The to date scariest thing I found out about Monero is that the people behind Monero host cryptographic tools that are only crypto theater. For years. And without an issue tracker, people taking Monero devs seriously will inevitably fall for the temptation to use these tools.
https://github.com/monero-project/urs promises:
"URS can be used to sign plaintext or binaries anonymously (among a group of known users). That is a user can sign a message, hiding among a group of known/registered users, that prevents the verifier from revealing the signer's identity other than knowing that it is in the set of registered users."
7 years ago, these claims were found to be false and the Monero devs never removed this repository or marked it as dangerous?
Let me see if I get what you're saying.
The Monero devs created a crypto tool to communicate anonymously with other Monero users. But the tool doesn't work properly. It's not actually anonymous. And they didn't announce this on the repository. So uninformed users may have been compromising their own privacy over the past 7 years by using the tool which been known to be broken all this time.
Is that correct?
Almost. The tool is a library, so I don't know what they did or intended to use it for but it can be used for that.
