Tor is safe enough to prevent almost all attackers from easily linking your IP address to the websites you visit. Hidden services are harder to locate than servers that are on the clearnet, they are enough to prevent the average person from determining a servers IP address. Tor is not a magic shield, it can be compromised for individual users over time, but there is a very small chance that any attacker is capable of deanonymizing all Tor users in real time. Using a VPN in addition to Tor is not likely to help the situation much, although there are arguments that it could. From a purely technical point of view, your entry guards give you the most anonymity. As long as none of your entry guards are compromised or malicious you are totally safe from purely active attackers. Active attackers are those who insert nodes to spy on traffic, passive attackers are those who spy on links between nodes such as at ISP. The probability that Tor will keep you anonymous directly correlates with the percentage of the Tor network that your attacker can observe, actively and/or passively. Tor has the same major weakness of all other low latency anonymity solutions, including I2P, JAP and VPNs; your traffic is not significantly delayed at any of the points between you and its destination. This allows an attacker who can see traffic at two points to use statistical attacks to link the traffic together based on its time of arrival. This is in contrast to mix networks, where traffic is randomly delayed and reordered to prevent such attacks. This is particularly bad if the attacker is able to see your traffic leaving from you and arriving at its end destination; regardless of the number of nodes in between the attacker can link the traffic together and thus link you to your destination. Tor and other low latency solutions take a less secure approach to providing anonymity than mix networks, and in return they offer the ability to surf the internet like normal (compared to mix networks, which are only much good for an E-mail model of communications, where there can be several hours of delay between you sending your data and it arriving at its end destination). The strategy Tor uses is to make it unlikely that any given attacker will be positioned to see your traffic originate AND arrive at its end destination. In the case of Tor this is accomplished by having a massive volunteer run network of nodes distributed through out the world. Since your ISP cannot likely see where you are going, you are no more suspect of breaking the law than any other Tor user is from their perspective. Even if you go to a compromised illegal website, the attacker can only see the traffic coming from your exit node. There is a very slim chance that an attacker will be able to start at your exit node and work their way back to you, they would need to obtain logs from two other nodes that are hopefully not logging. They have no reason to log your traffic at your ISP , at least they have no more reason to log your traffic than they do to log any other Tor users traffic, and Tor is used by millions of people for a wide variety of reasons. The biggest risk to your anonymity is thus that by chance you will use an entry node operated by an attacker, if you do this and they run/monitor your end destination or exit/end node, they will be able to deanonymize you with a timing attack. The probability that you will use such a combination of nodes correlates positively with the duration of time that you use Tor, the amount of surfing you do with Tor over the duration of time that you use it and also with the number of links your attacker actively/passively monitors. It is quite likely that an attacker with significant resources (ie: tens of thousands of dollars) can deanonymize X Tor users every Y period of time, it is even more likely that they can if they control or monitor the end destination of interest directly rather than via exit nodes (which will only occasionally be selected to send data to an end destination of interest)....the chances that you will fall into that set of X users is much smaller and once again increases over the time that you use Tor and with the amount of surfing you do via Tor to a particular destination.