> This is not the threat model that we're faced with now. Let's say you and Bob communicate using accounts you've made on random XMPP servers using Tor, and all the messages are encrypted with OTR. Both servers are in the US, and the NSA's metadata database shows E83Gxw@jabber.org sending lots of ciphertext to PAnd9B@jabber.org.
Tor won't help at all if all of the long-distance network traffic in the country is being mirrored (as it has been in the USA for most of a decade).
Corollary: The NSA knows exactly who runs The Silk Road. Stopping drug trafficking is obviously not as high a priority to them as not letting potentially kinetic adversaries know that Tor provides no anonymity to someone who can (and does) monitor _all_ network traffic.
Tor messages are disclosed only if the NSA etc. run enough of the entry/exit nodes. Simply passively recording Tor traffic might let you do traffic analysis, but won't let you deduce the contents of that traffic.
They'd have the whole of the tor network, including entry and exit nodes. Why run your own exit nodes when you can just sniff the traffic of the existing ones?
Tor won't help at all if all of the long-distance network traffic in the country is being mirrored (as it has been in the USA for most of a decade).
Corollary: The NSA knows exactly who runs The Silk Road. Stopping drug trafficking is obviously not as high a priority to them as not letting potentially kinetic adversaries know that Tor provides no anonymity to someone who can (and does) monitor _all_ network traffic.