VPN Articles and News

Report Claims 81% Tor Users Can Be Identified

Tuesday, January 20th, 2015

If you are using Tor for online privacy then there is some bad news for you. As per the results published in a new research report, IP addresses of as many as 81% of Tor users can be identified. The research was conducted between 2008 and 2014 by a team headed by Professor Sambuddho Chakravarty, an alumnus of Columbia University, who has also published a series of papers on the subject.

Tor is an anonymizing tool which allows people to escape the surveillance conducted by higher authorities as well as provides a way to access location restricted content from other countries. Since Tor is totally free and provides a completely new IP address to the end users, it remains extremely popular among people who desire online privacy and wish to have more control over their online sessions. However, Professor Sambuddho’s team discovered that Tor may not be that anonymous after all since its users can be identified by exploiting Cisco’s Netflow technology. The team was able to achieve 100% decloaking rate under lab conditions and 81.4% success rate in the real world.

The Netflow technology is based on a standard networking protocol and is commonly used by Cisco and many other companies in their routers. The technology helps in network analysis and traffic decongestion by providing a reliable set of data (including IP addresses) to network administrators. Professor Chakravarty’s team used a new technique to introduce traffic deviations on the server side of the Tor network and noted that similar deviations were also observed on the client side of the network. The team verified the results by working with a large set of data, including data collected from hundreds of real Tor users, and discovered that a majority of IP addresses used in the experiment could be identified.

Professor Chakravarty also explained that Tor is vulnerable to this type of analysis because it was designed for low latency. Tor preserves several types of packet characteristics, including packet delay, to deliver an acceptable quality of traffic and as a result, it is susceptible to large scale traffic analysis attacks. He also said that the attack methodology does not require high tech or costly infrastructure so it can even be used by non-global entities to launch large scale attacks on the Tor network. As a matter of fact, the research team used a highly modified Tor server which was hosted at the Columbia University to conduct the experiment which clearly shows that such attacks can be orchestrated even by small players.

Tor has responded to the sensational disclosures made by Professor Chakravarty by saying that the tool was never designed to fight techniques like traffic confirmation in the first place. In a post published on the network’s official blog, the team behind Tor says that the current design of the network ensures that attackers who can see or measure traffic passing through it do not remain protected. The blog post also sought to reassure Tor users by saying that people using the network can be identified only if the adversary is able to measure or control a large portion of the internet itself.

January 20, 2015

Leave a Reply

Your email address will not be published. Required fields are marked *

6 + 3 =