they’re safe
I believe that if you are a potential target of a state actor, it’s better to use Tor cautiously rather than assume you are completely safe. Additionally, remember that when we discuss attacks on Tor, we often focus solely on technical attacks. However, deanonymizations of specific targets can also involve “non-technical” efforts that may help exposing you as well.
-
Check out the Harvard Tor bomb threat. Tor anonymization relies on many people using the service simultaneously (similar to a cryptocurrency tumbler service). In this case, the visibility of the end result (an email with a timestamp sent from a Tor exit node) and the readily available surveillance of the suspected IP addresses led to the student’s identification.
-
Check out the Relay Early traffic confirmation attack. In this case, a 0-day vulnerability in the relaying software was exploited to deanonymize the suspects’ IP addresses.
-
The Ricochet attack mentioned above was a technical attack on outdated software, but remember that it is generally a correlation attack that Tor is not designed to prevent, even if the attack cannot currently be executed on a large scale. If you are connected to a state actor’s entry node, you can already be “monitored” on one end. If they gain visibility into your activities on the end service (either through the exit node or on the service itself), they may eventually be able to correlate your IP address as well.