It's official: TOR has been compromised

[Balog]

http://arstechnica.com/security/2014/01/scientists-detect-spoiled-onions-trying-to-sabotage-tor-privacy-network/

Some of the exit node computers are carrying out Man in the Middle attacks on the TOR traffic going through them. Article says it's "unlikely" to be NSA et al. I would be highly surprised if they weren't doing something similar but just tracking everything instead of interfering with it.

[RevDisk]

http://arstechnica.com/security/2014/01/scientists-detect-spoiled-onions-trying-to-sabotage-tor-privacy-network/

Some of the exit node computers are carrying out Man in the Middle attacks on the TOR traffic going through them. Article says it's "unlikely" to be NSA et al. I would be highly surprised if they weren't doing something similar but just tracking everything instead of interfering with it.

It's known that Tor exit nodes are poisoned.

[Waitone]

I thought it was known that exit nodes were open and that if you land on one you got a problem if a bad guy is monitoring it.

[French G.]

Okay, not a computer geek here. What do I need TOR for anyway? Assume I buy a used laptop for cash F2F or at a pawn shop. Then I use public free WiFi, never from my home. I don't post here or to social networks and I have a discrete e-mail that I do not contact my normal people with. Assuming I can figure out how to set up some form of online money without Id'ing myself am I not good to go? Not really sure how to pull of the money stunt. The other would be the where of hard products being shipped to. Hmm...

[drewtam]

Okay, not a computer geek here. What do I need TOR for anyway? Assume I buy a used laptop for cash F2F or at a pawn shop. Then I use public free WiFi, never from my home. I don't post here or to social networks and I have a discrete e-mail that I do not contact my normal people with. Assuming I can figure out how to set up some form of online money without Id'ing myself am I not good to go? Not really sure how to pull of the money stunt. The other would be the where of hard products being shipped to. Hmm...

I am not an IT expert, but I think these things are true...

Your MAC address is leaving a trail.
Your IP address is leaving a trail.

If someone were to investigate it, they would know to check the traffic from your 3 common wifi hot spots that you consistently surf from. A seized laptop can be positively identified with the MAC address. And all of the traffic is coherent (maybe not the right word), on one channel (again, probably not the right word for what I have in mind) so its easier for a snooper to observe what communication is being done.

[Firethorn]

I am not an IT expert, but I think these things are true...

Your MAC address is leaving a trail.
Your IP address is leaving a trail.

If someone were to investigate it, they would know to check the traffic from your 3 common wifi hot spots that you consistently surf from. A seized laptop can be positively identified with the MAC address. And all of the traffic is coherent (maybe not the right word), on one channel (again, probably not the right word for what I have in mind) so its easier for a snooper to observe what communication is being done.

Exactly.  The important part is that TOR masks *LOCATION*.  If the feds or foreign equivalent* can't even be sure you're in the country, they can't track you down.  If I know you're doing something illegal, even if I don't know your name, but I DO know which of 3 hotspots you frequent, I can wait until I know you're in one of them then have the team roll to pick you up.  Heck, I could get a warrant to have a monitoring device on the coffee shop's router so I know when you connect

*Remember, TOR was originally intended to be a way to get unfiltered internet access