Safe from what? Always assume that an exit node is compromised. Never run unencrypted and unauthenticated traffic over it. There used to be these password sniffing experiments run over exit nodes, which always caught surprisingly many logins. Don't do it.
That doesn't mean traffic can be deanonymized. Tor as a whole isn't compromised in any meaningful sense even if the exit nodes are. Large parts of the original white paper concerns this.
This always has been and always will be the security rabbit hole. (Well, one of them.)
How do you define "know for a fact"? Even if you personally know a person managing an egress node, how do you know they aren't operating on behalf of someone else?
Saw an article a while back (years) saying NSA/FBI is able to track TOR connections and won’t say how even if it means they’d forfeit some cases.. anyone remember this?
Edit to add: Also, it’s public knowledge that TOR is funded by the DoD, it seems extremely feasible that they privately control a sizable chunk of nodes. Based on what I know of American 3 letter agencies, I don’t think one could resist designing a “secure” system only they can listen in on.
I consider TOR a very secure messaging channel between you, the other party, and the American government (metadata only, but that’s really not too big of a limitation in this case).
Well then aren’t I glad the US intelligence agencies don’t have a history of collaborating across national boundaries!
Some nodes can be under hostile control, but as the number increases the likelihood increases that they can link entry to exit based on timings. I consider it quite likely that the us govt can say “hey Germany/UK/Fance/etc., we have this batch of exit times, do any of your nodes correspond on entry?” or vice virce.
If your threat model is that the whole world is out to get you and will stop at nothing to find you, it is very much the case that you are going to lose. Tor raises the cost of surveillance, but is not magic.
As an aside, the five eyes countries collaborate much more closely with one another than they do with France or Germany (or that was the case when I read about this after the Snowden leaks.)
