ARTICLE AD
The Tor Project says its network–used globally by millions of people to anonymously browse and share information online–remains safe and secure despite news reports that German authorities were able to de-anonymize a particular Tor user.
On Wednesday, the German outlets Panorama and STRG_F published an article based on documents from a German Federal Criminal Police case that supposedly showed statistical analysis techniques through which “Tor anonymity is completely canceled out.” The news sparked immediate concern among Tor users.
But the danger seems to have been overstated, according to the Tor Project. In a blog post, the nonprofit organization that maintains the Tor network said that based on the limited information provided to it by the German outlets it appears the Tor user in question was only able to be de-anonymized because they were using an outdated service that had not been updated to use the latest security protocols.
“Please note, that for the great majority of users worldwide that need to protect their privacy while browsing the Internet, Tor is still the best solution for them,” the organization said. “We encourage Tor Browser users and relay operators to always keep software versions up to date.”
Tor anonymizes web traffic by routing it through a mostly random series of servers, or nodes. Only the entry node, or guard node, has access to identifying information about the user and only the last node, or exit node, has information about the web service the user is accessing. Each node in the middle only knows which node it received a data packet from and which node it sent that data packet on to.
Because some Tor users take advantage of the service’s anonymity to facilitate crime, law enforcement agencies have been searching for decades for a way to crack that privacy protocol and unmask individual users. That has included compromising some nodes and monitoring the traffic passing through them.
The German case stemmed from an investigation into an online child sexual abuse network called Boystown. The Panorama report is light on technical details, but German police appear to have uncovered a guard node associated with an old Tor messaging service Boystown members were using, called Ricochet, by analyzing how long it took data packets to move between Tor nodes authorities had compromised and their source.
Over a long period of time, such an analysis could have allowed police to narrow down the geographic region where the guard node was located, said Matthew Wright, a cybersecurity professor at the Rochester Institute of Technology. With that information, police obtained a court order forcing a telecoms provider to identify users who had connected to the given node.
The German investigation appears to have taken place between 2019 and 2021. The Tor Project said it released new traffic protocols in 2018 designed to thwart such attacks, but that the older Ricochet service had not implemented them.
“By and large, I don’t think these [sorts of attacks] are big threats to Tor” given the new protocols that have been available since 2018, Wright said. “Just like with your phone operating system or your computer, if you’re not updating the software then you’re going to be vulnerable to what the latest attacks are”