I think you overestimates the protection Tor provides. We have seen multiple cases of people getting caught on there, and CIA probably owns half the exit nodes anyways.
>We have seen multiple cases of people getting caught on there
as far as i am aware, no one has been caught due to something technical in relation to tor.
it's always something dumb like logging into an email that has the person's real name in it, using a credit card, leaving javascript on, or otherwise making some opsec failure.
There is another angle not a lot of people consider. There was a Defcon video I recall watching from 10-15 years ago where the speaker referenced a case where police managed to arrest someone because the Tor traffic on the network (maybe a university) was so unusual as a one time event at a specific location, the police managed to tie the individual to specific Tor activity. The speaker's conclusion was essentially we should all be using Tor to create and normalise a higher volume of Tor traffic which can in turn help protect other Tor user's anonymity.
"Reading the criminal complaint, it seems that the FBI got itself a list of Harvard users that accessed the Tor network, and went through them one by one to find the one who sent the threat, [...]"
"The FBI didn't have to break Tor; they just used conventional police mechanisms to get Kim to confess," Schneier wrote. "Tor didn't break; Kim did.""
It's increasingly difficult to accomplish much on the Internet without JavaScript, though. This is an era where literal image hosting sites won't show you an image without it; where it's used to reinvent <details> tags, forms, even ordinary hyperlinks.
