First of all I don't know of a single nation in the world that prevents their police from attempting to break encryption if they have a warrant. Secondly, intelligence agencies are not anywhere nearly as restricted as the federal police are, and indeed some of them have the entire job of breaking encryption and spying on internet traffic (breaking anonymity falls under Signals Intelligence, breaking crypto falls under Communications Intelligence, both of which are handled by the NSA in the US and the GCHQ in the UK). Some federal police specialize in traffic analysis, I am certain of this as I once read a copy of an official FBI document discussing different sort of agents career path, and people who follow a certain computer forensic career path at the FBI are trained in traffic analysis although after quite a few years of service. I don't know how skilled their best agents are, possibly they have some really skilled ones. They have done pretty advanced proxy bypassing attacks with their CIPAVs but I think there is only proof that they used known vulnerabilities that their targets did not have patched. They seem to save CIPAV against very big targets, like kidnappers / child porn producers and perhaps very large drug dealers. It obviously isn't the solution to all of their anonymity woes though, as in 2008 there was a major sadistic CP ring partially busted, none of the members who used Tor for communications were busted in the initial sweep, and the ones who were later busted were busted through photograph analysis not traffic analysis. The busted ones had used VPN services without Tor and all of them were arrested. This was a high profile case and very important, some of the people involved were using Tor to upload very sadistic CP and the FBI thought one of the participants may kill the girl he had been abusing for years after they moved in on the rest of the group. Despite the FBI and their partners via interpol having this fear they moved in on the group members they had identified, and did not arrest this target until several months later, crediting analysis of the CP photographs for narrowing in on his position enough that they could identify his victim and thus him. I imagine that the average FBI traffic analyst is mostly involved in running simple attacks against public P2P networks. There are a lot of tools already made for police use that simply scour through P2P networks until they identify someone sharing CP, then they spit out their IP address and the suspect photographs to the LE agent operating them. At this point the agent may verify the content of the image (I imagine they don't count entirely on hash functions since they all have collisions.). Then they see who the targets ISP is, and they send a court order demanding to know who that IP address was assigned to at a specific time. If it is a proxy exit node they will then need to probably move backwards down the chain, because I don't think they are currently even trying to carry out an active or internationally coordinated attack against Tor (a lot of them probably just filter Tor exit IP addresses from their suspect lists simply due to the failures LE have had with tracing it in the past). I imagine that their traffic analysts are generally making and utilizing systems like this, not trying to attack stronger networks. You need to keep in mind that they are currently completely overwhelmed with internet crime. Particularly CP they simply don't have enough resources to follow through on all of the leads their systems have detected already. Something like 1% of identified IP addresses in a given year are followed up on due to lack of man power, and they know that they will follow up on even less illegal activity detections if they spend the time required to go through the multiple layers of security and indirection protecting a hard target doing the same thing. Also they have kept pretty busy with those systems, last time I read about them they had integrated fuzzy hashing so if they detect an image that has previously been identified as CP when they spider through a P2P network, they will still be able to identify it even if it has been slightly altered visually. Before they couldn't automatically detect and identify a previously identified image unless it had not been modified at all. But it must be kind of pointless feeling for them to be able to identify that many additional people when they don't even have the resources to put a dent into what they had already had the ability to identify. So I guess to summarize my belief on the safety of Tor, I would say that Tor is technically safe enough to have a good chance of protecting your anonymity for a decent while against most attackers, but in practice so far nobody knows of any case where an attack against the anonymity Tor provides is what led to someone being arrested. And a lot of people know a lot of people who have used Tor for very illegal things for quite a lot of years.