A passive observer that is as big as NSA/GCHQ etc. can correlate traffic to de-anonomise some traffic, some very small amount of the time. It is extremely unlikely that a single ISP would ever have enough information to do that though.
> Tor is a well-designed and robust anonymity tool, and successfully attacking it is difficult. The NSA attacks we found individually target Tor users by exploiting vulnerabilities in their Firefox browsers, and not the Tor application directly.
It is hard, perhaps, but a good attack for the NSA would be to run many of the exit nodes.
The intelligence gathered this way would be very valuable, as the traffic on the TOR network is has a much higher intelligence value. This is because it is used by those trying to hide something, something which the NSA may like to know.
If I wanted to support the NSA, I'm sure I'd do volunteer work for those organizations -- and if I ran an intelligence agency, I'm sure I'd recruit assets off university campuses across the globe. Just saying.
