That's the dogma. But do we really know that?

We as in the public can probably never be 100% sure of that, but looking at where the project started, and the current state of anonymous networks there is no real alternative. They are definitely using Tor to make attribution harder when running operations, there are no real alternatives. They benefit from Tor being open and used by everyone else, it is much easier for them to hide in the noise of all other traffic then.

Yes, I do agree. However, some say that's just the cover story, and that Tor overall is a honeypot. Or at least, that Tor is a honeypot for all users except US government operatives. There's no way to be sure, right?

As far as alternatives go, maybe they have something like Tor (onion routing) or I2P (mix networking) that user covert channels. It could even be running on government-controlled Tor relays. Or maybe installed as hidden malware.

That seems unlikely, of course. But remember when allegations about ENIGMA were totally conspiracy theory.

If Tor is just a honeypot, then when does it pay off? There are tons of illegal activities going over Tor right now, including truly awful stuff like terrorist attack plotting and recent pictures of child abuse. If Tor is surveillable, why isn't that surveillance being used to catch and prosecute those people? What are they waiting for?

I will say (while acknowledging that I can't prove this) that I have friends who work in national defense and law enforcement, for whom Tor is an impediment. I've never heard them talk about a magic decrypt button; quite the opposite. So if Tor can be decrypted, it is a capability that is closely held and rarely used.

There is lots of horrible stuff on Tor .onion sites, yes. But there was a lot more of it a few years ago. Given general technical cluelessness, even among assholes, much of it was hosted by a few services. Such as Freedom Hosting. But it and some newer ones were compromised, run for a while as honeypots, and then taken down. There aren't really that many independent .onion sites with technically competent operators. Some of the hard-core child porn sites, perhaps, and some of the persistent dark markets. But who knows which of them are honeypots? I mean, PlayPen ran as a honeypot for months, with no interruption in the sharing of child porn, plus infecting users with phone-home malware.

It's not that there's a "magic decrypt button" for Tor. However, it's very likely that the NSA and GHCQ, at least, have some capability to identify Tor .onion sites and users. But they arguably don't want to reveal capabilities, and so are very careful about disclosing information. To some extent, that happens under programs like the DEA's SOPA. But on the other hand, recall that the NSA was cagey about revealing intercepts that could have prevented the 9/11 attacks. Or that charges against the Weathermen were dropped in 1973, after the (then unnamed) NSA got squirrelly about its intercepts being introduced as evidence.

Overall, I'm relatively confident that Tor isn't fundamentally backdoored. But there's no way to know what's going on with any .onion sites that you access. They could be FBI honeypots. Or Russian honeypots. Or independent criminal honeypots. You gotta treat them all as radioactive. As sources of malware and worse. That means at least using Whonix, running on a Linux host machine. And better yet, a dedicated host, used only for Tor and other iffy stuff.