'Tor is still safe,' claims the Tor Project
In September 2024, the offices of an NGO that cooperates with the anonymous communication system 'Tor' were raided by German police, and the organization's executives offered to replace them. Amid concerns that Tor's anonymity may have been violated by the authorities, the Tor Project
Is Tor still safe to use? | The Tor Project
https://blog.torproject.org/tor-is-still-safe/
Investigations in the so-called darknet: Law enforcement agencies undermine Tor anonymization | NDR.de - Fernsehen - Sendungen AZ - Panorama - Meldungen
https://www.ndr.de/fernsehen/sendungen/panorama/aktuell/Investigations-in-the-so-called-darknet-Law-enforcement-agencies-undermine-Tor-anonymisation,toreng100.html
Tor insists its safe after cops convict CSAM site admin • The Register
https://www.theregister.com/2024/09/19/tor_police_germany/
On September 18, 2024, the German television program Panorama reported that a joint investigation with YouTube investigative reporting channel STRG_F had discovered that German law enforcement agencies had begun hacking into the Tor network.
Law enforcement was reportedly able to track anonymized networks to identify Tor users using a technique called 'timing analysis,' which measures the timing of data packets.
As a result, the German Federal Criminal Office (BKA) succeeded in identifying a person named 'Andreas G,' who is said to be the administrator of the darknet child abuse pornography site 'Boystown,' which anonymized connections on the Tor network. G, who was arrested in the state of North Rhine-Westphalia, was sentenced to multiple years in prison in December 2022, but the sentence has not yet been finalized, Panorama reports.
In a blog post published on September 18, 2024 in response to this report, the Tor Project stated, 'Like many of you, we have more questions than answers, but one thing is clear: Tor users can continue to use the Tor Browser to access the web safely and anonymously, and the Tor network is alive and well,' emphasizing that the anonymity of the Tor network is still maintained.
According to the Tor Project, German police were able to uncover G's identity because he was using outdated software called 'Ricochet.'
Ricochet is a messaging app that uses Tor to anonymize data between senders and receivers, but older, discontinued versions of Ricochet lacked protection against 'guard detection attacks' that identify 'guard nodes' in the Tor network that users connect to first.
'To do traffic timing analysis, you need to compromise the guard nodes, because they're the first nodes in the Tor network, and by compromising them you can see users' IP addresses,' Bill Budington of the Electronic Frontier Foundation told The Register.
In addition, the successor app 'Ricochet-Refresh', which was forked from Ricochet, released in June 2022, version 3.0.12 and later, is said to be equipped with a feature called 'Vanguards-lite' introduced in Tor 0.4.7 to avoid guard detection attacks.
Tor users have expressed concern that the network could be overwhelmed with police nodes that would undermine their anonymity, but such an attack would require taking control of a huge number of nodes. The Tor Project has said this is not a cause for concern, stating that it has confirmed over 2,000 new exit nodes have been enabled so far.
Pavel Zonev, Tor's director of public affairs, told The Register that the allegation that the network is 'unhealthy' is simply untrue.
Related Posts:
in Web Service, Security, Posted by log1l_ks