First I think the tor developers do not want an organized effort on SR to send them money, that would be bad for their PR. Although if you do want to contribute by running a relay or donating go ahead, I just don't think Tor wants SR to be seen as sending them funding. Here I will explain how Tor works for you. Tor is a low latency anonymity network. It gives users anonymity by routing their traffic through 'telescoping' encrypted tunnels through three nodes. The first node is the entry, the second is the middle and the third is the exit. The entry node knows who you are, but it can not see where you are surfing, the middle node does not know who you are or where you are surfing, and the exit knows where you are surfing but not who you are. The exit node connects to the servers you communicate with. Traffic from the exit node to the destination you communicate with is not encrypted, so it can be intercepted and spied on by the exit node. This could compromise 'who you are' if you go to your facebook page for example, but it will not compromise where you are unless you leak that through the exit traffic as well somehow. The destination you communicate with can not trace you because they see the IP address of the exit node you are using, not your own IP address. In the best case scenario they will need to go back one hop at a time an. d get logs until the trail leads them back to you. Hopefully at least one of the three nodes you are using is not keeping logs or being passively monitored, in which case the trails will go dead at the first such node and you will remain anonymous. Tor is not perfect. There are two sorts of attacker involved with traffic analysis, passive and active. Passive attackers monitor the links between nodes, such an attacker could be an ISP that several Tor nodes use, for example. An active attacker is one who adds nodes to the network and is able to view their internal state. Some attackers are combinations of active and passive. The more Tor nodes there are, the more protection you are afforded from an active attacker. After all, if there are ten nodes and an attacker owns one, they can monitor 10% of the network, but if there are 100 nodes and an attacker owns one they are only monitoring 1% of the network. It is important that nobody owns a large percentage of the nodes on the network, because Tor does not prevent traffic confirmation attacks. An attacker who can see packets at two points on the Tor network can use timing correlation attacks to link the packets together. This would be very bad if the attacker doing this sort of attack owned your entry and exit node, because then they could link the packets they see you sending through their entry node to the packets arriving at the destination, thus deanonymizing you with only two out of the three nodes on your circuit. Passive attackers are generally (but not necessarily) more powerful than active attackers. An attacker who owns the ISP used by one hundred Tor nodes is capable of monitoring the traffic into and out of those Tor nodes as well as if they ran the Tor nodes themselves. Again, if a passive attacker can monitor your entry and exit traffic they can use timing correlation attack to link them together and thus deanonymize you. Having more nodes on the network does not inherently protect from such an attacker, however having location diversity in the nodes on the network does protect from this sort of attacker. If the Tor network consisted of nodes all in one data center, the owner of the data center could deanonymize all Tor circuits without owning a single Tor node, regardless of how many nodes were on the network. However, if the nodes are in data centers distributed around the world, it becomes far less likely that the owner of a single data center can deanonymize Tor circuits by themselves. Thankfully there middle nodes as well, so even if your entry and exit are being monitored by different attackers, unless they are already colluding and sharing intelligence with each other they will not be able to identify each other to request collusion in specific cases unless they can get the middle node to cooperate to introduce them to each other. One of the most powerful sorts of attacker is called global passive, and this means that they are able to monitor the links between every node on a network (if they are global in the context of the network, some may argue that a true global passive adversary can monitor all links on the internet, but I find this definition to be irrelevant when a specific sub network is being discussed). Tor is completely incapable of offering any protection from such an attacker, but such attackers are likely very few and far between if any even exist. NSA would likely be the closest attacker to a GPA although some other signals intelligence agencies such as GCHQ may come close as well. Certainly the Swedish signals intelligence agency monitors all traffic in and out of Sweden, that is not GPA but is still a fairly powerful attacker, and it is likely impossible for Swedish people to anonymously access servers in Sweden unless they stay within their own country at entry or exit. Connections to hidden services don't use exit nodes in the same sense as connections to the clearnet do, but the same general principles apply to them. Hidden services are actually much easier to deanonymize than clients, because clients can force them to open an arbitrary number of new circuits and send them packets + watch for the packets at malicious nodes until they trace up to their entry guards. Three entry guard nodes that make direct contact with a hidden service server can be enumerated in about a minute, and then for a passive capable attacker it is just a matter of monitoring one of them to deanonymize the hidden service. For an active attacker it is a little bit harder, they need to force the hidden service to use one of their entry guards, and the quickest way to do this involves DOSing guard nodes until you get lucky or run out of resources.