So you thought you were safe from prying eyes thanks to the Tor network? Well, think again. According to Andy Malone, head of Microsoft’s Enterprise Security, Tor doesn’t provide anything like the kind of anonymity it’s supposed to, and can be compromised by both government agencies and determined cybercriminals.

First designed in 2002, Tor was developed as a means for web users in ‘oppressive’ countries to sidestep any state monitoring or censorship on the web by masking their IP. The software-enabled service essentially ‘bounces’ your traffic through several servers scattered around the world, re-routing IP streams and masking other identifiers from the IP/TCP data transmissions.

Tor was believed to be truly anonymous, but RT News quotes Malone as saying that’s far from the truth. “There is no such thing as really being anonymous on the internet. If [hackers and government agencies] want you, they will get you,” he said at Microsoft’s TechEd North America event last week.

“At the moment the Tor network’s security has never been broken, but there are flaws around it that can be exploited,” he continued. “Tor leaks do occur through third-party apps and add-ons, like Flash. If I was doing forensics on you and thought you were on Tor I wouldn’t attack the network I’d attack the weak areas around it.”

Malone went on to highlight a number of ways in which government agencies like the NSA and hackers could snoop on Tor users.

“You can get people on Tor in a variety of ways. You could do a time attack, which involves catching traffic between relays,” he said. “You could also do entry and exit monitoring, which involves dropping a zero-day on the actual machine accessing Tor or hosting an exit node and monitoring what’s going in or out of it.”

Even worse, Malone says that government agencies are actively working on ways to break the Tor network completely so they can monitor its users.

“I work with, and issue recommendations for, law enforcement and I’m telling you now, the dark web is heavily monitored. The NSA and GCHQ are already monitoring hundreds of Tor relays and exit nodes and trying to find ways to break the network down,” he warned. “Many of the unindexed sites you see on Tor also have honey pots set up by law enforcement to monitor and catch the bad people accessing the dark stuff.”

Malone’s warning comes following a report from web security firm Kaspersky in March, which said that cybercriminals are planning to use Tor’s anonymity to their advantage and launch a wave of “advanced cyberattacks”.

Although Tor is often used for illicit purposes, such as accessing sites on the Dark Web to buy illegal drugs and view pornography, there are many legitimate businesses and individuals that rely on it too. The use of encryption has risen enormously since Ed Snowden first revealed the extent of the NSA’s monitoring programs. Numerous websites, including Google, have switched to encrypting their traffic with SSL by default, while Tor itself counts around 60,000 to 80,000 users a day, according to Malone.