Because so many here know, tor uses onion routing. The idea is simple however the devil is the facts. Here I am going to outline some hazard models that Tor will not cover.
To be able to understand the implications, enables backtrack somewhat and appearance at the process. Once Tor boots its first rung on the ladder is to get consensus. You will discover 9 roughly servers called directory site machines HARDCODED in the Tor source code. Tor are certain to get the consensus from the HARDCODED directory website machines. The consensus is authorized by all the servers and regularly renews. In order long as a few of the directory machines is respected. Consensus can’t be spoofed.
Just what exactly is this consensus? Simple… this can be a set of entrance guards, relay nodes, and leave nodes used when coming up with interconnection trough the network (it includes far more but let us keep it simple for the present time). It might seem… well why must i care?
Harm 1 (revised tor binary)
A nation express attacker uses BGP spoofing or something such as key you into downloading it a revised Tor release where all hardcoded machines are actually handled by the attacker. Tor will still shoe up and gladly create its preemptive tunnels comprising shield / relay / leave nodes (in the event traffic would go to clearnet rather than a concealed service).
Can you start to see the problem? of course they is now able to see all traffic you send without you knowing it.
Invasion 2 (traffic monitoring a tor end user)
When you initially hook up. Tor selects 3 nodes from the consensus called shield nodes. They are more dependable than relay or leave nodes (high uptime / bandwidth, low latency). These shield nodes hang in there for some time. about 12 weeks normally. One more thing (unless using pluggable transports) these nodes are general population (all are in the consensus). Let us say you set up tor at home on your laptop or cellular phone. You always contact the officer nodes when you shoe up, its easy to understand you utilize tor.
I could now track your body above the network by Macintosh address or other personal identifiable information. There are just so many community forums plus some allows users to see if other users are online. You may easily correlate an individual becoming inactive on Tor and the tunnels to entry nodes being demolished.
A nation status could lure you on the IRC route, then blacklist you’re specific accessibility node. In the event that you DC you are that specific person.. Blacklisting can occur on country / municipality / city.
From there it will not be too much to find you…
There are far more ways not explained in here, its just like a warning also to get you enthusiastic about tor internals. If you wish to read how tor works internally its specs is available here: https://gitweb.torproject.org/torspec.git/tree/