Exactly, and it goes wider than this - the model of interactive session from a smart-dumb browser client (running code!) to a central mainframe (web server), is almost by design one where you cannot achieve anonymity. The business model is antithetical to that. Whereas a much better (from the end user point of view), is to have open source simple client software which parses/creates structured messages on a medium latency basis, based on agreed published schemas. Such message passing is far better both from a transport anonymity basis, and a client risk reduction basis (because you swap a complex rendering problem, including very intrusive javascript code for a more generic parsing problem which has no rendering implication at that point, that's downstream). Much cleaner.
As many here will know , since it's very inception Tor has always had a quasi-incestuous relationship with " The Man " . Old habits die hard ? ..... or is that just me over-simplifying the issue ?
I don't know. Tor Project seems to focus on building user base more than security. Their dogma is wanting to help people. But more and more, I'm thinking that they just want lots of cover traffic for their core user base, the US military.
That's a pretty scary prospect if true and yet reading the signs, noone can rule that out. So now what?
Well, if it's good enough for the US military? But yeah, they don't worry about snooping on themselves What are the alternatives, really? So I just protect myself as best I can, by hitting Tor through nested VPNs. Also interesting is I2VPN: https://www.reddit.com/r/VPN/comments/4zxpdj/anyone_heard_of_i2vpn_claiming_true_trustless/d6zr7o3 It's basically a paid I2P exit router. That gives you lots more bandwidth. Like 12 Mbps with two I2P hops!