Everyone knows there are active attacks against 'Tor' users... ie: the apps they attach to it. Those are cheap wins for the adversary and unrelated to Tor. There are attempts to exploit Tor daemon and other various access to 0wn or run the relays themselves to get at the plaintext or the service running behind Tor. Not much to do there but harden Tor and the relays and run more independant ones. And nobody's cracking the crypto on the wire anytime soon. Those aren't really related to Tor, but standard practice. Tor can have it's hidden services found via various published attacks involving deploying analysis nodes. There are caveats, and the cost isn't that much, but it takes time. It's in the papers. I'd caution on one debated thing about adversaries... we know there are at least a few adversaries in the world that have *very* good regional coverage with network taps. So contrary to some opinions, I'd suggest it would be rather possible for them to use those and determine who is talking to who by correlating traffic passing the taps... if your traffic happened to begin and end within that region it could be game over. That's in the papers too. Low latency nets that do not use fill traffic are simply not resistant to timing/correlation attacks. Tor is low latency and does not use fill traffic. It's not a break, it's a design choice/tradeoff. Depending on how you use these networks, it may or may not be an issue for you. Tor was never meant to do everything, yet it's quite good at what it does, and publishing what it doesn't.