Tor: A Response to Recent De-Anonymization Concerns

Written By Bitesize Bitcoin

In response to recent reports of a de-anonymization attack targeting a user of the long-retired Ricochet application, The Tor Project has published a blog post addressing questions surrounding the safety and security of the Tor network. The investigation, which alleged that a targeted law enforcement attack de-anonymized a Tor user through an old version of Ricochet, has raised concerns within the privacy and security community. However, The Tor Project maintains that the network remains healthy and that Tor Browser continues to be a reliable tool for secure, anonymous browsing.

In the blog post authored by Isabela and Pavel from The Tor Project, they state: "Tor users can continue to use Tor Browser to access the web securely and anonymously. And the Tor Network is healthy." They emphasized that for most users around the world who need privacy while browsing, "Tor is still the best solution."

Details of the Alleged Attack

According to the Tor Project, the attack in question targeted a user of Ricochet, a retired Onion Service application, through a guard discovery method. This type of attack enables adversaries to pinpoint the user's entry point into the Tor network and, through timing analysis, track their online activity. The affected version of Ricochet did not have critical security features such as Vanguards-lite, which were introduced later to defend against these types of attacks. "This protection exists in Ricochet-Refresh, a maintained fork of the long-retired project Ricochet, since version 3.0.12 released in June of 2022," noted the blog post.

The attackers reportedly leveraged a low number of users on the compromised Guard node, alongside the victim's frequent online presence, to carry out the de-anonymization. The Tor Project believes the attack occurred between 2019 and 2021, during which time the affected user was using an outdated version of Ricochet.

Limited Information on the Case

While the Chaos Computer Club (CCC) had access to the documents related to the case, The Tor Project was not given the same level of information. Isabela and Pavel expressed frustration at the lack of clarity, stating:

"We were only provided a vague outline and asked broad clarifying questions that left us with uncertainty of the facts, and questions of our own." As a result, they are calling for more transparency from those with knowledge of the case. "We requested that anyone with additional information about the case share it with us. This would allow us to conduct our own analysis and determine the best course of action to protect our users."

The Tor Project's priority remains the safety of its users, and they stressed that they were not seeking to uncover the sources of the story, but rather to understand the facts behind the de-anonymization claim. "We continue to have an interest in obtaining more information about how Onion Services users were de-anonymized," they added.

Strengthening the Tor Network

Despite the concerns raised by the attack, the blog post reassures users that the Tor network is robust and evolving. After the period of the alleged attacks, the Network Health team flagged thousands of bad relays and worked to remove them from the network. "Our Network Health team has implemented processes to identify possible large groups of relays that are suspected to be managed by single operators and bad actors and not allow them to join the network," the authors explained.

In addition, new initiatives such as the Tor University Challenge and the launch of a network health API at DEF CON 32 have been key steps in further strengthening the Tor network. According to the project, bandwidth has significantly increased in recent years, making the network faster than ever before.

"Tor's bandwidth has actually increased substantially in recent years," they wrote.

The Need for Vigilance

The blog post underscores the importance of keeping Tor software updated to ensure maximum protection from potential threats. "We encourage all Tor users and relay operators to always keep software versions up to date," they advised. Additionally, they urged users to contribute bandwidth and relays to diversify and strengthen the network.

Isabela and Pavel also highlighted the need to address the underlying structure of the internet itself, which is still largely controlled by a small number of corporations. "Tor is still bound by the limitations of an internet ecosystem that is predominantly owned and governed by only a handful of large corporations," they noted, pointing out that Tor remains one of the few decentralized models offering privacy at scale.

If anyone has additional information regarding the de-anonymization case, they are encouraged to contact The Tor Project via security@torproject.org.

Tor remains a crucial tool in the fight for online privacy and anonymity, providing users around the world with a decentralized alternative to the heavily surveilled internet.

Read More

Articles
The IMF’s $1.4 Billion Shackle
The IMF’s $1.4 Billion Shackle
The Fine Line: Bitcoin Companies Navigating Regulation and Freedom
The Fine Line: Bitcoin Companies Navigating Regulation and Freedom
The Rapid Rise of Bitcoin Fiction
The Rapid Rise of Bitcoin Fiction
The Flaws of the Lummis Bitcoin Act.
The Flaws of the Lummis Bitcoin Act.
Uncensoring Art
Uncensoring Art
100k and Counting: The Revolution Beyond The Price
100k and Counting: The Revolution Beyond The Price
Why Fix Something That Isn't Broken?
Why Fix Something That Isn't Broken?
Inspiring Bitcoin Education With AmityAge
Inspiring Bitcoin Education With AmityAge
Bitcoin and Fixed Income
Bitcoin and Fixed Income
Think You Know Bitcoin Security?
Think You Know Bitcoin Security?
The "Fools" Golden Generation
The "Fools" Golden Generation
The Educational Mind Virus
The Educational Mind Virus
What Do People Mean When They Say “Fix the Money Fix the World”
What Do People Mean When They Say “Fix the Money Fix the World”
Bitcoin Mining Analysis: Brought to you by Pantheon Mining
Bitcoin Mining Analysis: Brought to you by Pantheon Mining
BTCPay Day 2024: Riga, Latvia
BTCPay Day 2024: Riga, Latvia
River's Report Highlights 30% Growth in Business Bitcoin Adoption in 2023
River's Report Highlights 30% Growth in Business Bitcoin Adoption in 2023
Key Hiring Trends and Top Roles August 2024
Key Hiring Trends and Top Roles August 2024
The fight for freedom: A conversation with Tony from The Bitcoin Way on resistance and sovereignty
The fight for freedom: A conversation with Tony from The Bitcoin Way on resistance and sovereignty
The Inflation Age
The Inflation Age
Bitcoin Mining Analysis: Brought to you by Pantheon Mining
Bitcoin Mining Analysis: Brought to you by Pantheon Mining
The Infiltration of Chinese Carmaker Chery into the UK Market
The Infiltration of Chinese Carmaker Chery into the UK Market
Learning Bitcoin One Step at the Time
Learning Bitcoin One Step at the Time
“I want to work in Bitcoin, but I’m not a developer!”
“I want to work in Bitcoin, but I’m not a developer!”

Latest

Bitesize Bitcoin

Previous

Wasabi Wallet v2.2.0: Taproot Receive Addresses, Free Coordinators & More
Next

German Authorities Shut Down 47 Crypto Exchanges