I've talked before about how Tor can protect your anonymity on the Internet only if you use it in the right way. However, how users interact with Tor is not the only possible source of a loss of anonymity. As far back as 2014 the Tor project was looking for "Bad Onions".
As Tor is a system run by volunteers it is possible for people to set up malicious relays. It has been used by researchers trawling for hidden services but it has become clear that the numbers of "spoiled onions" is rather higher than might be explained by purely academic research. Whether it's criminals or governments is irrelevant: what it shows is that Tor is potentially susceptible to people setting up malicious relays (including exit nodes) to unmask users.
Whilst the Tor project is taking steps to root out these spoilers it is also become apparent recently that Tor is vulnerable to attacks such as Sybil attack. The Tor project are obviously aware and so not surprisingly they are looking into how all of these potential vulnerabilities can be countered to protect users anonymity.
