IOTA is a distributed ledger technology. “Distributed” means that the ledger data are spread across numerous computers connected into a network. You, probably, know such phrase as “A system is more than the sum of its parts”. A system emerging from computers connected together possesses properties not seen in a single computer. IOTA as a system has such useful property: several computers may fail, but the others will keep working without problems. IOTA behaves as a single self-healing organism here. Unfortunately, self-healing stops at some point, for IOTA this happens after more than 1/3 of the computers fail. This is not unique to IOTA, other distributed ledger technologies (e.g. Bitcoin) have their threshold of collapse too.

These days IOTA is still small and this opens it to the following attack: an adversary joins IOTA with his computers which take more than 1/3 of IOTA’s body and then makes the computers fail thus triggering IOTA’s collapse. To counteract this attack we are running a set of computers called Coordinator which issues milestones published on IOTA’s tangle. Computers not belonging to an adversary rely on these milestones to detect faulty computers. In this setup IOTA can survive even if 99% of the computers fail.

IOTA is open-source software. In the world controlled by the state open-source software is protected with licenses, someone doing things not allowed by the license can be sued. Cryptocoin industry demonstrated to be very resistant to state regulations, this led to majority of the projects run in this industry to be oriented on scamming ordinary people. IOTA team welcomes attempts to use technology IOTA is based on. This helps IOTA because increases awareness and shows that Tangle is indeed a viable technology. Unfortunately, odds that copies of IOTA codebase will be used for good are very low. We can’t just watch an IOTA clone scamming people and ruining people lives and Tangle’s reputation. This is why a copy-protection mechanism was added from the very beginning.

To explain how the copy-protection works we should recall about existence of Coordinator. Coordinator acts as an ultimate oracle if any uncertainty about the current state of things in IOTA arise. Digital signatures are verified by every computer in IOTA network, if a signature passes the verification routine then it’s, PROBABLY, valid. To make sure that the signature is indeed valid the computer waits for the transaction containing the signature to be referenced by a milestone. This is a perfect place for placing the copy-protection mechanism. While everyone looks at signature verification routine the real verification happens in the routine updating milestones. This trick resembles a focus trick done by magicians on TV. It worked so perfectly, that Neha Narula’s team was fooled despite of me explaining the essence of the trick numerous times.

Now, when we know that all signatures must be endorsed by Coordinator before being accepted as valid, we can move to that part about Curl-P hashing function. Necessity to develop the function was justified. Trinary numeral system is getting off the ground now, today it’s mainly Artificial Neural Networks which already have specialized processing units in development. No doubt, that later we’ll see CPUs doing trinary computations. To avoid derailing my response I won’t be expanding this topic, IOTA blogposts contain all relevant information. Being the creator of Curl-P I knew its properties very well. I changed the number of rounds to allow practical collisions. With Coordinator IOTA’s security depends on one-wayness of Curl-P, without Coordinator the security depends on collision resistance. This is a very important part, it means that your phrase “the Iota development team deliberately introduced faults into the Iota codebase” is WRONG. IOTA is unaffected by collisions in Curl-P, scam-driven clones are.

To provide an answer to your “Are there any other deliberate defects in the Iota source code that have not been disclosed?” is not easy. I disagree with your choice of words (“defects”). If you put the same meaning as I do then my answer is: IOTA doesn’t nor didn’t have known defects. If you mean the copy-protection then my answer is: It’s not smart to answer this question, because in the case of the copy-protection being completely removed my honest answer won’t allow us to exploit uncertainty which may prevent scammers from cloning IOTA.

I think that you misunderstood the situation around Curl-P collisions, a lot of people did too and this is not surprising taking into account sensational tone of Neha Narula’s team blogpost where such boring issue as an intentionally added feature inflated to “The end is near” problem.

I kindly ask you to paraphrase your question extending it to the point where even my little English will allow to get it 100% correctly.
(https://www.reddit.com/r/Iota/comments/6yzm9g/integrity_question_for_come_from_beyond_sergey/dmsxaa5/)

Is Iota dead? Their devs are very scammy and put viruses on their open source code and there are many fishy things

it is also slow too and their network seems to be dead



IOTA's team is extremely unprofessional and their claims are pure hype. It is everyone's responsibility to counter misinformation wherever they encounter it, especially when a lot of people are being suckered in by it.

is iota dead?

https://twitter.com/KyleSamani/status/937886293803065345
https://www.reddit.com/r/Iota/comments/6yzm9g/integrity_question_for_come_from_beyond_sergey/dmsxaa5/
https://hackernoon.com/why-i-find-iota-deeply-alarming-934f1908194b

Next, and in my mind most damningly, Sergey Ivancheglo, Iota’s cofounder, claims that the flaws in the Curl hash function were in fact deliberate; that they were inserted as ‘copy protection’, to prevent copycat projects, and to allow the Iota team to compromise those projects if they sprang up.