Tor says it’s "still safe" amid reports of police deanonymizing users (www.bleepingcomputer.com)

submitted 12 hours ago by KarnaSubarna@lemmy.ml to c/privacy@lemmy.ml

17 comments fedilink hide all child comments

top 17 comments

sorted by: hot top controversial new old

[-] ExtremeDullard@lemmy.sdf.org 8 points 3 hours ago

The TOR network itself is safe - at least assuming the TLAs don't control at least half of the nodes, which is far from impossible. But let's assume...

The weak point comes from the browser: that's how the fuzz deanonymizes users. The only safe browser to use on TOR is the TOR browser, and that's the problem: it disables so many unsafe functionalities that it's essentially unusable on a lot of websites. So people use regular browsers over TOR, the browser leaks identifying data and that's how they get caught.

[-] MigratingtoLemmy@lemmy.world 16 points 7 hours ago

If I understand correctly, stream isolation will route different connections through different circuits. If you're doing two different things of a sensitive nature, open different browsers and applications, use random user-induced delays in your actions/responses and PGP-encrypt everything. And listen to what the TOR project says about the mitigations. I have some reading to do myself I guess

[-] ShortN0te@lemmy.ml 36 points 12 hours ago

This attack has been known for years now. And tor is simply not able to defend against it without a complete redesign.

[-] orcrist@lemm.ee 15 points 4 hours ago

The potential for timing attacks has been known since the beginning of Tor. In other words, more than a decade. But that doesn't mean you can't defend against it. One way to defend against it is by having more nodes. Another way is to write clients that take into account the potential for timing attacks. Both of these were specifically mentioned in the article.

Based on what was in the article and what's in the history books, I'm not sure how to interpret your comment in a constructive way. Is there anything more specific you meant, that isn't contradicted by what's in the article?

[-] ShortN0te@lemmy.ml 2 points 1 hour ago

Yes, sorry i worded it incorrectly you can try to make it harder but timing attacks are still possible.

Nope, just a summary that this is just old news. There is nothing new in the article.

[-] EherNicht@feddit.org 11 points 8 hours ago

Redesign being I2P

[-] ShortN0te@lemmy.ml 0 points 1 hour ago* (last edited 1 hour ago)

Nope, I2P is still vulnerable to timing attacks. https://en.m.wikipedia.org/wiki/Garlic_routing

[-] C126@sh.itjust.works 2 points 1 hour ago

You linked an article that doesn't say anything to back up your claim. Why do you say i2p is vulnerable to timing attacks?

[-] ShortN0te@lemmy.ml 1 points 39 minutes ago

Garlic routing[1] is a variant of onion routing that encrypts multiple messages together to make it more difficult[2] for attackers to perform traffic analysis and to increase the speed of data transfer.[3]

First sentence. Check up the linked article as source.

[-] EherNicht@feddit.org -1 points 1 hour ago

I would also like to see prove for your claim.

[-] ShortN0te@lemmy.ml 1 points 40 minutes ago

Garlic routing[1] is a variant of onion routing that encrypts multiple messages together to make it more difficult[2] for attackers to perform traffic analysis and to increase the speed of data transfer.[3]

First sentence. Check up the linked article as source.

[-] autonomoususer@lemmy.world 8 points 12 hours ago

What else you going to use?

[-] Prunebutt@slrpnk.net 21 points 10 hours ago

I wish more people would try out I2P as a result. AFAIK, garlic routing makes this kind of attack impossible.

[-] SplashJackson@lemmy.ca 7 points 8 hours ago

Insane 2lown Posse?

[-] Prunebutt@slrpnk.net 2 points 3 hours ago

https://en.m.wikipedia.org/wiki/I2P

[-] ShortN0te@lemmy.ml 6 points 10 hours ago

AFAIK it only makes it harder not impossible.

[-] Prunebutt@slrpnk.net 1 points 3 hours ago

At least they can't utili'e the applied tactic to host their own node.

this post was submitted on 20 Sep 2024

91 points (96.0% liked)

Privacy

31275 readers

674 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS