The Tor Project is working to reassure its users after a recent report raised concerns about law enforcement efforts to deanonymize Tor users using timing attacks.
The report, published by the German portal Panorama, claims that agencies from Germany and other countries have collaborated to trace users on the Tor network, leading to the arrest of operators behind the “Boystown” child abuse platform.
Tor, a privacy-focused browser, protects users by routing their internet traffic through multiple global nodes, making it difficult to trace. It is used by journalists, activists, and those looking to bypass censorship. However, its anonymity also attracts cybercriminals, who use the network to evade law enforcement.
According to the investigative report, law enforcement agencies have employed timing analysis attacks to uncover user identities without exploiting software flaws. Instead, these attacks compare the timing of data entering and leaving the network. If attackers control several Tor nodes, they can match traffic patterns and potentially trace it back to individual users.
One concern raised in the report is the growing centralization of Tor’s network, with many of its nodes controlled by a few entities. This centralization makes timing attacks easier to execute. The report also highlighted that one user involved in the Boystown case was using an outdated version of Ricochet, an anonymous messaging app dependent on Tor, which was vulnerable to certain attacks.
Tor Project’s Response
The Tor Project expressed its frustration at not having access to the court documents referenced in the report, limiting its ability to verify the claims. Nonetheless, they issued a statement addressing the concerns, noting that the attacks described occurred between 2019 and 2021. They emphasized that since then, Tor has made significant improvements, such as increasing network size and diversity, making timing attacks much harder to pull off today.
Tor has also removed numerous bad relays and introduced initiatives to reduce network centralization. Regarding Ricochet, Tor clarified that the outdated version used by the identified user has been replaced by Ricochet-Refresh, which offers better protection against timing and guard discovery attacks.
The Tor Project continues to encourage volunteers to support the network by introducing more bandwidth and diversity, crucial for maintaining a secure and decentralized platform.
