An attacker could hack you through a browser exploit. Even with transparent proxying of all connections, if he can get root privileges, he can disable Tor and your firewall. The best defense against this is an anonymizing middle box, a separate physical device from your main computer that runs Tor and transparently proxies all connections over the Tor network. Unpublished exploits. Run many malicious relays. The probability of sending your circuits through the attacker's nodes is roughly Centry / Nentry * Cexit / Nexit where Centry = number of entry nodes run by attacker Nentry = total number of entry nodes Cexit = number of exit nodes run by attacker Nexit = total number of exit nodes Let's say the attacker spins up 100 entry nodes and 100 exit nodes. For the sake of simplicity, let's say no entry nodes are exits and vice versa. Currently there are about 900 total entry nodes and 900 exit nodes. Then the probability of getting pwned by the attacker is 100/1000 * 100/1000 = 1/100, or 1%. That doesn't sound so bad, but consider that your Tor client builds new circuits every 10 minutes. If it chose from all entry and exit nodes, there would be a 50% probability of getting pwned after 8.3 hours of Tor use. That threat is mitigated by using entry guards. Instead of changing entry nodes every 10 minutes, your client changes them about every 2 months. So it takes 8600 times longer to accomplish this attack.