[guardian-dev] 81% of Tor users can be de-anonymised by analysing router information, research indicates

Josh Steiner josh at vitriolix.com
Fri Nov 14 15:25:56 EST 2014

Well this certainly is a scary headline, anyone in the know have any
comment or seen any good responses yet?


Research undertaken between 2008 and 2014 suggests that more than 81%
of Tor clients can be ‘de-anonymised’ – their originating IP addresses
revealed – by exploiting the ‘Netflow’ technology that Cisco has built
into its router protocols, and similar traffic analysis software
running by default in the hardware of other manufacturers.

Professor Sambuddho Chakravarty, a former researcher at Columbia
University’s Network Security Lab and now researching Network
Anonymity and Privacy at the Indraprastha Institute of Information
Technology in Delhi, has co-published a series of papers over the last
six years outlining the attack vector, and claims a 100% ‘decloaking’
success rate under laboratory conditions, and 81.4% in the actual
wilds of the Tor network.

Chakravarty’s technique [PDF] involves introducing disturbances in the
highly-regulated environs of Onion Router protocols using a modified
public Tor server running on Linux - hosted at the time at Columbia
University. His work on large-scale traffic analysis attacks in the
Tor environment has convinced him that a well-resourced organisation
could achieve an extremely high capacity to de-anonymise Tor traffic
on an ad hoc basis – but also that one would not necessarily need the
resources of a nation state to do so, stating that a single AS
(Autonomous System) could monitor more than 39% of randomly-generated
Tor circuits.


More information about the Guardian-dev mailing list