Fixxx
Moder
- Joined
- 20.08.24
- Messages
- 266
- Reaction score
- 488
- Points
- 63
The Bastion of Online Anonymity, but not a Guarantee of Complete Privacy.
The desire to remain anonymous online has existed as long as the Internet itself. In the past, users believed that hiding behind a nickname allowed them to post nasty comments about their neighbors on local forums without anyone finding out. Nowadays, such trolls can be identified in no time. Since then, technology has made a quantum leap: distributed networks, anonymous browsers and various tools for personal privacy have emerged. One of these tools, Tor Browser, was notably promoted a decade ago by former NSA agent Edward Snowden. But can Tor provide complete anonymity today?
How Tor Users Are De-anonymized?
In short, the anonymization of Tor user's traffic is achieved through a distributed network of servers known as nodes. All network traffic is encrypted multiple times as it passes through several network nodes on its way between two communicating computers. No single node knows both the address of the data packet's sender and the address of the recipient and the content of the packet is also inaccessible to the nodes. Now that this brief overview is complete, let’s focus on the real security threats facing advocates of anonymous Internet use. In September, German intelligence agencies identified one of the Tor users. How did they manage this? The key to de-anonymization was data obtained through so-called temporal analysis.
How Does This Analysis Work?
Law enforcement monitors Tor exit nodes. The more nodes in the Tor network that are monitored by authorities, the higher the likelihood that a user hiding their connection will use one of the monitored nodes. By timing individual data packets and correlating this information with data from providers, anonymous connections can be traced back to the end user of Tor, even though all traffic in the Tor network is encrypted multiple times. The operation that led to the discovery and arrest of the administrator of a pedophile platform was made possible in part because Germany has a record number of Tor exit nodes - around 700. The Netherlands comes in second (about 400 exit nodes), followed by the United States (approximately 350 nodes). In other countries, the number of exit nodes ranges from a handful to several dozen. In this case of de-anonymizing, international cooperation among these countries (leaders in the number of exit nodes) played a significant role. It's logical to assume that the more nodes a country has, the more can be controlled by the state, thus increasing the likelihood of capturing criminals.
Germany and the Netherlands are among the leaders in the number of Tor exit nodes, not only in Europe but worldwide.
Representatives of the Tor Project responded to this incident with a blog post discussing whether it's safe to use their browser. They concluded that it's safe: the de-anonymized individual was a criminal who was using an outdated version of Tor and the Ricochet messenger. However, Tor noted that they hadn't been granted access to the case documents, so their interpretation regarding the safety of their browser may not be definitive. Such incidents are not new; the issue of timing attacks has long been known to both Tor representatives and global intelligence agencies, as well as researchers. Therefore, despite the widespread awareness of these attacks, they remain possible and it's likely that more criminals will be identified through temporal analysis in the future.
"In general, absolute anonymity is impossible to achieve even with Tor".
This phrase begins the section "Can Tor Provide Me with Complete Anonymity?" on the Tor Browser support page. The developers provide tips that can only increase the chances of anonymity:
- Be mindful of the information you provide. Users are advised not to log into personal social media accounts, not to post their real names, email addresses, phone numbers or other similar information on forums.
- Don't use torrents through Tor. Torrent programs often ignore proxy settings and prefer direct connections, which can de-anonymize all traffic, including Tor.
- Don't install or enable browser extensions. This advice can also apply to regular browsers, which often have many dangerous extensions.
- Use HTTPS versions of websites. This recommendation is applicable to all Internet users.
- While online, don't open documents downloaded through Tor. Such documents, the Tor Project warns, may contain malicious exploits.
Conclusion.
It's important to keep in mind that Tor Browser cannot guarantee 100% anonymity. Moreover, switching to other solutions built on a similar model (with a distributed network of nodes) is pointless - timing attacks can be applied to all of them. If you are a law-abiding citizen using anonymous browsing to escape intrusive contextual advertising, secretly pick gifts for loved ones or for other similar purposes, then the incognito mode in any traditional browser may suffice for you. This tool, of course, will not provide the same level of anonymity as Tor and its counterparts, but it will make your Internet surfing a bit more private. Just make sure you understand how this mode works in different browsers, what it can protect you from and what it cannot.