Mar 04 2007
Tor vulnerable?
Anyone out there use Tor? In case your not already familiar with the Tor network let me describe it simply. Tor is a virtual network within the Internet that allows users to mask their original location from the end supplier of the information. This is accomplished by packaging the information in such a way that it is routed through several servers before reaching its end location. You can find more detail (more technically accurate information) from their website at http://tor.eff.org
I’m bringing up Tor now because of an issue that came up recently regarding a paper that was published outlining a theoretical way to pierce the veil of anonymity of the Tor network. As an avid supporter of Tor, I was concerned about whether someone truly found a way to track Tor users. This paper was published on the notable tech news site slashdot.org.
Last week the Tor development community published their response on a blog. My personal opinion of their response is that they fail to really address the issue today through a software patch or a quick and dirty work around. I almost think that their assertion that they haven’t seen the attack carried out “in the wild” really doesn’t disprove the argument that such an attack is possible or already being carried out. Furthermore, by stating that these vulnerabilities have been well known for some time before the paper was published seems to reinforce my belief that they seem to want to dampen the problem.
Please don’t misunderstand me, I’m not saying that the Tor project is mismanaged (because its not) and I’m not saying that the network is vulnerable (I am not that smart) I’m merely saying I would be more comfortable if the Tor people addressed these issues in a better way. I do think the project is important for many people in the world that live in countries that are “less than free.” If you are someone living in these areas I personally would still use Tor but I would definitely pay critical attention to any news that comes out regarding additional vulnerabilities.
Also, if you have an extra buck or two please find some time to give some love back to the Tor project. Maybe with more support they’ll be able to make everyone happy; even snotty kid like me.
Powered by FireStats
Hi! I’m the person who wrote the Tor reponse (and a blogger myself, so I have alerts set up to follow how folks are responding to our response!).
The attack that the researchers in Colorado document is quite possible — just as much as, say, the possibility of someone assassinating a head of state is possible. Such attacks are generally complicated and hard to execute without detection.
The Colorado attack is a variant of an attack we’ve known about for a few years in combination with bandwidth spoofing. Their innovation was to find a way to make the attack less resource intensive to the attacker.
Since we’ve characterized this sort of attack for some years, we know how it would leave fingerprints on our directory servers, which is why we believe with reasonable certainty that it hasn’t been attempted. Perhaps the people who might have used it *haven’t* used it because we’ve also discussed how it could be detected?
That we haven’t seen the attack “in the wild” means that we believe this attack hasn’t occured outside the researchers’ lab, in a way that would endanger people actually using the Tor network.
So it *is* possible, but we don’t see how it could have been carried out.
To create a “quick and dirty” fix for this problem is not really feasible. There are basic tradeoffs of security one makes in order to have low latency — this is to say, to have fast enough network speeds for web surfing or chat.
It’s hard to respond in a blog to these issues as they come up in a way that is terse and informative. There’s a sizeable body of research on possible attacks on Tor, and because we want to be transparent — and because we want as many researchers of good will helping us solve the vulnerabilities — we don’t try to hide the vulnerabilities.
All security — whether physical or online — involves assessed risks. If you want to be anonymous *and* surf or chat *and* keep anonymity a victimless activity *and* avoid a single point of failure, Tor is certainly a good option, if not (as the Colorado folks said) the best available option.
But people should understand that no security system is invulnerable, and educating yourself on risks involved is important.
I don’t think anyone can hope to make everyone happy, but you made me happy by sending folks our way — thanks for the love!
Shava Nerad
executive director
The Tor Project