Tor Is Less Anonymous Than You Think

The Tor network has been getting a lot of attention lately. About two weeks ago, the number of users on the anonymous network mysteriously doubled, hitting a record high. No one is sure why. Maybe the uptick is from people downloading The Pirate Bay's new Tor-powered browser? Maybe a result of recent web censorship by the Russian government? Or maybe it's because more people are wising up to the fact that the US government can monitor their every online move?

Unfortunately, the privacy-minded web denizens turning to Tor to protect their anonymity should think twice. So says a new report from the US Naval Research Laboratory and Georgetown University in Washington DC called "Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries."

Computer scientists took the most thorough look to date at the vulnerability of the Tor network and found it's far less secure than most people believe. In fact, it's not very hard to reveal the majority of users' identities if an attacker is willing to put in the time and effort, according to the Register. And it's even easier for groups that wield a lot of control over the internet, like corporations, intelligence agencies, or countries.

The fact that Tor isn't 100 percent anonymous is no shocker. The Tor Project admits as much on its website, and for years hackers have known of Tor's traffic correlation problem. Essentially, even though connections are encrypted once you're in the onion network, it's possible for snoopers to see where traffic enters and exits the network, and from there, it's possible to connect the dots and identify the user and the user's destination.

What's interesting about this study is its focus on realistic possible attacks from groups that control one or many internet routers. To get technical for a minute: Information travels through the encrypted layers of the Tor network through Internet Exchange Points (IXPs) or autonomous systems (ASes) that control multiple routers, such as ISPs. Since attackers can theoretically see exit or entrance traffic on any of the routers they control, logically, the more points of control, the faster and easier it is to expose users' identity.

Hypothetically, a state-sponsored cyberattacker could control all of the routers in the country. I'd venture to guess the study, which was part funded by DARPA, is interested in exploring potential cyberattacks from foreign governments. That said, US intelligence agencies certainly have more than a few routers at their exposure. "Such an adversary is highly relevant in today's setting in which many large organizations control multiple ASes or IXPs," the researchers wrote. (I reached out to the study authors to find out who this could be possible for, and will update when I hear back.)

What it boils down to is bad news for the more important uses of the dark net: political dissidents hiding from state censorship, journalists protecting sources, whistleblowers trying to escape exposure, or savvy citizens avoiding government surveillance.

What's worse, not only can the NSA identify a Tor user if it so desired, it could be more likely to target you if you're using Tor or other encryption services, because your unknown location could be outside the US, a secret document published by the Guardian revealed.

The FBI's big child porn bust this summer also raised some suspicion from privacy advocates over how easy it is for the Feds to infiltrate Tor. The FBI managed to crack the anonymous network by injecting malware into the browser, in order to identify what it called "the "largest child porn facilitator on the planet." In the process, the malware revealed the IP addresses of hundreds of users.

So, how bad is the security risk? The study found that even if an attacker had no control routers, 80 percent of Tor users could be de-anonymized within six months. With control of one AS, nearly 100 percent of users were likely to be uncovered, within three months. With two, it could take just one day.

"These results are somewhat gloomy for the current security of the Tor network," researchers wrote, adding that "Current users of Tor should carefully consider if it meets their security needs."

To quantify the risk, the researchers used a Tor path simulator (now on github) and used algorithms to map out the likely interference points on paths throughout the network. The study, which will be presented in November at the Conference on Computer and Communications Security in Berlin, found that the longer a user stays on the network, the higher the chance of exposure.

Information traveling through the Tor network is bounced around all over the place before emerging at its end destination. Instead of taking a direct route from source to destination, data packets take a random pathway through several relays—individual nodes that don't know the complete path of the route, so at any single point an observer can't tell where the data came from or where it's going. There are some 3,000 of these connection and redistribution points around the world.

"The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you," the Tor Project explains. The data then exits the network at a random exit relay before hitting the destination.

In that way, the recent surge of new Tor users, whatever the reason, could do a lot to boost security. The more people on the network, the more volunteers there are to host a relay or exit relay, the harder it is for a would-be attacker to trace and expose the identity of an individual user.