[raesene4]

exactly, I'd actually argue that Tor exit nodes are, on average, more likely to be untrustworthy than a standard ISP connection, as the incentives are there for people to run them to capture exactly the kind of traffic people want to remain secret, and Tor exit node + root CA certificate is a great model for government level attackers to hoover up data which is likely to be sensitive.

[belorn]

To analyze if ISP's are more likely to be malicious than Tor exit node, you need to list all the number of attacks and determine which is more likely.

An ISP employee know whom either side of an connection are and can pick and chose targets in a very selective way. As gate keepers they can also be influenced by outsiders to target specific users and attack them. They are however likely to get caught if they do noticeable attacks and risks their job if its unsanctioned, and risk the companies reputation if it is sanctioned.

A Tor operator can not see whom is doing the connection, but they are slightly less likely to get caught if they do try to attack users. They are also only going to lose the nodes ip address reputation if they are caught attacking users.

Third is the backbone networks that unlike the ISP level has great incentives for government level attackers to collect whole nations/continents amount of data. The risk that they are found out is almost zero, and if they are they can still deny it.

All in all, I would summarize in such a way that ISP's has the greater risk of active attacks by both criminal actors and government level actors, backbone networks for passive attacks by government level actors, and tor nodes for passive attacks by criminal actors. In order to protect against all three you got to use end-to-end encryption as the primary security technique and adding tor helps then against meta data attacks.

[ran290]

Heck, my cellular provider was tracking the HTTP connections of their customers by default to sell profiles to marketing companies. (You could opt out, but I believe the fine print was something along the lines of 'we won't sell your information anymore but we will still collect it for later'). Other Internet providers have offered a cheaper plan to opt-in to traffic snooping for marketing profile building/selling. Tor exit nodes and my residential ISPs are on a similar level of distrust for me.

I've since started using 'whole premises VPN' (all traffic is routed through an encrypted tunnel to a VPS) - I have more confidence in my VPS provider than I do in my residential ISPs. At least the VPS company probably won't use my connection data for marketing profiles..