MIT boffins identify Tor hidden services with 88 per cent accuracy Boffins from the Massachusetts Institute of Technology (MIT) have demonstrated a vulnerability in Tor which, if exploited, could lead to hidden services being identified with up to 88 per cent accuracy. Infosec bods from MIT and the Qatar Computing Research Institute (QCRI) pwned the anonymity network for a paper to be …
"This is the third time in the last few years I've heard of a way to compromise TOR's security." One could, of course, also read that as an attempt, by the powers who hate TOR, to discredit TOR as much as they can. I don't use TOR either, perhaps one should even if for no other reason than increasing the traffic assuming it will make it harder for spooks.
"That means that an adversary who lucked into the position of guard for a computer hosting a hidden service"
Right, so you have to become a HS's guard node and you can correlate it's traffic.
This is not news--correlation attacks are the always-known weakness of all low-latency anonymity routing systems. So it's 88% multiplied by what? 1%? 5%? 10% or maybe 0%? Good HS operators are aware of this issue and take steps to establish/protect/rotate safe entry guards.
But is is news and is interesting that they have found a way to improve the system.
You can only do so much. Trying to keep oneself anonymous necessarily requires inefficiency because trying to be as efficient as possible sculpts your habits into unique, identifiable shapes as cruft is cut away. You see this with Freenet. To help disguise your tracks, your activity is padded and mixed in with other people's activity and bounced around a few times. The end result is that it takes a long time to receive anything and the effective data rate's the pits.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
