Over at Digital Era there’s a nice post on Tor best practices. While the Tor protocol and software are reasonably secure, you can’t use them blindly. The most recent example of what happens when you do is demonstrated by Eldo Kim who used Tor and Guerrilla Mail to send a bomb threat to Harvard University. Kim sought to use the bomb scare to avoid taking a final. Unfortunately for him he used the Harvard WiFi network and his identity was discovered simply by checking who on the network was using Tor at the time the email was sent.
It wasn’t a weakness in Tor but Kim’s lack of operational security that caused his discovery. The post at Digital Era helps you avoid errors like Kim’s by explaining how best to use Tor and what practices are dangerous and should be avoided. One of those practices is to never use Tor from or near home. It’s too bad for Kim that he didn’t read that before sending his email.
Most of us aren’t using Tor to send bomb threats, of course, but it is used by many—journalists and activists come to mind—in conditions that could be life threatening if their identities were discovered. If you’re using Tor under conditions that could result in dire consequences should your identity be discovered, you should definitely take a look at the best practices post.