Lets address your concern by talking about security and probability for each of those issues.
Credit card thieves in Comcast vs in TOR. Given the number of employees who has remote access to customers routers (ie support), sysadmins that has remote server access, and personale who has physical access to switching equipment, whats the risk that one of those people has a criminal record? This will always be non-zero, and one can never actually test it.
In TOR, this risk can be tested[1]. Exit note can be probed by sending unique credit card numbers or other profitable personal information, and then observed by seeing what the node owner does. If they act on the information, the node then get blocked. You can not do this with Comcast since your identity is known to the personal of Comcast.
The NSA threat, as talked about, is reduced by using TOR. Doing statistical analysis is in theory possible but in practice very hard. Out of all the Snowden leaks, not a single one present this as a ongoing work happening. Non-tor traffic analysis is however presented as business-as-usual and should be assumed to happen at every point in the network.
Last, the HTTPS Everywhere you mention is a direct answer to the SSLstrip for the most commonly used websites. Claiming it is implemented backwards because it uses a blacklist is a bit unfair, since blacklist and whitelist each has their own tradeoff in security. HTTPS Everywhere has no false positive and protect against the common threat, but will be vulnerable against uncommon ones. If they had gone with a HTTPS-only approach, it would have caused a extreme amount of false-positives, and users would have turned it off. This trade-off (security vs false positives) is commonly the distinction between user products and server products.
KB SSL Enforcer do not protect against sslstrip and MITM[2] for new installations. If the Tor Browser Bundle included KB SSL Enforcer, it would worsen the security of the Bundle compared to HTTPS Everywhere, and would be counter to the design. Rather than leaving no records of the sites you go to, KB SSL Enforcer have to record and permanent store it.
You can test Comcast in the same way that you can test a Tor exit node - the technique is exactly the same. The threat of a rogue network admin is similar to that of a rogue waitress stealing credit card info - significant criminal liability if caught. To top that, people in a position to carry out such an attack are generally easily identifiable by their employers if there is a criminal investigation. The same can't be said for the administrator of a Tor node in a foreign country.
The NSA threat relies on the assumption that they are targeting you specifically; the risk with a rogue exit node is that you are exposing yourself to an adversary that doesn't care who their victim - i.e. most criminals. My issue with Tor advocacy is that it's attempting to mitigate the risk of a perceived adversary by exposing users to a much more realistic threat. My spouse and I have both had our credit cards stolen before, but I've never had any reason to believe that I've been targeted by the NSA.
There is a definite tradeoff with regards to the whitelist/blacklist model, but ultimately both solutions are really just patching over inherent flaws in SSL trust model. I wasn't clear in earlier post - my issue is not necessarily with the HTTPS Everywhere model, but rather the perception that it gives the user pervasive end-to-end encryption and solves the issue of rogue exit nodes.
If you test comcast in the same fashion, the rouge employee can see that you are sending several thousands unique credit-card number to some website and are thus behaving in a very strange and obvious manner. They can see plainly if the request comes the investigating branch of the police.
With a tor exit-node, the operator can't identify who is sending them the traffic. They can't distinguish a investigating police from a victim.
You can disagree and think that rouge Comcast employees are easier identified than Tor operator. This is a trust question, and everyone is free to pick who they trust and who they don't. The argument given in favor of Comcast just don't sway me, and it would likely require a research paper with test data in order to actually prove what has higher risk associated with it.
The NSA do not target people specifically. That was proven by the revelations from Snowden, and has been quite obvious for quite a long time. NSA doesn't care who their victim is when they are collecting the information. It is cheaper and more effective to target everyone, and then data mine the result after everything is in their hands.
Yes. The list of tor nodes are handled by a small list of directory authorities. They vote on a list, which then each client tally in order to create a list called consensus. Since the number of directory authorities are few, bad nodes get quite fast blocked.
If you want to see nodes that are blocked, http://torstatus.blutmagie.de/ looks to be a good site. There has also been several research projects which has explored different avenues for finding bad nodes, and the TOR Project created a few years ago a python project which incorporated most those methods to automatically scan for malicious nodes (https://svn.torproject.org/svn/torflow/trunk/README).
Credit card thieves in Comcast vs in TOR. Given the number of employees who has remote access to customers routers (ie support), sysadmins that has remote server access, and personale who has physical access to switching equipment, whats the risk that one of those people has a criminal record? This will always be non-zero, and one can never actually test it.
In TOR, this risk can be tested[1]. Exit note can be probed by sending unique credit card numbers or other profitable personal information, and then observed by seeing what the node owner does. If they act on the information, the node then get blocked. You can not do this with Comcast since your identity is known to the personal of Comcast.
The NSA threat, as talked about, is reduced by using TOR. Doing statistical analysis is in theory possible but in practice very hard. Out of all the Snowden leaks, not a single one present this as a ongoing work happening. Non-tor traffic analysis is however presented as business-as-usual and should be assumed to happen at every point in the network.
Last, the HTTPS Everywhere you mention is a direct answer to the SSLstrip for the most commonly used websites. Claiming it is implemented backwards because it uses a blacklist is a bit unfair, since blacklist and whitelist each has their own tradeoff in security. HTTPS Everywhere has no false positive and protect against the common threat, but will be vulnerable against uncommon ones. If they had gone with a HTTPS-only approach, it would have caused a extreme amount of false-positives, and users would have turned it off. This trade-off (security vs false positives) is commonly the distinction between user products and server products.
KB SSL Enforcer do not protect against sslstrip and MITM[2] for new installations. If the Tor Browser Bundle included KB SSL Enforcer, it would worsen the security of the Bundle compared to HTTPS Everywhere, and would be counter to the design. Rather than leaving no records of the sites you go to, KB SSL Enforcer have to record and permanent store it.
[1] http://www.slideshare.net/FreeLeaks/exposing-malicious-tor-e...
[2] https://code.google.com/p/kbsslenforcer/wiki/FAQ