True enough but times change. if law enforcement plan to continue to fight the war on drugs, we will see more and more technical attacks from them. We will also see less and less human intelligence attacks as it becomes more and more impossible for them to move upwards (inwards??) toward sources by doing this. The drug game is changing. The method used by the online scene is superior and will continue to grow in popularity at an exponential rate. It is not effectively combated with the same techniques as the enemy has traditionally used. Fortunately they are inherently slow to adapt to change so we may still have a while. We also have a substantial head start, and the fruits of decades of security research to protect us. Tor is pretty good for what it is. Low latency is in itself a very strong limitation for an anonymity network to have. There are entire classes of attack that are impossible to protect from with a low latency anonymity network. Tor is at least good at preventing most attackers from instantly deanonymizing all of its users, although NSA can probably come pretty damn close to doing this. Other than that it is largely a game of chance and time, with the time it buys you from an attacker being inversely proportional to the number of links the attacker can observe. There are two 'types' of attacker, although some are simultaneously both types. These are passive and active. A passive attacker can watch connections at infrastructure, such as your ISP or an IX. Active attackers own nodes on the network, so they can watch traffic as it comes to them and exits them. Another terminology used is internal and external, with internal attackers being active and external attackers being passive. Active and passive seems to be more popular terminology though. A passive attacker who can monitor an ISP with fifty Tor relays on it is as powerful as an active attacker who owns fifty Tor relays. A global passive attacker is one who can see all links between all nodes of the network, NSA is likely very close to this so they can deanonymize most Tor connections in real time. The most powerful attack against low latency networks is end point timing correlation. An attacker who observes a packet at one point on the network can use statistics and timing to identify that packet at every other point on the network they see it at. So if they originally see it is coming from you, and also observe it arriving at the destination, they can link you to the destination. Tor wants to be low latency so it can be used for general surfing of the internet, instant messages etc. They know that they are completely fucked by global passive adversaries, but they try to protect from less powerful attackers. The primary strategy of Tor is to have a huge network of nodes owned by a wide assortment of different volunteers. Even if the volunteers are malicious and actively monitor the traffic going through their nodes, the hope is that they are not colluding with each other. So if FBI watches you put a packet in and then some Chinese intelligence agency watches your traffic arrive at its destination, even though they are both malicious they are not going to share intelligence with each other and you are safe. The middle node can also give some advantages here. If the first node is owned by FBI and the final node is owned by the German feds, unless they routinely share all intelligence, the German feds can not get in touch with the FBI to collaborate on a specific case of exit traffic if the middle node is owned by the Russian feds and they are not willing to cooperate. Tor depends on the lack of trust between various government and other criminal agencies that wish to attack it, as well as the support of libertarians and general geeks who run Tor nodes out of a desire for freedom or technical interest rather than to gather intelligence. Unfortunately, it is not impossible for your entry and exit traffic to be observed by a single malicious entity, or a pair of colluding / intelligence sharing entities. If this happens, you are deanonymized. This is actually fairly likely to happen if you use Tor over a long enough period of time. How long exactly it will take depends on the number of nodes that your attacker owns, as well as the number of nodes they can passively observe traffic to and from. It is actually not entirely accurate to assume that they must own your exit node either. If you are visiting clearnet websites with Tor, they do not need to own your exit node if they already can a. get logs from the clearnet server, b. have the clearnet server under passive surveillance c. own the clearnet server. If a b or c happen to be true, then you are fucked if you use one of their entry guards. You use three entry guards at a time, and the entry guards you use ideally will change once every 30-60 days, although you can fuck this up by doing things like using live CDs without persistent entry guards and lead to MUCH faster guard node rotation. How many rotations you have before you are fucked, could be zero, could be an infinite amount, it comes down to luck and how many nodes they own/watch. Hidden services can help here a little because they are themselves anonymous, so before the attacker can watch your traffic and know it is arriving at the hidden service, they must first identify the hidden services IP address. Unfortunately locating hidden services is borderline trivial, and only complete dumb fucks such as the FBI do not seem capable of doing this. In reality, it can be accomplished with significant probability for a relatively small investment of a few thousand dollars at the most, for an agency who can use the legal system to order passive surveillance against identified entry guards (such as the FBI) it would be trivial to deanonymize a hidden service in a few months at the very most, but the FBI is apparently staffed by a bunch of technical know nothings so they have not managed to do this level of attack yet. Once the hidden service is identified and put under passive surveillance, then it is a waiting game of how many rotations you have before you land on a bad entry node. Also, there are some techniques you can do that can make hidden services much harder to trace. Using strict entry guards will protect you from an attacker who can not order passive surveillance of identified nodes, although it will make you vulnerable to DDOS. There are also techniques that could make it much more difficult for even an attacker of the FBIs level (well, their level if they were not fucktarded) to trace hidden services.