I don’t think that it is fully “backdoored”, personally, but if you look into the case of that dread pirate roberts guy, it is plain to see that they can get you if they are willing to pay the resources to do so. I assume the resource cost (e.g. paying multiple salaries to analysts, hosting a ton of TOR nodes) is pretty steep though. Edit: so from other comments I am seeing that dpr got got because he was a dumb-dumb. Still they had to pay spooks (most likely) to sift through intel to find him, so take from that what you may.

I think the question of “is TOR backdoored” is indicative of the wrong approach to operational security. With the rise of the Snowden disclosures of PRISM and other dragnet surveillance programs being conducted by the state, public interest in cryptography and cryptographical protocols skyrocketed. It was a popular conception that with the right cryptographic protocols we could outsmart and elude the state. That operational security was a problem which could be solved with an app. This was a naïve and incorrect mode of thinking.

Cryptography is a powerful tool, and in the right hands it can make the work of the state much more difficult. But cryptographic protocols are only as strong as the weakest link in your organization. Neither are cryptographic protocols immune to social engineering attacks such is infiltration.

TOR must be viewed in this lens. It makes you much more difficult to identify under most threat models, but if your threat model includes the national security apparatus, your challenges will be much more of an organizational nature than a cryptographic nature.

The things that will provide you with the most security are more or less the classic staples of tradecraft: compartmentalization, dead drops, one time pads, holding one on one meetings in person, outdoors, in places that won’t be bugged. Separating your organization into an above ground political arm and an underground militant arm with little to no formal communication or contract.

Encryption and authenticity (digital signing) are good general prophylactic practices which should be employed, but staying under the radar and providing as little encrypted cyphertext and metadata as possible should also be a goal when dealing with sensitive projects. While encryption will protect the contents of the discussion, it will still leave a trail of breadcrumbs and help investigators piece together a network of associations.

It’s over 7 years old now, but the NSA document dump from Snowden includes a powerpoint slide that says, “Tor stinks…but it could be worse.” In other words, Tor makes their job harder, but isn’t an anonymization panacea–they can find specific people, but they can’t just read everything (they way they could back before SSL/TLS was widely used).

I think it’s not backdoored precisely because it was created by the US Navy for spy communications. The US government knows full well that any backdoor they put in for themselves could (and, eventually, would) be found and exploited by other intelligence agencies, rendering the whole project useless for its original purpose. I’m not saying the US government has some ethical objection to lying and spying, but it’s in their best interest here to make tor as secure as they say it is.

That’s not to say it’s flawless, but I doubt the flaws are deliberate.