Great security analysis of promises-to-make-bittorrent-anonymous app Tribler

TLDR: Do not use this if your threat model includes active attackers,
adversaries versed in cryptography, those with lots of money, or if you
wish to be anonymous.

Many problems come from using sources of "random" numbers that are pseudorandom (ie. not really random) and inappropriate (dangerous!) for cryptographic use.

Most of the fixes require major revisions to the wire protocol.
As it appears that there is no versioning, how that will be done is
left as an exercise for the student.

A junior developer worth his laptop shouldn't create a protocol (or an API!) without versioning. One wonders about the thought process of the development team.

Hat tip to MadBitcoins for the link.