Re: What am I missing here?
One of these "NIT" gizmos from the FBI was recently caught in the wild exploiting a 0day Firefox vulnerability. What it does is basically that it pwns you, but instead of installing ransomware or sending your banking details to Russia it simply connects to a server under FBI control (without using TOR, so it exposes your real IP address) and then sends some information about the system.
See:
https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html
https://blog.gdatasoftware.com/2016/11/29346-firefox-0-day-targeting-tor-users
This is actually a pretty darn good "grade" for the anonymity offered by TOR - that the most feasible way for the FBI to unmask a user is to compromise the user and not the network. It's essentially the best outcome you can hope for when it comes to anonymizing technology.
(The wisdom of the Tor Browser Bundle can be discussed, however)