I see a lot of HN posts about the security of Tor, but as a casual user I don't know what conclusions to draw.
Could someone who knows answer:
Is Tor currently a safe way to communicate securely and anonymously? Or: is it mostly safe, but theoretically insecure if, say, you were being targeted by the NSA? Or: Is it basically unsafe?
An exit node can see traffic between itself and the destination. This is by design; it is unavoidable. The experiment shows that some exit nodes actually are recording that traffic and extracting login credentials from it. There's nothing surprising about it. It's what we've all been suspecting for a long time.
The obvious conclusion is that you should use TLS even when you're connecting via Tor. Tor only gives you anonymity. You still need TLS for confidentiality.
Mostly your second answer. It can be regarded safe against most, if not all, non state level attackers, when used cautiously.
If you use Tor Browser and HTTPS and check how identifiable your browser is on https://panopticlick.eff.org/ you should be safe against employers, coffee shops, university administration and so on. At least as long as you don't make a mistake which reveals your identity (email reuse, etc) of course.
It get's a bit more complicated for other services besides web browsing. torsocks works well to send traffic trough tor, but providing anonymity means you have to be really sure that no identity related information is leaked.
FTA: there were about 1400 exit nodes each tested about 95 times (that's where the 100,000 number comes from). And in addition to the 16 logins, there were a number of page views without login that seem to also have come from exit nodes.
(*)This number does not show the total amount of uniquely tested exit nodes, just how many fingerprints that was tested. But every node was tested around 95 times(there's around ~1400 exit nodes).
Could someone who knows answer:
Is Tor currently a safe way to communicate securely and anonymously? Or: is it mostly safe, but theoretically insecure if, say, you were being targeted by the NSA? Or: Is it basically unsafe?