They are limited, but they do have a shit ton of money. They also have some of the brightest computer and mathematics people in the world. They are limited by internal and to a lesser extent external policy to some extent, but it is pretty obvious that they mostly answer to themselves. On paper they are restricted, in practice they do whatever they want and good luck getting anyone to stop them. Just look at their illegal wiretapping to see that they, like many intelligence agencies, are not bound by the law. Although I believe the CIA is the only intelligence agency in USA that is officially allowed to violate the law. Yes the NSA has a headquarters, they are not some omniscient omnipresent spiritual being. They also have dozens of Narusinsight super computers hooked up to split fiber optic cables at major internet exchange points in the USA, and they sample a metric fuck ton of internet traffic for analysis. They also have powerful traditional super computers, and although nobody knows for sure it is likely that they are working towards quantum computers capable of breaking most currently used asymmetric crypto systems. I know smart mathematicians and physicists who are worried about this, it is no longer in the realm of tinfoil hats to be concerned about quantum computing attacks on cryptography. They also have teams of elite hackers who have most likely penetrated into foreign computer systems not even connected to the internet in order to destroy nuclear centrifuges. The US government spends millions of dollars a year buying up zero days from private actors, and the NSA makes their own as well. Yes that blog post is FUD, I never disagreed with that. But it is not FUD to think that the NSA can already pwn Tor. The leaked AT&T documents and testimony from Mark Klien I believe his name is, gives us evidence that the NSA has installed Narusinsight super computers at major IXs. There are publicly available specs for Narusinsight super computers showing they are capable of sampling traffic from millions of residential internet connections. We have seen the hacking against the Iranian centrifuges which demonstrates that intelligence agencies have extremely skilled hackers, world class hackers. The research and development into quantum computing is in the public sector, and it is likely a safe assumption that the NSA has secret research going on that is a decade ahead of anything we have seen so far. We can extrapolate from what we know, to come to the conclusion that the NSA is a world class agency of hackers, cryptanalysts and traffic analysts, with a multi billion dollar a year budget and direct access to many of the most heavily used links on the global internet. From an active perspective, actually adding nodes to the Tor network, you are mostly correct. But that is not how the NSA would attack Tor, as I said before. They already have the infrastructure in place to passively monitor a huge percentage of good Tor nodes, if they so wish. There are two types of attacker, the Tor folk tend to call them active and passive in regards to their positioning, however I personally prefer the alternatively used wording of internal and external as active and passive are imo different. An internal/active attacker adds nodes to the network to observe traffic on the network, an external/passive attacker monitors nodes that are already on the network by spying on their traffic at their ISP, or IX's. It is extraordinarily difficult bordering on impossible to detect a passive attacker, and the only reason we have more than speculation in regards to the NSA's passive internet surveillance is because of the leaked documents from AT&T showing that they installed fiber optic splitters and Narusinsight supercomputers at multiple IX's. Adding a lot of nodes to the Tor network all at once will get them all blacklisted. adding them with the same name but without setting them as part of a family will get them all blacklisted or possibly set into the same family by the operators of the directory authority servers. If someone at an IX passively monitors the five hundred Tor nodes that send traffic through that IX, nobody is able to tell unless something leaks out about the operation. This is actually why it is so unbelievable that the NSA or other US intelligence agencies would run a front ISP and actively add nodes to the Tor network. They simply don't need to do this, they can passively monitor nodes from the traffic analysis super computers they already have installed at major exchange points. Indeed.