Tor, or “The Onion Router” as it was originally known, is used around the world as an anonymity network. It provides a private method of communication for journalists, those living under authoritarian governments, and people who are just up to some shady stuff. While Tor is still the most robust form of online anonymity we have, it’s not bulletproof as the repeated takedown of The Silk Road and other law enforcement actions have shown. Now, two computer scientists say they’ve uncovered snoops inside the Tor network that may be listening in on what you’re doing.
Tor works by bouncing your connection between multiple encrypted nodes or “relays” before you reach your destination. Your identity is preserved on Tor because the relays are all encrypted, and only know where a connection just was and where it’s going next. After a few jumps, your true location is lost. When you pop out of Tor onto the open Internet at the other side, all that server can tell is that you came from a Tor exit node.
Security researchers (and indeed, law enforcement) have worked out a number of theoretical ways to attack Tor. This might involve taking over a significant number of nodes, which are just computers and servers around the world, to crack anonymity. Or it may involve simply monitoring the time that connections enter and exit Tor as a way to correlate the anonymized endpoint with a known starting location. The issue spotted by Amirali Sanatinia and Guevara Noubir from Northeastern University seems to be a more modest kind of snooping, but there’s plenty of it going on.
The researchers report that 110 live nodes in Tor are “misbehaving” by collecting data on the connections that pass through it. The purpose of this collection is unclear, and there seems to be some variation in what the nodes are collecting. Some are much more sophisticated and are pulling in data that could be used to identify users. Others seem to just be tracking statistics. The most likely scenario is that some computer science researchers are running studies on Tor, which involve collecting some data. At the same time, law enforcement is running similar nodes that are trying to unmask users of illegal “hidden services” that are hosted in Tor. The Silk Road was one such hidden service.
The researchers are set to detail their investigation at a hacking conference in August. For its part, the Tor Foundation says it is aware of the compromised nodes discussed by the researchers. A future version of the system should be able to lock these nodes out. Still, don’t go along assuming that Tor is completely private just because it’s usually private.