Ugh. FWIW: we agree. That FAQ answer was rewritten, and it failed to go on the website.
Here is the updated text that was written a couple nights ago by one of the people who helped design the protocol with me after being confused by the answer on the website.
> Yes. Our initial release targets China as the adversary, which is a more tractable problem. We may implment full Chaumian mixes in the future (which are immune to metadata/traffic analysis), but they are unlikely to be complete for our first public release.
Would you consider changing "China" to something like "Chinese government"? Or, if I'm understanding it correctly, maybe something like "Our initial release operates with a threat model of an authoritarian government's internet censorship, such as those seen in China, Turkey, or Russia."
Also, from the FAQ:
>Can't NSA just hack into this too?
>No. Because of its fully decentralized approach, distributed architecture, and the size of the global network, Orchid cannot be easily hacked by any single government or entity.
That's not really a satisfactory answer. First, it doesn't answer the question. The question was not "can NSA easily hack into this." And I don't think the NSA is necessarily deterred by something being not easy. The bar needs to be higher than not easy, even if "not easy" is a polite understatement. Also relying on the size of the network means there is a bootstrapping problem, right? Hopefully they will get there.
This doesn't mean the system is bad... I'm just saying the FAQ answer is bad.
On the positive side, given the cred of some of the people involved (saurik!) I am optimistic this may well have a shot at working.