Tor Network Denies Report That ‘Anonymity Is Completely Canceled’

The Tor Project says its network–used globally by millions of radical to anonymously browse and stock accusation online–remains harmless and unafraid contempt quality reports that German authorities were capable to de-anonymize a peculiar Tor user.

On Wednesday, the German outlets Panorama and STRG_F published an article based connected documents from a German Federal Criminal Police lawsuit that supposedly showed statistical investigation techniques done which “Tor anonymity is wholly canceled out.” The quality sparked contiguous concern among Tor users.

But the information seems to person been overstated, according to the Tor Project. In a blog post, the nonprofit enactment that maintains the Tor web said that based connected the constricted accusation provided to it by the German outlets it appears the Tor idiosyncratic successful question was lone capable to beryllium de-anonymized due to the fact that they were utilizing an outdated work that had not been updated to usage the latest information protocols.

“Please note, that for the large bulk of users worldwide that request to support their privateness portion browsing the Internet, Tor is inactive the champion solution for them,” the enactment said. “We promote Tor Browser users and relay operators to ever support bundle versions up to date.”

Tor anonymizes web postulation by routing it done a mostly random bid of servers, oregon nodes. Only the introduction node, oregon defender node, has entree to identifying accusation astir the idiosyncratic and lone the past node, oregon exit node, has accusation astir the web work the idiosyncratic is accessing. Each node successful the mediate lone knows which node it received a information packet from and which node it sent that information packet connected to.

Because immoderate Tor users instrumentality vantage of the service’s anonymity to facilitate crime, instrumentality enforcement agencies person been searching for decades for a mode to ace that privateness protocol and unmask idiosyncratic users. That has included compromising immoderate nodes and monitoring the postulation passing done them.

The German lawsuit stemmed from an probe into an online kid intersexual maltreatment web called Boystown. The Panorama study is airy connected method details, but German constabulary look to person uncovered a defender node associated with an aged Tor messaging work Boystown members were using, called Ricochet, by analyzing however agelong it took information packets to determination betwixt Tor nodes authorities had compromised and their source.

Over a agelong play of time, specified an investigation could person allowed constabulary to constrictive down the geographic portion wherever the defender node was located, said Matthew Wright, a cybersecurity prof astatine the Rochester Institute of Technology. With that information, constabulary obtained a tribunal bid forcing a telecoms supplier to place users who had connected to the fixed node.

The German probe appears to person taken spot betwixt 2019 and 2021. The Tor Project said it released caller postulation protocols successful 2018 designed to thwart specified attacks, but that the older Ricochet work had not implemented them.

“By and large, I don’t deliberation these [sorts of attacks] are large threats to Tor” fixed the caller protocols that person been disposable since 2018, Wright said. “Just similar with your telephone operating strategy oregon your computer, if you’re not updating the bundle past you’re going to beryllium susceptible to what the latest attacks are”