“Tallow is not a complete strong anonymity solution.
Tallow makes no attempt to anonymize the content sent through the Tor network. This content may de-anonymize you. For example, logging into GMail via Tor will de-anonymize you, since you are the only person who knows the password to your account!”
I'm annoyed by the phrasing here, specifically that this is phrased as a drawback of using Tallow. This isn't anything specific to Tallow, it's specific to Tor, and it's also not a vulnerability, it's just how Tor works.
I think it should be phrased differently, and point out that if Alice goes through the best onion routing in the world, she will still reveal her identity if she opens "Alice's Lockbox" on the other end of the connection, assuming she's the only one with the key. She'll also reveal her identity by the time she's actively using the "Lockbox", if you compare it to activity coming from Alice's house to the onion router. All of these are known "vulnerabilities" in Tor, which aren't really vulnerabilities, just things you need to understand before using it.
Tallow makes no attempt to anonymize the content sent through the Tor network. This content may de-anonymize you. For example, logging into GMail via Tor will de-anonymize you, since you are the only person who knows the password to your account!”