So here's an idea for an attack on tor. We recently saw a paper that said that someone who puts in a lot of routers, claiming to have high bandwidth, can correlate senders and destinations, exposing the traffic analysis that tor is trying to defend against. And, a response from the maintainers -- doing that leaves a lot of tracks.
What about a real set of routers? Right now, it looks like the network of tor routers is such that 50 high speed routers will be able to be that >10% of the network, and determine the senders/receivers of traffic. How big of an attack is this? 50 headless machines, at $400 per machine, $20,000. 50 network connections at $50/month, $2,500 per month. $30,000 per year. $50,000 for the first year, and what happens? Tor gets a lot more bandwidth. Tor looks to be expanding at a good rate. And tor's effectiveness is compromised, completely. Heck, it can even be done by law enforcement, or even by China, so that they know who to go after. And, since exit nodes see a lot of unencrypted traffic, this means that it becomes easier, not harder, to watch someone. Right now, for example, it's hard to grab the traffic from someone elsewhere on the internet, but if you know that they use tor, then you can run an exit router and have a chance to see what they do. Run enough routers, and you can grab a large portion of their traffic. As much as tor is trying to protect privacy, is it time to ask the other question: Does tor make it much easier for a large organization to start restricting privacy? $50,000 may sound like a lot, but consider what can be generated for an "anti-pedophile" group -- a private organization saying "Protect the children!". Or ... well, the point is, that's relatively cheap. It doesn't take a government level spending to do that -- it's even in the range of the corporate espionage budget of a large multi-national company. How can tor defend against something like this?