Tor Doubles Down On Privacy Claims As Law Enforcement De-Anonymize Users

The Tor Project is seeking to allay fears that its veil of privacy has been pierced. A new report on German efforts to remove illicit content from the Tor network spiked fears that law enforcement had devised a way to unmask users of the service. According to the project, the attacks leveraged in the German case don't change the game, but Tor users are advised to make sure all their software is updated.

The alarm bells trace back to a case initially filed in 2021 that saw Germany's Federal Criminal Police Office (BKA) take down a child sexual abuse forum known as Boystown. German news portal Panorama has reviewed documents from the case which reveal the BKA infiltrated the Tor network to make its case against the operators of the service.

Tor is a network of encrypted computers around the world that pass connections off to multiple relays within the network. Since each node only knows the origin of the last hop and the destination of the next, your activities can be effectively anonymous. Activists and journalists regularly use Tor to evade detection by authoritarian regimes, but it's also used by online criminals like the ones hosting Boystown within the Tor network—the so-called "Dark Web."

Panorama claims that German authorities unmasked Tor users in the case using a timing attack. The BKA actually operated a large number of Tor relays and entry nodes, allowing investigators to correlate the illegal activities with the time suspects accessed the compromised nodes. This leads back to a conventional IP address, which allowed the BKA to arrest the four operators of Boystown.

According to the Tor Project, timing attacks are well-understood, and there are mitigations that can protect legitimate uses. The group also notes that one of those arrested in the German case was using an outdated Tor-based chat client with a vulnerability. Panorama highlighted the danger of having large numbers of Tor nodes operated by a small number of entities, but the project notes this case dates from 2021. Tor has grown since then, and the project has worked to remove bad relays that scrape user data.

While Tor operators claim timing attacks are harder to pull off now, they acknowledge the system is not perfect. It calls on Tor users to volunteer and contribute bandwidth to help diversify the network and keep it anonymous.