[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Building a new Tor that can resist next-generation state surveillance

Tor is an imperfect privacy platform. Ars meets the researchers trying
to replace it.

ince Edward Snowden stepped into the limelight from a hotel room in
Hong Kong three years ago, use of the Tor anonymity network has grown
massively. Journalists and activists have embraced the anonymity the
network provides as a way to evade the mass surveillance under which
we all now live, while citizens in countries with restrictive Internet
censorship, like Turkey or Saudi Arabia, have turned to Tor in order
to circumvent national firewalls. Law enforcement has been less
enthusiastic, worrying that online anonymity also enables criminal

Tor's growth in users has not gone unnoticed, and today the network
first dubbed "The Onion Router" is under constant strain from those
wishing to identify anonymous Web users. The NSA and GCHQ have been
studying Tor for a decade, looking for ways to penetrate online
anonymity, at least according to these Snowden docs. In 2014, the US
government paid Carnegie Mellon University to run a series of poisoned
Tor relays to de-anonymise Tor users. A 2015 research paper outlined
an attack effective, under certain circumstances, at decloaking Tor
hidden services (now rebranded as "onion services"). Most recently,
110 poisoned Tor hidden service directories were discovered probing
.onion sites for vulnerabilities, most likely in an attempt to
de-anonymise both the servers and their visitors.

Enlarge / Who can forget the now-famous "Tor stinks" slide that was
part of the Snowden trove of leaked docs.

Cracks are beginning to show; a 2013 analysis by researchers at the US
Naval Research Laboratory (NRL), who helped develop Tor in the first
place, concluded that "80 percent of all types of users may be
de-anonymised by a relatively moderate Tor-relay adversary within six

Despite this conclusion, the lead author of that research, Aaron
Johnson of the NRL, tells Ars he would not describe Tor as broken—the
issue is rather that it was never designed to be secure against the
world’s most powerful adversaries in the first place.

"It may be that people's threat models have changed, and it's no
longer appropriate for what they might have used it for years ago," he
explains. "Tor hasn't changed, it's the world that's changed."

[continues with analysis and new tech examples for many pages...]