
technically you could audit your local copy of tor source code, build it, and then never upgrade it. still this wouldn't guarantee that all the other nodes are not compromised | ||
| ▲ | bloppe 3 days ago | parent [-] | |
You could also audit the JavaScript / Wasm that's running in your browser. In fact, a security-focused e2e application might want to purposely keep all client-side code un-minified and highly readable for this very purpose, but decompilers and LLMs could provide reasonable auditability regardless | ||