A global passive adversary is the most commonly
assumed threat when analyzing theoretical anonymity
designs. But like all practical low-latency systems,
Tor does not protect against such a strong adversary.
Thanks for the correction, I'm not sure why I decided to upper case the R :)
To clarify what I think you meant to refer me to, the Tor client actually chooses the three nodes in the path of a circuit, doesn't use two nodes on the same subnet, nor ones the network classifies as belonging to the same "family" (although I'm having trouble determining what this means in practice).
Given that there is a hard limit of three nodes in a route, I'm still have trouble thinking of an adversary that Tor protects you against that a VPN to a jurisdiction of your choosing doesn't, and a VPN is significantly faster...
The NSA isn't really global, though. For example, if enough ToR traffic were routed via Asia or South America, I imagine they would not be able to perform much traffic analysis on it.
The NSA is very much global and according to the Snowden leaks tapped into a large number of major internet exchanges and sea cables, including the largest internet exchange of the world (Germany, DECIX[1]) as well as the largest exchange in Asia (Hong Kong, HKIX[3]) and South America (Brazil, BRIX[4]) respectively.
From what we know the NSA has global coverage with google-style indexing[1] since at least 2012, possibly earlier.
Thanks for finding all of those sources. That is indeed a vast network of intercepts, however it's not necessarily "global" in the sense that they monitor all communication. If one could choose their Tor link to include enough paths not likely to be monitored by colluding parties, then one could be more certain they are not facing a "global adversary" in the sense that the Tor site means.
Not literally all communication in the global sense that Tor refers to. For a trivial example, the wifi signal between my computer and my router is not monitored.
Your references seem to talk about major exchanges all over the globe. Practically speaking, because a Tor client can choose the routers for the link it creates, it could choose three routers behind a single major exchange that is monitored (e.g. in Asia or South America), and hence remain anonymous, because the connections between those routers are not monitored.
because the connections between those routers are not monitored
A correlation attack[1] doesn't care about the intermediate routers. It only requires packet dumps from the entry and the exit node. Both of which, with very high probability, route through networks that are monitored by the NSA.
Good point. I wonder how useful that is in practice with the amount of traffic going through the Tor network. It seems to me that the more people use it, the harder it would be to get accurate correlations. That said, I wouldn't be surprised if some clever math can do so more accurately than has been published.
