back to article Princeton boffins sniff Tor users' IDs from TCP ACKs and server sweat

Tor is regularly recommended as a vital privacy protection technology, and just as regularly, researchers discover ways to de-anonymise users, and the latest of these has just hit Arxiv. The research, led by boffins from Princeton, demonstrates ways to de-anonymise Tor users with access to just one end of a communication path …

Silver badge

BGP

I wonder how little or how much the recent BGP problems are related this type of attack? Off the wall association, I know, but....

0
0
Silver badge

Mitigation Methods

Hasn't this technique been known 'in theory' for a while? If I remember correctly, a mitigation method would be for the Tor server to buffer data packets and then 'stutter' the timing in a random way, even allowing a recent packet to be relayed on before a previous packet. (I might be getting this mixed up with something else).

6
0
Silver badge

Re: Mitigation Methods

"Stutter" doesn't help much, simple techniques like analysing moving averages of packet flows could still be used to correlate the traffic flowing in and out of the network. The kind of latency that would need to be introduced to counter this would render Tor pretty well unusable for browsing.

2
0
Silver badge

"Boffins confirm what Tor has said all along"

Not as exciting a headline maybe, but really this is just a specific set of examples of a traffic analysis attack that Tor doesn't claim to defend against - that where the attacker has access to traffic at both ends of the connection. Tor is quite upfront about this on their website, blog etc.

11
0
Holmes

Re: "Boffins confirm what Tor has said all along"

Couldn't have stated this more plainly. If they can sniff both ends, there's little anyone can do to shield themselves once the captures have a critical mass of packets.

3
0
Silver badge

Re: "Boffins confirm what Tor has said all along"

Yup. Whilst it's good to see research still being aimed at Tor, the headline makes it sound like a brand new attack vector has been achieved, rather than further confirmation of a known threat.

1
0
Anonymous Coward

What if you use Tor over an anonymous VPN with different exit nodes for each session, would this type of attack still work?

0
0

TOR is a rather better VPN than most VPNs! A 2009 study compared various anonymity systems. VPNs in general came up short. Presumably you are envisaging using a commercial VPN to connect to the entry node to obfuscate things further - then it depends on assumptions - the most significant being that those wishing to deanonymise users haven't already backdoored or are actively monitoring the VPN.

Using a VPN with TOR is a bit like putting a layer of 64bit encryption on something already encrypted with 4096 bit encryption. It's better, but the effort to deanonymise the VPN traffic will be a lot less than the effort to deanonymise TOR traffic.

1
0
Anonymous Coward

Surprise

Not so ASSnonymous as they thought.

0
3

Presumably

This can only be used if the Tor user is accessing the clearnet through Tor.

How does this affect people accessing onion sites.

Obviously if someone has been led to a honeypot site with a clearnet image in it this applies, but if everything is contained within the Tor network exit nodes become a moot point.

Any sane person needing hard security would most likely use two layers of protection at least surely. I.e. a free SSH tunnel through the Tor network?

Actually, is this really news?

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017