That is an extremely dangerous statement to make and one I do not agree with.
Keep in mind that:
- you will have to trust that a large chunk of the nodes is not in the hands of someone that you count as your enemy
- that even if your enemy is not in charge of a substantial part of the network they may still be monitoring entry and egress and that that alone can be enough to figure out who is talking to who
- that any data present at egress that can be intercepted might still reveal who you are
So no, Tor is not 100% secure and it is very well possible that even if you use Tor your identity will be connected with some activity or even all of your activity while using the network.
Why not run your own guard node or even an obfuscated brige and then connect to it? That way you can make sure that no one will do traffic correlation (except, of course, a global adversary) since that would require controlling both the guard node and the exit used in the circuit (which changes every 10min, and in the Tor Browser you get a new circuit for each website).
> that even if your enemy is not in charge of a substantial part of the network they may still be monitoring entry and egress and that that alone can be enough to figure out who is talking to who
That's not possible in practice, quoting from the Tor Browser design documentation [1]:
> In the case of this attack, the key factors that increase the classification complexity (and thus hinder a real world adversary who attempts this attack) are large numbers of dynamically generated pages, partially cached content, and also the non-web activity of the entire Tor network. This yields an effective number of "web pages" many orders of magnitude larger than even Panchenko's "Open World" scenario, which suffered continuous near-constant decline in the true positive rate as the "Open World" size grew (see figure 4). This large level of classification complexity is further confounded by a noisy and low resolution featureset - one which is also relatively easy for the defender to manipulate at low cost.
> To make matters worse for a real-world adversary, the ocean of Tor Internet activity (at least, when compared to a lab setting) makes it a certainty that an adversary attempting examine large amounts of Tor traffic will ultimately be overwhelmed by false positives (even after making heavy tradeoffs on the ROC curve to minimize false positives to below 0.01%). This problem is known in the IDS literature as the Base Rate Fallacy, and it is the primary reason that anomaly and activity classification-based IDS and antivirus systems have failed to materialize in the marketplace (despite early success in academic literature).
> Still, we do not believe that these issues are enough to dismiss the attack outright. But we do believe these factors make it both worthwhile and effective to deploy light-weight defenses that reduce the accuracy of this attack by further contributing noise to hinder successful feature extraction.
And just recently netflow padding has been added to Tor 0.3.1.x.[2]
> So no, Tor is not 100% secure and it is very well possible that even if you use Tor your identity will be connected with some activity or even all of your activity while using the network.
That still doesn't disprove the fact that Tor is the best low-latency anonymity system and that not using Tor is much much worse than using it.
[1] : https://www.torproject.org/projects/torbrowser/design/
