First: If you're going to do that, then why bother with Tor? Just get a couple of private cloud boxes and make your own VPN. (You'll be just as secure. Which isn't as secure as Tor, but it's better than nothing.)
Second: "An adversary with lots of intercepts could certainly figure it out." Exactly. If you use Tor properly, then nationstates with virtually infinite resources can't figure it out. (That's why some countries block Tor; if you can't crack it, then block it.) But if you run your own guard, relay, rendezvous, or exit node -- and you're the only person who uses it -- then an adversary with lots of intercepts could certainly figure out who you are.
I bother with Tor because it's this onion routing network that's pretty large and well used. And maybe even ~secure and ~uncompromised, but counting on that is iffy.
I mistakenly said "running your own guard". What I meant was "running your own bridge". But in practice, that's basically the same.
But it's disingenuous to claim that even using a private guard (which isn't possible, as far as I know) is "just as secure" as a private VPN. Because there are still two other relays in its circuits to introduction and rendezvous points.
It is less anonymous, I admit, but it's also less vulnerable to malicious guards. And from what I'm aware of, malicious guards have deanonymized far more users and onion servers than traffic correlation attacks have.
> If you use Tor properly, then nationstates with virtually infinite resources can't figure it out.
That's just plain wrong. Even the Tor Project admits that.
But in any case, I'd never count on servers remaining uncompromised. I'm very careful to avoid associations with them.
Edit: Here's a little thing that I sometimes do, if I really want to obscure an SSH login or whatever.[0] Basically, I can do a Tor plus VPN based version of the old telnet login chaining thing.
>But it's disingenuous to claim that even using a private guard (which isn't possible, as far as I know)
I have been thinking about this for a while, too. There is some Tor fork which allows non-exit nodes to exit. It has been posted on tor-talk a while ago.
For a private guard you would need to change the local consensus file and include the private guard. Then you would also need to control the next hop so it recognizes your guard as first hop and connect you to the third hop. I don't see why this won't work in principle.
So you could have Tor exits that aren't published.
That would get around the CAPTCHA plague for Tor users.
Another option that I've considered is IPv6. Relays with both IPv4 and IPv6 must publish their IPv4, in order to get OKed for use. But as far as I know, there's no reason why they couldn't preferentially push exit traffic through IPv6. And indeed, use a different IPv6 address for each circuit.
Second: "An adversary with lots of intercepts could certainly figure it out." Exactly. If you use Tor properly, then nationstates with virtually infinite resources can't figure it out. (That's why some countries block Tor; if you can't crack it, then block it.) But if you run your own guard, relay, rendezvous, or exit node -- and you're the only person who uses it -- then an adversary with lots of intercepts could certainly figure out who you are.