Attacking a linux box that runs little more than the TOR daemon is much harder than attacking a browser on an avarage client machine. The difference in attack surface is huge. Further, one needs to attack many (hundreds) of TOR nodes to effectively "own" the TOR network. The difficulty level between these two attack vectors is very different. I'd go as far as saying that such an attack is beyond what "low level" fed departments can do (due to HR shortages, budget limits, lack of cooperation with the more serious guys, etc). An attack of this level is something, that in my opinion, is reserved to the guys who hunt down bearded men in some warmer regions of the world. Now, a "common" browser exploit, and some basic attack skills, is something you can expect for these "low profile" investigations such as the one in question (again, purely in my opinion).

It just proves there are easier attack vectors than tor itself.

It's probably hard to gather meaningful evidence. Just think of how they would have to present it to the clueless jury.

It's much easier to show a direct access to some child porn site.

I'm almost certain NSA controls a bunch of nodes and exit nodes and can figure out who loads what. VPN is the way around it.

When you visit .onion sites exit nodes don't come into play.

As for controlling a bunch of nodes and figuring out who loads what is not possible, as far as I understand how the network works. How it works is that the sender decides on a path which consists of a random amount of other regular nodes. It encrypts a message with the public key of each of the nodes, and then sends it on its merry way to the first node. None of the nodes know if they're the first, the second, or the last. All the know is the address of the previous and the next node, either of which can be other nodes in the chain or the origin or the destination.

> As for controlling a bunch of nodes and figuring out who loads what is not possible, as far as I understand how the network works.

Given the number of taping points, the NSA might be considered a global passive adversary (or close to one) at this point. Tor does not protect against that.

An entity controlling traffic at your internet connection can force node selection during circuit building by failing requests to uncontrolled nodes. The path bias warning is informational only AFAIK (was added in 2012?) and is not perfect.

Did you see this: http://www.reuters.com/article/2013/08/05/us-dea-sod-idUSBRE...

"A secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans.

Although these cases rarely involve national security issues, documents reviewed by Reuters show that law enforcement agents have been directed to conceal how such investigations truly begin - not only from defense lawyers but also sometimes from prosecutors and judges.

The undated documents show that federal agents are trained to "recreate" the investigative trail to effectively cover up where the information originated, a practice that some experts say violates a defendant's Constitutional right to a fair trial. If defendants don't know how an investigation began, they cannot know to ask to review potential sources of exculpatory evidence - information that could reveal entrapment, mistakes or biased witnesses."