Before you guys get too far ahead of yourselves you should stop operating on the premise that Tor is secure. The fact is Tor is very very unsecure. Setup up a Tor relay and you'll see what I'm talking about. You can read EVERYTHING in clear text with a packet sniffer that is crossing through your relay. Passwords, usernames, EVERYTHING. You host a Tor relay and you can capture all the passwords you want all day.
Ok Hold on there...Fist what we are talking about is a CLOSED network, that is there are no exit relays to the larger internet. What you are talking about above can be done in the public network if a person sets up a corrupted exit relay. Our network would not have these, and all our relays are under our control.
Second, about a year ago Debian distrobutions of linux where found to have a huge problem with there SSL encryption algorithm (Which Tor uses) which made it very easy to brute force attack ANY stems generated with it. It was a huge fiasco, and effected far more people then just Tor. Wtihin Tor this effected about 300 or so of the networks relays, and 2 of the directory services if I remember right. But you are wrong when you say information is in cleartext within the network. Everything WITHIN the network is encrypted with multiple levels of encryption. Your final hop from the network to your destination is not (which is why they say to use SSL ) but recently there are attacks that have been shown to work even for people using SSL for the last hop. The real problem is the exit relays, and allowing just anyone to host one.
I read one guy who decided to host a relay one day and he read everything and it turned out some diplomats were using the shit and he got the passwords to their diplomatic emails! So Tor is not really that secure as far as info goes (it's unencrypted clear text).
Again, this was due to someone hosting a corrupted relay to sniff unencrypted outgoing traffic. A closed network that only allows access to material hosted within the network on hiddenservices avoids this problem.
As far as anonymity goes it's OK. It will protect you from the vast majority of people that want to find you but for someone who really really wants to find you (like say the SS) all they have to do is look at the entire network and see where the info is entering the network and where it is leaving and they can pinpoint you. For instance, let's say I tell the network to take me to vespiary.org. It submits the request into the onion network, bounces it in pieces through a bunch of relays, and comes out the other end of the network at vespiary.org. If someone is looking at the whole network they can not follow the traffic as it gets bounced around but they can see it enter, see it leave, and make a pretty educated assumption that you were the one.
Again, if traffic never leaves the network, it becomes very hard to run traffic analysis. More so when every connection to a hidden service would be using in effect 6 hops! The problem our network will face is at the start it will be small, and a entity could try to monitor EVERY relay in the network. We are working on solutions to this problem.
Honestly is someone gave us 30 servers to use we would be set. Trying to do it with 15 is a problem. When Tor started they only had 50.
I only use Tor because I'm already not using my own connection to start with. But when I used my own connection years ago I would only use VPN's and proxy chains set up by hackers I knew and trusted. This is what most of the carding community uses. But if you don't know and trust your VPN or proxy guy then there are some good chances you're just using a honeypot setup by LE and you are even worse off then just using your regular naked connection.
yup thats the problem with proxy chains. Plus they don't do anything to protect the people that HOST sites. Using hidden services the user of the content does not know where the content is located at. This is the big advantage. In the closed network it would be possible for people to host material and never know where it is actually located at. (You can do this in the public network too, but it is extremely slow)
Hosting really shouldn't be too much trouble though. There are many "bullet proof" hosters based in Malaysia, Ukraine, Russia, ect. You basically set up shop at one of them. Host for a year or two. Then by that time you are really well known and bringing some real heat on the hoster, and then MAYBE the hoster caves and shuts you down (usually not though), then you just go to the next bullet proof hoster and wait another 2 years. Most guys I know don't have too much problems though. And the Russians and Asians NEVER have a problem. It's only the English speaking forums (many of which still love to use US hosters) who mostly play the whack-a-mole game with the SS and FBI. The last FBI report I read regarding hosting had the following listed as being hosters they had major problems with (ie telling LE to go fuck themselves):
There are other things a watcher can do then just shut a site down. If the physical location is know, all sorts of physical attacks can be had. Monitoring of traffic to the site becomes possiable. There are SSL attacks now that allow all traffic to become unencrypted. I guess our view has become that ANY communication over the public internet is gong to be vulnerable, and the only real solution is to start to create a different kind of network, using the existing structure. (We aren't the first to want to do this by far, but maybe the first with a plan to make it sustainablely grow)
Our real problem becomes making people trust the the closed network and the entity running it.
As far as hosting is concerned today, my feeling is you are far better off to set up a server in a urban environment with many open or WEP encrypted wifi signals. Take over 4 or 5 and host your site over borrowed connections. It allow you to physically control of the server and the material on it. If done in a dense area trying to locate the server would be nearly imposable.