[DethNinja]

It is just common sense.

Traffic correlation: All the large state actors are well capable of recording every single IP transaction between devices. You can create detailed correlation maps from these transactions. Considering that this wouldn't cost much for state actors to implement, one has to assume such traffic correlation systems currently exists.

Node compromise: It costs less than 5 dollars a month to create a TOR node. There are currently ~8000 TOR nodes/relays in existence. That is 40k USD per month (at most). Do you really believe state actors can't afford 40k USD per month to compromise the vast majority of TOR nodes? Even a single millionaire can compromise the vast majority of TOR nodes.

Another problem is that TOR is an outdated privacy tech. considering modern state actor capabilities. Mixer networks + network jitter is necessary to protect privacy at this stage, yet no such project exists yet.

TOR is not a good option for privacy. Currently only valid option for privacy is external Wi-Fi jacking and ensuring you don't send any private info like CPUID.

Or alternatively, you can hack routers/computers and put your own TOR nodes in them, then you can only use these known nodes.

[m4jor]

Just more FUD being spewed from someone who knows nothing about Tor.

It's Tor not TOR FYI.

https://support.torproject.org/about/why-is-it-called-tor/

> Note: even though it originally came from an acronym, Tor is not spelled "TOR". Only the first letter is capitalized. In fact, we can usually spot people who haven't read any of our website (and have instead learned everything they know about Tor from news articles) by the fact that they spell it wrong.

We all know which one you fall under.

> Node compromise: It costs less than 5 dollars a month to create a TOR node. There are currently ~8000 TOR nodes/relays in existence. That is 40k USD per month (at most). Do you really believe state actors can't afford 40k USD per month to compromise the vast majority of TOR nodes? Even a single millionaire can compromise the vast majority of TOR nodes.

As someone who has ran a Tor exit node for 5+ years, lolol at this statement. Pure ignorance.

[anonlamb]

Thank you for trying to defend Tor. Can you share some of what the parent was ignorant to?

Does it cost less than 5 dollars a month to create a Tor node?

[orbital-decay]

Common sense is not the same as actual understanding. Tor is not limited to exit nodes, the most valuable thing is the onion network with millions of users. Both are being actively monitored for anomalies by the devs, with multiple thwarted attempts to subvert it in the past.

> TOR is not a good option for privacy. Currently only valid option for privacy is external Wi-Fi jacking and ensuring you don't send any private info like CPUID.

What is known for sure is that high profile drug dealers are using it without being caught for years. All known cases are related to either poor OPSEC, client/server 0-days, classic real-life investigations, or known attacks Tor can't protect from (correlation of the large amounts of onion server traffic, for example, which is not that easy as you make it sound). It is entirely possible that somebody was caught using unknown or unavoidable attacks, but no such case is known for sure at this time.

> Mixer networks + network jitter is necessary to protect privacy at this stage, yet no such project exists yet.

Tor does use packet shuffling and delays to protect from timing attacks to an extent. It's less advanced than I2P which also mixes the traffic, but has a much larger client pool and a unified browser used by nearly everyone, which provides users with huge buckets to blend into. There are also several delayed onion message services available.

Of course it is susceptible to certain kinds of attacks you have to be aware about. This isn't the same as "Tor doesn't provide anonymity" or "Tor is compromised".