“nvidia unhackable driver”
I would argue you would want people testing your security, to make sure it actually works. That’s why Tor is public.
To stay on topic. TBH, most of Tor’s “issues” aren’t really Tor, the protocol (onion routing), issues, but user errors and the modern bloated web issues. If you are using sites you trust (basically like alphabet boys do), it should be fine, but when you don’t trust the sites you browse and you keep JS enabled, you always risk hitting a honeypot or a malicious website and get in trouble for no good reason other than curiosity.
Obscurity vs obfuscation
It has a bad name for a good reason. Just because you run Telnet on port 22 (SSH port) or an unencrypted website on port 443, that doesn’t make those protocols secure or even hidden, you can see the unencrypted traffic. And arguably this is somewhat better than doing what some people do and run insecure protocols, like RDP, on an ephemeral port (this can get discovered within minutes and you can see failed login attempts in the logs). But still, it’s not secure.
I think the term you are looking for is Obfuscation. Obscurity and Obfuscation are sometimes used interchangeably, but they are not quite the same (and no, I’m not “akhshually” you). In a dictionary, obfuscation means “hiding the truth behind complicated sounding words” (basically what politicians and lawyers do), while obscurity means “hard to see or rare.” In IT, obscurity has the meaning of “hiding in plain sight,” like the aforementioned usage of insecure protocols on well-known ports of secure protocols or on ephemeral ports, while obfuscation means “blending with something else.”
To give some examples of obfuscation, there are some privacy tactics that use obfuscation, like Ad Nauseam and TrackMeNot. Ad Nauseam is an ad clicker, as opposed to a mere ad blocker. It does hide ads from a webpage, but it also registers a click on every ad that gets blocked. The content doesn’t get loaded on your machine, but the ad servers will see a registered click. That way, your real preferences will get hidden in plain sight, with no real ability for profiling you, because you “like everything” and “click on everything.” TrackMeNot works in a similar fashion. The obfuscation part comes by doing random search queries on major web searches at random intervals, so your real preferences get hidden (like it searching for “dog food” for you, but you don’t have a dog). That way, your real queries are hidden among a sea of useless garbage queries, with not much one can do to profile you.
In the years, there might have been updates to search engines and ad networks to prevent these kinds of tampering, not sure if those browser extensions got updated to counteract them though (simple things like having to click a link in your search engine query would show which were the real and which were fake queries, so TrackMeNot would need to also send a fake click on links too, just as an example, not sure what is happening behind those, because I’m not using them anymore).
Onion vs garlic obfuscation
This gets into the obfuscation of onion routing and garlic routing. Both onion and garlic routing work by creating virtual tunnels that your traffic has to go through. In onion land, obfuscation comes from the fact that all users’ traffic goes through certain nodes and get mangled together, so you don’t know which request comes from where. With Tor, it gets a little sketchy when a powerful actor can launch many nodes and monitor the traffic, because onion routing is vulnerable to timing analysis (basically monitoring the metadata, so one can guess with a pretty good accuracy that a certain computer made a connection to another computer when you control a part of the tunnel and especially when you also control a honeypot). Garlic routing obfuscates traffic by combining multiple users’ packets (“cloves”) into a single bigger packet (“garlic”). When there is not enough traffic to make a whole “garlic,” from what I recall, additional junk is added to hide the real size, making timing and traffic analysis exponentially harder to do, if not impossible. Bonus point for garlic is that every user is a node (router) and the tunnels are short-lived, so traffic can go anywhere and you can’t guess which user goes where or if one goes anywhere at all and is not just traffic from other users.
Garlic routing suffers from the same web 2.0 issues that onion routing does, so a user can be deanonymized through malicious fingerprinting code (JS) and through user habit and speech (unless you only live inside the darkweb and you don’t have a persona on the clearnet - or if you did have one in the past, you used different enough speech and patterns to not be recognizable, not to mention not using the same usernames).
Anyway, the original point, which I deviated from, was that obscurity is garbage when it comes to security, obfuscation has its benefits in regards to privacy, but privacy cannot exist without security and people could use a good amount of both.